Allowing Membership.ValidateUser to validate username or email from AD

1
votes

I have a C# web application that has a need to accept either username or email address for login. Currently it is working just fine to login using email address which also happens to be the same as the fully qualified domain name, where Membership.ValidateUser returns true into isValid if the correct email address and password are entered for variables user and password.

bool isValid = Membership.ValidateUser(user, password);

However isValid returns false if using just the username portion for user instead of the fully qualified username (email address).

For example, my user could be johngordon and my email johngordon@fullyqualifieddomain. My password is 12345. Using

Membership.ValidateUser("johngordon", "12345")

returns false

Membership.ValidateUser("domain\\johngordon", "12345")

returns false

Membership.ValidateUser("fullyqualifieddomain\\johngordon", "12345")

returns false

Membership.ValidateUser("johngordon@fullyqualifieddomain", "12345")

returns true

Here is what I think is the pertinent information from web.config. I've done some searching for ValidateUser() but can't find how you tell it to use username, email address, or in my scenario both.

<membership defaultProvider="MyADMembershipProvider">
      <providers>
          <add name="MyADMembershipProvider"
               type="System.Web.Security.ActiveDirectoryMembershipProvider, 
               System.Web, Version=2.0.0.0, 
               &#xA; &#xA; Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
               connectionStringName="ADConnectionString" enableSearchMethods="true"
               connectionProtection="Secure" connectionUsername="domain\user" 
               connectionPassword="password" />
       </providers>
</membership>
1
c#asp.netactive-directoryasp.net-membershipweb-config
You need to specify domain\username - Erik Funkenbusch
@ErikFunkenbusch I have tried domain\username in Membership.ValidateUser and that also returns false. - John Wesley Gordon
Did you escape the backslash? Using either @"domain\username" or "domain\\username"? Or did you type it into a textbox? - Erik Funkenbusch
@ErikFunkenbusch Typed into textbox and attempted to hardcode as domain\\username. Both did not work. - John Wesley Gordon
The reason I ask is because I find it odd that [email protected] would work, as this indicates jg is the username. This is NOT an email address, it may also be an email address, but as far as AD is concerned, it's just a fully qualified username. Have you tried using 'domain\jg' ? - Erik Funkenbusch

1 Answers

1
votes

So I ended up doing different things depending on what I got as a username checking for a fullyqualified name, an email address, or just a username and validating them accordingly.

bool isValid = false;
if(user.Contains("@fullyqualifieddomain"))
{
  isValid = Membership.ValidateUser(user, password)
}
else if(user.Contains("@"))
{
  isValid = Membership.ValidateUser(Membership.GetUserNameByEmail(user),password);
}
else
{
 isValid = Membership.ValidateUser(user+"fullyqualifieddomain");
}