ASP.NET Active Directory Membership Provider and SQL Profile Provider

17
votes

I am currently designing a Membership/Profile scheme for a new project I am working on and I was hoping to get some input from others.

The project is a ASP.NET web application and due to the short time frame, I am trying to use any and all built in .NET framework components I can. The site will probably entertain < 5000 users. Each user will have a profile where custom settings and objects will be persisted between visits.

I am required to use an existing Active Directory for authentication. Since the AD schema cannot be extended to hold new fields, I am required to hold user settings and objects in a different data store. I have also been told ADAM is probably not a possible solution.

I was hoping to use the Active Directory Membership Provider for my authentication scheme and the SQL Profile Provider as a user profile data store. I would prefer not to build a custom profile provider, but I do not see this posing much of a problem if need be.

I was wondering if this is even a possible solution, and if so, has anyone had any luck with this approach.

Any comments would be greatly appreciated.

Thanks.

4
asp.netactive-directorymembershipprovider

4 Answers

16
votes

First off - I've never done this myself.

There's a really excellent series (14 !! parts) on the whole topic of ASP.NET 2.0 membership, roles and profile provider systems by Scott Mitchell at 4 Guys from Rolla.

According to my understanding, you should be able to configure this behavior you are looking for by using basically these two sections in your web.config:

  <!-- configure Active Directory membership provider -->
  <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
    <providers>
      <add name="AspNetActiveDirectoryMembershipProvider"
           type="System.Web.Security.ActiveDirectoryMembershipProvider, 
                 System.Web, Version=2.0.3600, Culture=neutral, 
                 PublicKeyToken=b03f5f7f11d50a3a" />
    </providers>
  </membership>

  <!-- configure SQL-based profile provider -->      
  <profile defaultProvider="SqlProvider">
    <providers>
      <add name="SqlProvider"
        type="System.Web.Profile.SqlProfileProvider"
        connectionStringName="SqlProfileProviderConnection"
        applicationName="YourApplication" />
    </providers>

    <!-- specify any additional properties to store in the profile -->   
    <properties>
      <add name="ZipCode" />
      <add name="CityAndState" />
    </properties>
  </profile>

I would think this ought to work :-)

3
votes

In addition to this as replied by Marc : 

<add name="AspNetActiveDirectoryMembershipProvider"
           type="System.Web.Security.ActiveDirectoryMembershipProvider, 
                 System.Web, Version=2.0.3600, Culture=neutral, 
                 PublicKeyToken=b03f5f7f11d50a3a" />

you might also need to add

connectionStringName="ADService",
attributeMapUsername="sAMAccountName"

with corresponnding connection string 

<connectionStrings>
    <add name="ADService" connectionString="LDAP://ServerIP" />
</connectionStrings>

If you are using .net 4.0 then you will need to replace

Version=2.0.3600

with 

Version=4.0.0.0

So finally , 

<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
      <providers>
        <add name="AspNetActiveDirectoryMembershipProvider"
             connectionStringName="ADService"
             type="System.Web.Security.ActiveDirectoryMembershipProvider, 
                 System.Web, Version=4.0.0.0, Culture=neutral, 
                 PublicKeyToken=b03f5f7f11d50a3a"
             attributeMapUsername="sAMAccountName"/>
      </providers>
    </membership>

and since it is set as default, it can be referenced as : 

MembershipProvider provider = Membership.Provider;
2
votes

Thanks for the information, its helped alot. Also rather than Setting the default Provider with MembershipProvider provider = Membership.Provider; you can set it with in the membership tag.

<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">

I"ve also writen a small how to and a download to a Visual Studio Project and Source configured to use AspNetActiveDirectoryMembershipProvider.

ASP.NET Forms Based Authentication - using AspNetActiveDirectoryMembershipProvider

2
votes

I am using Visual Studio 2012 and tried to do as sugested, but an error is shown: 

To call this method, the "Membership.Provider" property must be an instance of "ExtendedMembershipProvider".

So I discovered that a few changes should be done to the default login form on the VS2012 with MVC 4 and entity framework as follows:

on file "AccountController.cs"

on the "public ActionResult Login(LoginModel model, string returnUrl)"

Change the

    if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))

for

    if (ModelState.IsValid && Membership.Provider.ValidateUser(model.UserName, model.Password))

on the "public ActionResult LogOff()"

Change the 

    WebSecurity.Logout();

for

    FormsAuthentication.SignOut();

and add the following: FormsAuthentication.SetAuthCookie(model.UserName, false);

    public ActionResult Login(LoginModel model, string returnUrl)
    {
        if (ModelState.IsValid && Membership.Provider.ValidateUser(model.UserName, model.Password))
        {

            FormsAuthentication.SetAuthCookie(model.UserName, false);               

            return RedirectToLocal(returnUrl);
        }

        // If we got this far, something failed, redisplay form
        ModelState.AddModelError("", "The user name or password provided is incorrect.");
        return View(model);
    }