Active Directory Membership Provider Integration
In order to use the Active Directory Membership Provider, you need complete the following steps:
- Update ~/config/appSettings.config:
<add key="EnableMembershipIntegration" value="true" />
The key is already defined. You just need to set the value to "true"
- Provide the necessary AD connection information (info taken from http://blogs.msdn.com/b/g...2005/08/17/452905.aspx )
- In ~/config/sqlconnections.config, add a connection string pointing to the Active Directory store. The following example assumes that your fully-qualified domain name for the domain controller is win2k3.vstsb2.local, while the domain is vstsb2.local. The connection string section in web.config would then look like this:
<add connectionString="LDAP://win2k3.vstsb2.local/CN=Users,DC=vstsb2,DC=local" name="ADConnString"/>
- Then in ~/web.config, add the following membership provider info inside <system.web> (note: the following is a very simple implementation, and omits many of the optional attributes):
System.Web, Version=188.8.131.52, Culture=neutral,
attributeMapUsername="sAMAccountName" <!--possible values are: sAMAccountName or userPrincipalName-->
connectionStringName="ADConnString" <!-- must match the connectionString name value -->
You should be able to authenticate your user via the AD now.
Another expert info on AD configuration: http://blogs.msdn.com/b/d...2005/10/11/479941.aspx
- Download this tester to make sure your AD is set up correctly.
Installation: Download & unzip the files onto your forum's root dir, browse to the aspx file and try logging in with the form provided by this tester.
1. With my local test AD, I'm unable to log in using the ADTester after I created my user using ADSI Edit?
There are 2 possible issues: you didn't reset password
after creating the account or you did not set the userPrincipalName
Ensure that you Reset Password for the user (right click on the user and select Reset Password...), and also make sure that the userPrincipalName
attribute is set to the same value as the name
2. ADTester show that I can log in, but in the forum I get "There is no such user in our database. You can register an account here..."
Check the Error log in the AdminCP -> System Related Options -> Error Log. Import errors first if there is any.
There are 2 common causes: you didn't specify email for the account (the mail
attribute), or the email is used by another account already in the forum database. The forum software cannot auto import your AD accounts if the AD accounts have these email issues.
See the attached screenshot for the important fields that must be present for AD integration to work. Pay special attention to the mail
attributes as the other attributes are usually created by default.
3. What if I cannot put my username and password in the web.config?
If you find it impossible to implement such integration because of the Username / Password requirement (note: you only need an non-privileged account, not an admin account), or because you want users to be logged in automatically once they log on to the domain account, here is an alternative method: Windows Authentication without AD membership provider
post edited by APGvNext Sam - 2014/08/01 13:58:38