Clear, accurate, high quality discussion

Forum

 
ForumForumDiscussions and...Discussions and....Net framework ....Net framework ...Securing ASP.NET with Active DirectorySecuring ASP.NET with Active Directory
Previous Previous
 
Next Next
New Post
 25/03/2008 01:23
 
User is offline PeterVogel
No Ranking

Joined: 14/03/2008
6 posts

While Forms based security gets all the attention in discussing ASP.NET security, Forms based security may not be your best choice. For inTRAnet applications, where all users have logged on to the LAN, Windows-based security is your best choice. With Windows-based security standard file-level security (which you need to set up anyway to prevent unauthorized access from within your firewall) controls who gets to see which pages.

However, many companies use Active Directory, which ASP.NET does not connect to by default. The following changes in the web.config file will wire up ASP.NET to use Active Directory. After these changes, all the ASP.NET controls and security objects will automatically validate against usernames and passwords in Active Directory.

The first step is to define a connection string that points to AD and give it a name:

<connectionStrings>
    <add name="ActiveDirectoryCS"
         connectionString="LDAP://MyDomain.mine.com/
                     CN=Users,DC=MyDomain,DC=mine,DC=com" /></connectionStrings>

The next step is to add a named set of provider settings that will cause ASP.NET to use the Active Directory provider and have those setting pick up the named connection string you established:

<membership>
 <providers>
  <add name="ActiveDirectoryProvider"
       type="System.Web.Security.ActiveDirectoryMembershipProvider"
       connectionStringName="ActiveDirectoryCS"
       connectionUsername="MyDomain\Administrator"
       connectionPassword="abc123$"/></providers></membership>

The final step is to go back to the <membership> tag and tell ASP.NET that the named setting you just created is the set to use:

<membership defaultProvider="ActiveDirectoryProvider">

 
 Page 1 of 1
Previous Previous
 
Next Next
ForumForumDiscussions and...Discussions and....Net framework ....Net framework ...Securing ASP.NET with Active DirectorySecuring ASP.NET with Active Directory

Forum Usage Guidelines

The forums are a place for all to exchange ideas and techniques, and to post and answer questions.  All are welcome to read, registration is required to post. 

If you learn somthing new, discover or acquire a new technique, then please take a moment to register and rate the post that just helped you.  This site does not send spam and it does not release your personal details.  Full details in the site privacy policy.

We have some simple posting guidelines to keep the forums a pleasant and informative environment.

  • No flames, no trolls
  • No profanity, no racism
  • Site management has the final word on approving or removing any thread, post, or comment
  • English language only please