AD LDS w/ ASP.NET form authentication

Question

Hi there,

I am gettin this exception:

Parser Error Message: The container specified in the connection string does not exist

And here`s my case:

I have an WebApp with 2 pages Default.aspx & Login.aspx. The later contains a login control. The application is configured to work with and AD LDS instance as a membership store.

Here are some sections of interest in the web.config

  <authentication mode="Forms">
    <forms name=".AuthCookie" loginUrl="Login.aspx" timeout="10" />
  </authentication>
  <authorization>
    <deny users="?" />
    <allow users="*" />
  </authorization>
  <membership defaultProvider="MyDSProvider">
    <providers>
      <add name="MyDSProvider" 
           type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
           applicationName="ADSecWebApp"
           connectionStringName="MyDSConn"
           connectionUsername="CN=Admin,CN=Users,CN=MyOrg,DC=MyDomain,C=CA"
           connectionPassword="Welcome1"
           connectionProtection="None"
           />
    </providers>
  </membership>

Then I installed an instance of AD LDS on my machine.

The AD LDS is configured as to have one application partition "CN=MyOrg,DC=MyDomain,C=CA".

Under this partition I created a container "CN=Users,CN=MyOrg,DC=MyDomain,C=CA"

Under this container I created two users: Admin & JohnS. Both were enabled and set up with passwords ("Welcome1" in case of "Admin")

Moreover the Admin was configured as a member of "CN=Administrators,CN=Roles,CN=MyOrg,DC=MyDomain,C=CA" (I found some articles on the net suggesting that when using connectionProtection="None" in ADMembershipProvider config section then and Windows account cannot be used, instead an AD account should be employed that has adminstration privileges on the AD instance used to connect to.)

Furthermore I have Windows 7, IIS7, VS 2008 SP1, .NET 3.5

Can someone give me some hints on what is wrong? I did research a lot, solved errors one by one, but it seems I got stuck with this one.

I would also appreciate some explanation about why is that in case I am given a solution cause I am a newbie.

Thanks in advance

Iulian

Answer 1

With a help from a co-worker I found what was the problem. Apparently when I added my Admin AD user to AD Administors Role (=> CN-Roles => CN-Administrators => Properties => select {member} => click Add DN => add my Admin user) I missed to save them or something else went wrong; either way my Admin user wasn't saved as Administrators member.

I used ldp.exe to find the cause of the problem: in a sense that I was able to connect to my instance and then to bind the session to my CN=Admin user, although I couldn't see anything in the tree view which hinted us that the CN=Admin it is still not an Administrator.

One more thing that was left out: I had to set the userPrincipalName of the account that I wanted to log into my secure webapp, cause the name I used when creating the AD account CN=JohnS is not actually used by the ActiveDirectoryMembershipProvider when validating the user. I used an email like name, [email protected] for userPrincipalName and this is what actually one should use to log onto web application.

After all these, everything went fine with my AD LDS & ASP.NET forms-authentication sample.

Hopefully someone else will find this useful.

Thanks

Iulian