Form Authentication against our Active Directory’s LDAP server will always return invalid username/password

0
votes

I am working on an asp.net mvc-5 web application. And I am using asp.net membership provider to authentication users against our ldap server using form authentication.

Here is the login action method:-

[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginModel model, string returnUrl)
{


    MembershipProvider domainProvider;

    domainProvider = Membership.Providers["TestDomain1ADMembershipProvider"];
    if (ModelState.IsValid)
    {

        // Validate the user with the membership system.
        if (domainProvider.ValidateUser(model.UserName, model.Password))
        {


            FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);

        }
        else
        {
            //  Response.Write("Invalid UserID and Password");
            ModelState.AddModelError("", "The user name or password provided is incorrect.");
            return View(model);
        }

        return RedirectToLocal(returnUrl);

    }

    return View(model);
}

And the web.config file where I defined a <providers> and a <connection string> for ldap:-

<providers>
<add name="TestDomain1ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0, &#xA;Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="DomainConnectionString"  connectionUsername="*****\administrator" connectionPassword="*****" attributeMapUsername="sAMAccountName"/>
</providers>

&

<connectionStrings>
    <add name="DomainConnectionString" connectionString="LDAP://WIN-SPDev.tgroup.local/OU=Domain Controllers,DC=tgroup,DC=local"/>
       </connectionStrings>

But now when a user enters his username/password the domainProvider.ValidateUser(model.UserName, model.Password) always return false.

Can anyone advice on this please?

Thanks

1
asp.netasp.net-mvcauthenticationldapmembership-provider

1 Answers

2
votes

The ValidateUser method may return false when the correct credentials are supplied, under the following circumstances:

1.The user account was locked out by the directory server because of too many failed logon attempts. The user will not be able to log on until the directory's lockout duration passes.

2.If the EnablePasswordReset property is true, the user account will be locked if the user supplied a bad password answer too many times. The user's account will unlock after the time specified in the PasswordAnswerAttemptLockoutDuration property has passed.

3.The user must exist in the container specified in the connection string. Valid credentials are supplied for a user account located in a different container or in a different domain. The user must exist in the container specified in the connection string.

May be you need to enter username as DOMAIN\username (see 3rd item)?