tags:

views:

43

answers:

2
+2  Q: 

ActiveDirectoryMembershipProvider not accepting FQDN

We are trying to set up the ActiveDirectoryMemebershipProvider for an ASP.NET intranet application that is supposed to automatically sign the users into the application when it is accessed in the browser.

However the browser is sending the FQDN (MYDOMAIN\some.user) to the server and the ActiveDirectoryMemebershipProvider seems not to be able to be able to find the user based on the FQDN. However when we test the provider manually from code we found that if we try just the user name (some.user) the provider seems to be able to find the user.

Is there any setting or anything we can use to make the provider skip the domain part sent from the browser ?

Cheers!

A: 

Try setting atttributeMapUsername if you haven't and let me know if that works for you. When I didn't set this I had to specify my users in [email protected] format.

My Web.config

    <add name="MyADMembershipProvider"
         type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString"
         attributeMapUsername="sAMAccountName"
         enablePasswordReset="false" maxInvalidPasswordAttempts="1" passwordAttemptWindow="15" 
         passwordAnswerAttemptLockoutDuration="1" minRequiredNonalphanumericCharacters="0" attributeMapEmail="mail"
         />
ryan  2010-08-02 18:23:04
Hi there and thanks for the reply. We're trying to use automatic log on, the browser sends the username to the server. As far as we have gathered IE will send the username in the format MYDOMAIN\my.username. This does not seem to be accepted by the ActiveDirectoryMembershipProvider. At least it does not find any users that way. I tried the attributeMapUsername sett to sAMAccountName but it did not seem to help much
flalar  2010-08-03 07:28:30
Can I see your code? Are you using IIS's settings for the authentication? You can select windows users authentication and disable anonymous users which is what we do here sometimes. With that you can pull the users login from the CGI variables, format it as needed, and run it through your authentication routine.
ryan  2010-08-03 11:04:27
A: 

In IIS, go to the properties of the website and set the default domain to "\". Not sure which version of IIS you are using so if IIS resets this on you, the other way to accomplish this is to simply prepend the domain part so that it is added automatically?

Is this a custom app you are using or a product? Trying to understand why it is working from code but not from app. If you wrote the app, I assume you can change it to mimic your code. If you did not write the app, what is it? The app (such as OWA or SharePoint) may have a custom way it wants this done.

nelsonwebs  2010-08-07 13:53:28

related questions

Querying Active Directory with "SQL"?
Can I get more than 1000 records from a DirectorySearcher in Asp.Net?
How to get AD User Groups for user in Asp.Net?
Attempting to update a user's "connect to:" home directory path in AD using C#
Monitoring group membership in Active Directory more efficiently (C# .NET)
How do I speed up data retrieval from .NET AD within ColdFusion
How do you authenticate against an Active Directory server using Spring Security?
Managing large user databases for single-signon.
Move Active Directory Group to Another OU using Powershell
How to move SharePoint sites from one active directory domain to another?
When did I last talk to my Domain Server?
Using ActiveDirectoryMembershipProvider with two domain controllers
I am having trouble getting phpBB to authenticate with our Active Directory
How do I use ADAM to run unit tests?
COMException "Library not registered." while using System.DirectoryServices
Caching Active Directory Data
Windows / Active Directory - User / Groups
Get a list of available domains (NT4 and Active Directory)
How do I use NTLM authentication with Active Directory
I/O permission settings using .net installer
quoting System.DirectoryServices.ResultPropertyCollection
How do you impersonate an Active Directory user in Powershell?
Setting Group Type for new Active Directory Entry in VB.NET
Is there a way for MS Access to grab the current Active Directory user?
Checklist for IIS 6/ASP.NET Windows Authentication?