FAQ : ASP.NET 2.0 Membership Provider for AD/ADAM

  • Article

After the EMEA ASP.NET 2.0 on Tour event, lots of devs have been asking me about our plans for an AD/ADAM Membership Provider in ASP.NET 2.0 .

 

Well, instead of just typing & telling the same information over & over again, why don't I just blog about it and point devs to this post, so here we go... :-)

 

First of all, please note that the Access Provider as found in Beta 1 will be removed from the framework for Beta 2 (and RTM).

However, we plan to post the code though for what used to be the Access providers and let developers modify and use it.

 

For AD/ADAM, there is a Membership provider - both in the later Beta 1 CTP's and Beta 2.

However, granted : it's not immediately obvious though since:

 

a) We don't have a default setting for it.

b) The docs for it won't be completed until RTM.

 

 

In the interim though, you can enable the AD/ADAM provider using the following provider <add /> and connection strings element in config:

 

  <connectionStrings>
<add name="MyADProviderConnection" connectionString="LDAP://mydomain.corp.test.com/ou=SomeUserOU,DC=mydomain,DC=corp,DC=test,DC=com" />
</connectionStrings>

 

 

Note that you'll find all of the config attributes - a lot of these have defaults and don't need to be in config unless you want different value:

 

<add name="MyADProvider"

        type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

        connectionStringName="MyADProviderConnection"

 

        connectionUsername="mydomain\administrator"

        connectionPassword="password"

        connectionProtection="Secure"

 

        description="Some description."

 

        enablePasswordReset="true"

        enableSearchMethods="false"

        requiresQuestionAndAnswer="true"

        applicationName="/"

        requiresUniqueEmail="false"

 

        maxInvalidPasswordAttempts = “5”
passwordAttemptWindow = “10”
passwordAnswerAttemptLockoutDuration = “30”

 

        minRequiredPasswordLength = “7”
minRequiredNonAlphanumericCharacters = “1”
passwordStrengthRegularExpression = “”

 

        attributeMapUsername="userPrincipalName"

        attributeMapEmail="mail"

 

        attributeMapPasswordQuestion="astringattributeforquestion"

        attributeMapPasswordAnswer="astringattributeforanswers"

        attributeMapFailedPasswordAnswerCount="anIntegerattribute"

        attributeMapFailedPasswordAnswerTime="anotherIntegerattribute"

        attributeMapFailedPasswordAnswerLockoutTime="anIntervalattribute"

 />

 

 

Also note that :

- mapping username and email is not necessary if the userPrincipalName and mail are attributes in your directory - these two values are the defaults for the provider. 

- setting up password reset is moderately complex. If you set "enablePasswordReset" and "requiresQuestionAndAnswer" to false, then you don't need the attribute mappings for password question and password answer.

 

 

Enjoy !

Guntherb.