Active Directory Application Mode with Visual Studio.Net 2005 (Part 1 of 2)

I have worked with Active Directory Application Mode (ADAM) in a development environment on Windows XP for a while now using Visual Studio.Net 2003.  Once the Active Application Mode was installed it was really just a matter of configuring SSL connection between the Web Application being hosted on the local IIS.

In Beta 1, ASP.Net 2.0 included a SqlMembershipProvider, however in Beta2 we seem to have quietly added an additional Membership Provider known as the ActiveDirectoryMembershipProvider that will work with both Active Directory and ADAM. 

However, now that I have been using Visual Studio.Net 2005 with the Visual Web Developer, I can create Web Application from the local file system and not require IIS, which begs the question how to I setup ADAM without using SSL, and take advantage of the new Membership API Services in a Development Environment.

After creating an instance of ADAM called O=ADAuth and adding an Organization Object called OU=Users it was just a matter of adding configuration parameters to the WebConfig such as:

<membership
defaultProvider="AspNetActiveDirectoryMembershipProvider">
      <providers>
        <add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=1.0.3600, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADService"
connectionUserName="CN=ADAdmin,OU=Users,O=ADAuth"
connectionPassword="PasswordForUser"
connectionProtection="None"  />
         </providers>
    </membership>

If you are not connecting to ADAM over an SSL connection then the connectionProtection attribute must be set to "None" instead of the default setting of "Secure".  When the connectionProtection is set to "None", you can not connect to the ADAM Directory with a Windows’ Account; therefore, you must create a User Object in the ADAM instance and add it as a member of the Administrator role. 

 

The connectionStringName refers to an valid connection string under the ConnectionString in the WebConfig.  In my case the connection string should look similar to the following:

 

<configuration>

            <connectionStrings>

<add name="ADService" connectionString="LDAP://localhost:389/OU=Users,O=ADAuth"/>

</connectionStrings>

 

However, you will still have problems connecting to ADAM with ASP.Net Membership API for two reasons. First, you need to configure ADAM to support unsecured bind operation since by default ADAM only support a secure connection such as SSL, and second ADAM does allow passwords to be send over an unsecured connection. 

 

In the ADAM ADSI Edit, go to the Configuration naming context and choose the properties for CN=Directory Services, CN=Windows NT, CN=Services.  Double click the attributes "msDS-Other-Settings" and click edit and remove the entry "RequireSecureProxyBind=1" and replace it with "RequireSecureProxyBind=0", then choose "OK".  The next step is to go to the ADAM command prompt.

  • At the command prompt, type: dsmgmt
  • At the dsmgmt: prompt, type: ds behavior
  • At the ds behavior: prompt, type: connections

· At the server connections: prompt, type:

connect to server localhost:389

  • At the server connections: prompt, type: quit
  • At the ds behavior: prompt, do the following:
    • To allow password settings over a non-SSL connection, type:

allow passwd op on unsecured connection

In Part 2, I will discuss how to configure the different password options that are available with the ActiveDirectoryMembershipProvider.