Windows Authentication Membership Provider
Windows Authentication Membership Provider - Errors
The default configuration for the AD provider expects usernames to be in UPN format. When using Windows authentication, the username is in an NT4 style format. Change the username format supported by the provider with the following configuration attribute:
<add connectionstringname="ADConnectionString" type="MyComp.Security.MyMembershipProvider, MyProject.Web" attributemapusername="sAMAccountName" name="MyMembershipProvider"></add>
This works with ASP.NET MVC project. With that change, pass in just the username portion of an NT4 style username. You still don't pass in the domain, or the "\" - this is because an AD provider is always configured to point at a domain, or a container in a domain.
For example, with a username of DOMAIN\UserA, you would only pass "userA" in the username parameter to GetUser. You won't be able to call the parameterless GetUser overload because even with the provider configured to use SAM account names, it won't accept usernames in the DOMAIN\USER format. Use the GetUser(string username) overload for this.
Windows Authentication Membership Provider - Properties
|
|
Example
|
| CN - Common Name |
CN=Guy Thomas. Actually, this LDAP attribute is made up from givenName joined to SN. |
| description |
What you see in Active Directory Users and Computers. Not to be confused with displayName on the Users property sheet. |
| displayName |
displayName = Guy Thomas. If you script this property, be sure you understand which field you are configuring. DisplayName can be confused with CN or description. |
| DN - also distinguishedName |
DN is simply the most important LDAP attribute.
CN=Jay Jamieson, OU= Newport,DC=cp,DC=com |
| givenName |
Firstname also called Christian name |
| homeDrive |
Home Folder : connect. Tricky to configure |
| name |
name = Guy Thomas. Exactly the same as CN. |
| objectCategory |
Defines the Active Directory Schema category. For example, objectClass = Person |
| objectClass |
objectClass = User. Also used for Computer, organizationalUnit, even container. Important top level container. |
| physicalDeliveryOfficeName |
Office! on the user's General property sheet |
| profilePath |
Roaming profile path: connect. Trick to set up |
| sAMAccountName |
sAMAccountName = guyt. Old NT 4.0 logon name, must be unique in the domain. Can be confused with CN. |
| SN |
SN = Thomas. This would be referred to as last name or surname. |
| userAccountControl |
Used to disable an account. A value of 514 disables the account, while 512 makes the account ready for logon. |
| userPrincipalName |
userPrincipalName = guyt@CP.com Often abbreviated to UPN, and looks like an email address. Very useful for logging on especially in a large Forest. Note UPN must be unique in the forest. |
Examples of Exchange Specific LDAP attributes
|
| homeMDB |
Here is where you set the MailStore |
| legacyExchangeDN |
Legacy distinguished name for creating Contacts. In the following example,
Guy Thomas is a Contact in the first administrative group of GUYDOMAIN: /o=GUYDOMAIN/ou=first administrative group/cn=Recipients/cn=Guy Thomas |
| mail |
An easy, but important attribute. A simple SMTP address is all that is required billyn@ourdom.com |
| mAPIRecipient - FALSE |
Indicates that a contact is not a domain user. |
| mailNickname |
Normally this is the same value as the sAMAccountName, but could be different if you wished. Needed for mail enabled contacts. |
| mDBUseDefaults |
Another straightforward field, just the value to:True |
| msExchHomeServerName |
Exchange needs to know which server to deliver the mail. Example:
/o=YourOrg/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=MailSrv |
| proxyAddresses |
As the name 'proxy' suggests, it is possible for one recipient to have more than one email address. Note the plural spelling of proxyAddresses. |
| targetAddress |
SMTP:@ e-mail address. Note that SMTP is case sensitive. All capitals means the default address. |
| showInAddressBook |
Displays the contact in the Global Address List. |
Other LDAP attributes
|
| c |
Country or Region |
| company |
Company or organization name |
| department |
Useful category to fill in and use for filtering |
| homephone |
Home Phone number, (Lots more phone LDAPs) |
| l (Lower case L) |
L = Location. City ( Maybe Office |
| location |
Important, particularly for printers. |
| manager |
Boss, manager |
| mobile |
Mobile Phone number |
| ObjectClass |
Usually, User, or Computer |
| OU |
Organizational unit. See also DN |
| postalCode |
Zip or post code |
| st |
State, Province or County |
| streetAddress |
First line of address |
| telephoneNumber |
Office Phone |
Examples of obscure LDAP attributes
|
| dNSHostname |
|
| rID |
|
| url |
|
| uSNCreated, uSNChanged |
|
Monday, June 29, 2009 9:09:33 PM
|