AD LDS w/ ASP.NET form authentication
I am gettin this exception:
Parser Error Message: The container specified in the connection string does not exist
And here`s my case:
I have an WebApp with 2 pages Default.aspx & Login.aspx. The later contains a login control. The application is configured to work with and AD LDS instance as a membership store.
Here are some sections of interest in the web.config
<authentication mode="Forms">
<forms name=".AuthCookie" loginUrl="Login.aspx" timeout="10" />开发者_运维知识库;
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<membership defaultProvider="MyDSProvider">
<providers>
<add name="MyDSProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
applicationName="ADSecWebApp"
connectionStringName="MyDSConn"
connectionUsername="CN=Admin,CN=Users,CN=MyOrg,DC=MyDomain,C=CA"
connectionPassword="Welcome1"
connectionProtection="None"
/>
</providers>
</membership>
Then I installed an instance of AD LDS on my machine.
The AD LDS is configured as to have one application partition "CN=MyOrg,DC=MyDomain,C=CA".
Under this partition I created a container "CN=Users,CN=MyOrg,DC=MyDomain,C=CA"
Under this container I created two users: Admin & JohnS. Both were enabled and set up with passwords ("Welcome1" in case of "Admin")
Moreover the Admin was configured as a member of "CN=Administrators,CN=Roles,CN=MyOrg,DC=MyDomain,C=CA" (I found some articles on the net suggesting that when using connectionProtection="None" in ADMembershipProvider config section then and Windows account cannot be used, instead an AD account should be employed that has adminstration privileges on the AD instance used to connect to.)
Furthermore I have Windows 7, IIS7, VS 2008 SP1, .NET 3.5
Can someone give me some hints on what is wrong? I did research a lot, solved errors one by one, but it seems I got stuck with this one.
I would also appreciate some explanation about why is that in case I am given a solution cause I am a newbie.
Thanks in advance
Iulian
With a help from a co-worker I found what was the problem. Apparently when I added my Admin AD user to AD Administors Role (=> CN-Roles => CN-Administrators => Properties => select {member} => click Add DN => add my Admin user) I missed to save them or something else went wrong; either way my Admin user wasn't saved as Administrators member.
I used ldp.exe to find the cause of the problem: in a sense that I was able to connect to my instance and then to bind the session to my CN=Admin user, although I couldn't see anything in the tree view which hinted us that the CN=Admin it is still not an Administrator.
One more thing that was left out: I had to set the userPrincipalName of the account that I wanted to log into my secure webapp, cause the name I used when creating the AD account CN=JohnS is not actually used by the ActiveDirectoryMembershipProvider when validating the user. I used an email like name, john.smith@mail.com for userPrincipalName and this is what actually one should use to log onto web application.
After all these, everything went fine with my AD LDS & ASP.NET forms-authentication sample.
Hopefully someone else will find this useful.
Thanks
Iulian
精彩评论