tags:

views:

233

answers:

2
Q: 

Active Directory Membership Provider - how to expand on this?

I'm working on getting an MVC app up and running via AD Membership Provider and I'm having some issues figuring this out. I have a base configuration setup and working when I login as [email protected] + password.

   <connectionStrings>
      <add name="MyConnString" connectionString="LDAP://domaincontroller/OU=Product Users,DC=my,DC=domain,DC=com" />
   </connectionStrings>

  <membership defaultProvider="MyProvider">
     <providers>
        <clear />
        <add name="MyProvider" connectionStringName="MyConnString"
             connectionUsername="my.domain.com\service_account"
             connectionPassword="biguglypassword"
             type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
     </providers>
  </membership>

However, I'd LIKE to do some other things and I'm not sure how to go about them.

  1. Login without typing the domain (i.e. the "@my.domain.com"). I realize that this could only work if I limit myself to just one domain - that's fine.
  2. Organize users in up to N different OUs within a single OU. As you can tell from my current connection string, I'm authenticating users in my Product Users OU. I would LIKE to create OUs for various companies within this OU and put the users into those OUs. How can I authenticate across all of these different OUs?
  3. I'm trying to figure out how the Active Directory Membership Provider ties in with the Profile and Role providers. Are there AD versions of those too or am I stuck with SQL, home-grown, or finding something somebody else has coded up?

Many thanks!!

+1  A: 

In response to point 3:

I answered a similar question about this a while back: "How can i implement a role-hierarchy in an asp.net mvc app using activedirectorymembershipprovider".

Basically, MS don't supply a role or profile provider that talk to AD, but other people have written some code, for example the Active Directory Role Provider on CodePlex, I'm sure there are profile providers as well.

Zhaph - Ben Duguid  2010-05-13 10:01:41
Hmm, that codeplex project seems abandoned and has no releases available for download. Could have some useful code, but I'm not sure I want to blindly take that and use it in production. The codeproject.com option looks more viable. I think my answer is going to be "let's try not to use AD for this", if possible. Or if I do, then use it for a simple scenario and nothing too complex. Thanks!
Jaxidian  2010-05-13 15:36:31
Personally, I prefer it as source rather than a release that I can "blindly take and use in production" ;) At least that way I'll probably actually give the code a quick once over, whereas with a dll I might not open up reflector to see what's going on inside unless I can't work out how to use it :(
Zhaph - Ben Duguid  2010-05-13 16:24:24
I see where you're coming from, but I don't want to home-brew everything we use. It sure is nice to be able to buy maintained products and just depend on them. Additionally, I'm just not sure how valuable it is for me to ramp up and learn what I need to learn in order to determine if that source is good or not. After all, AD is by far NOT my expertise and learning it is not the most exciting idea I've ever had...
Jaxidian  2010-05-13 17:33:00
I totally agree with the buy not rewrite option - and yes often it's better to let someone else get into the nitty gritty of the details :) That said, it might not be exciting, but looking around, it might be a valuable skill to have ;)
Zhaph - Ben Duguid  2010-05-13 19:12:37
Pretty much any skill is valuable to have. This one, however, is very far down on the totem pole on my value system. ;-)
Jaxidian  2010-05-13 19:39:18
A: 

For item #1, I found my answer. I need to add attributeMapUsername="sAMAccountName"

    <add name="MyProvider" connectionStringName="MyConnString"
         attributeMapUsername="sAMAccountName"
         connectionUsername="my.domain.com\service_account"
         connectionPassword="biguglypassword"
         type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
Jaxidian  2010-05-13 16:15:25

related questions

Querying Active Directory with "SQL"?
Can I get more than 1000 records from a DirectorySearcher in Asp.Net?
How to get AD User Groups for user in Asp.Net?
Attempting to update a user's "connect to:" home directory path in AD using C#
Monitoring group membership in Active Directory more efficiently (C# .NET)
How do I speed up data retrieval from .NET AD within ColdFusion
How do you authenticate against an Active Directory server using Spring Security?
Managing large user databases for single-signon.
Move Active Directory Group to Another OU using Powershell
How to move SharePoint sites from one active directory domain to another?
When did I last talk to my Domain Server?
Using ActiveDirectoryMembershipProvider with two domain controllers
I am having trouble getting phpBB to authenticate with our Active Directory
How do I use ADAM to run unit tests?
COMException "Library not registered." while using System.DirectoryServices
Caching Active Directory Data
Windows / Active Directory - User / Groups
Get a list of available domains (NT4 and Active Directory)
How do I use NTLM authentication with Active Directory
I/O permission settings using .net installer
quoting System.DirectoryServices.ResultPropertyCollection
How do you impersonate an Active Directory user in Powershell?
Setting Group Type for new Active Directory Entry in VB.NET
Is there a way for MS Access to grab the current Active Directory user?
Checklist for IIS 6/ASP.NET Windows Authentication?