I'm creating an internet site for the follow configuration: - public website - users need to authenticate agains active directory - roles are servered by an 3th party ERP system, also using AD for authentication
What I have done So I tried to follow this guide (https://our.umbraco.org/wiki/how-tos/membership-providers/active-directory-membership-provider) for the authentication, and wrote a custsom role provider for the ERP roles. I used the built in template for the login form.
The role part works just fine. The authentication does not.
The problem It seems that Umbraco is still using the UmbracoMembershipProvider. When I create a member in umbraco I can login with the umbraco credentials. When I try any AD accounts it won't authenticate.
I tried to Change the LDAP connectionstring to use a non existing OU or CN. It gives me errors, so connection to AD is made somewhere in the proces.
I also tried RB.ActiveDirectoryProviders. Same result.
I don't get any exception thrown, just "Invalid username or password". The logs say:
2015-08-19 08:45:20,764 [126] INFO Umbraco.Core.Security.UmbracoMembershipProviderBase - [P6460/T133/D8] Login attempt failed for username nico from IP address ::1, the user does not exist
My best guess I made some configuration error.
So how do I use Active Directory as only MembershipProvider?
Any help is welcome.
My setup:
local box with iis/umbraco/VS2012 running a virtual PC with the AD. I run Umbraco 7.2.8 in Visual Studio/IISExpress. I used the Nuget package of Umbraco.
web.config
<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://192.168.2.50/dc=XXX,dc=YYY" />
</connectionStrings>
<membership defaultProvider="ADMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="4" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Member" passwordFormat="Hashed" />
<add name="UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="4" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="false" passwordFormat="Hashed" />
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="[USER]" connectionPassword="[PASSWORD]"
attributeMapUsername="sAMAccountName" />
</providers>
</membership>
@using (Html.BeginUmbracoForm<UmbLoginController>("HandleLogin"))
{
<fieldset>
<legend>Login</legend>
@Html.ValidationSummary("loginModel", true)
@Html.LabelFor(m => loginModel.Username)
@Html.TextBoxFor(m => loginModel.Username)
@Html.ValidationMessageFor(m => loginModel.Username)
<br />
@Html.LabelFor(m => loginModel.Password)
@Html.PasswordFor(m => loginModel.Password)
@Html.ValidationMessageFor(m => loginModel.Password)
<br />
<button>Login</button>
</fieldset>
}