FAQ : ASP.NET 2.0 Membership Provider for AD/ADAM
After the EMEA ASP.NET 2.0 on Tour event, lots of devs have been asking me about our plans for an AD/ADAM Membership Provider in ASP.NET 2.0 .
Well, instead of just typing & telling the same information over & over again, why don't I just blog about it and point devs to this post, so here we go... :-)
First of all, please note that the Access Provider as found in Beta 1 will be removed from the framework for Beta 2 (and RTM).
However, we plan to post the code though for what used to be the Access providers and let developers modify and use it.
For AD/ADAM, there is a Membership provider - both in the later Beta 1 CTP's and Beta 2.
However, granted : it's not immediately obvious though since:
a) We don't have a default setting for it.
b) The docs for it won't be completed until RTM.
In the interim though, you can enable the AD/ADAM provider using the following provider <add /> and connection strings element in config:
<add name="MyADProviderConnection" connectionString="LDAP://mydomain.corp.test.com/ou=SomeUserOU,DC=mydomain,DC=corp,DC=test,DC=com" />
Note that you'll find all of the config attributes - a lot of these have defaults and don't need to be in config unless you want different value:
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
maxInvalidPasswordAttempts = “5”
passwordAttemptWindow = “10”
passwordAnswerAttemptLockoutDuration = “30”
minRequiredPasswordLength = “7”
minRequiredNonAlphanumericCharacters = “1”
passwordStrengthRegularExpression = “”
Also note that :
- mapping username and email is not necessary if the userPrincipalName and mail are attributes in your directory - these two values are the defaults for the provider.
- setting up password reset is moderately complex. If you set "enablePasswordReset" and "requiresQuestionAndAnswer" to false, then you don't need the attribute mappings for password question and password answer.