views:

234

answers:

1

Our web applications are using LDAP Membership Provider to authenticate and register users in Active Directory. In order to allow users to provide usernames that exist in other applications, we need to add a prefix in its username and it should be as transparent and painless as possible.

What I need is a way to extend the LDAP Membership Provider to be able to add (concatenate) a prefix to the username just before Membership authenticate or register it. For example, if user input is "JohnS" in application 1... I want to authenticate: "App1_JohnS".

How could I extend the membership to accomplish this? Any idea what is triggered just before authenticate and register (create user)?

Update: Each web app has an "OU" in AD where create users to and authenticate from. But as it is just ONE Active Directory Controller the usernames must be unique. We need to solve this issue using Membership providers and not adding more ADs.

A: 

when you build your search query string, why don't you append the prefix to the DN (or Uid) you're searching for?

If you're stuck with an application you cannot modify, then I suggest using AD groups for the functionality - you authenticate against AD using a single user account. You can then retrieve all the properties for it, if the user has a group set then grant access to the appropriate application.

Modifying which groups a user is in is a trivial matter for your AD administrator, or you can do it yourself if you have write access to the directory.

gbjbaanb