views:

376

answers:

2

I'm looking at moving my application from using active directory membership provider to using sql server provider. The main hiccup we are looking at is no being able to retrieve the user passwords from AD. Does anybody have any ideas? Anybody think I should just leave AD alone?

+1  A: 

You will not be able to retrieve passwords from AD - by design and for security reasons. You can check your credentials (username and password the user has entered) against AD - but you cannot extract the passwords from AD - no can do.

To check the credentials, you can use the "ValidateUser" method on the ActiveDirectoryMembershipProvider in .NET - this will tell if you a username/password is valid.

Cheers, Marc

marc_s
A: 

Ah, sorry - I just see you wanted to move away from the ActiveDirectoryMembershipProvider (begs the question: why??).

If you have your own repository of users in the SqlMembershipProvider, you'll have to store, manage, and validate your own passwords, obviously. Again - you cannot retrieve them from AD, you'd have to have all users come by and enter them again into your own SQL server store. Then call the ValidateUser on your SqlMembershipProvider to validate a user's credentials.

But again: if you have AD in place - why move away from the ActiveDirectoryMembershipProvider in the first place??

Marc

marc_s