Forms Authentication with Active Directory in ASP.Net2.0

Saturday, November 22, 2008


What Is Active Directory
An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains.
ASP.Net 2.0 has membership feature which we can use for forms authentication. This feature provides an abstraction for the underlying data store that is used to maintain user credentials like as user name, password. The membership feature includes an API that helps you to easily validate user credentials and manage the user database.
To use Active Directory (AD) in ASP.Net, First we have to create “Instance For ADAM” and configuration of it. Then I will create a sample application and explain how to interact ADAM with ASP.Net.
Creating Instance and Configuration:
Install ADAM software. Then select “Create an ADAM Instance” in the start menu.

Select “A Unique Instance”, then give some name to the Instance

Give a Port number, leave default SSL port number.



Select “Yes, to create an application directory partition”.

Here O,DC are the LDAP attributes.
Leave default values for location of data file and backup file.

Provide the account under which this account runs.

It will prompt for confirmation,select “YES”. Then select System

Import all LDIF Files.


Copy contents and paste in a file(notepad, etc)

Click Next which will Instantiate new Instance.

Click Finish. And open ADAM ADSI Edit in start menu.

Right click on ADSI root node and click connect to. And enter the details as.


Right click on Distinguished name and select New -> Object in that one select “Organizational Unit” which for Admin.


Click on Finish. Now right click on the Organizational Unit which is created and select Properties, in that properties select distinguished name property and copy into a notepad.


Right click on new OU(Organizational Unit) and create a new User


Now right click on CN=TestAdminUser and select properties, in that properties change the User Principal Name as

And make the “Don’tExpirePassword” property to false.


Now right click on TestAdminUser and reset the password.

Go to CN=Roles and choose CN=Administrators and choose properties and go to member property.


Click on Add ADAM Account and add the user created above.
Create another Organizational Unit (OU) for the user to create login account programmatically.

Go to Roles and choose CN=Readers and choose properties and then select “member” property. Add ADAM account.



Now open ADAM command prompt and run command “dsmgmt.exe”


Now configure ADAM schema – Password policy setting. Type as “mmc /a”.

Click on File – Add/Remove snap – In and then click on ADD and select ADAM Schema

Select ok, ok. Right Click on ADAM Schema and change the server details. Enter the details of ADAM Instance.


Right click on Attributes and click on create attribute.





Go to Classes Node in the Adam Schema, select User and right click and choose properties and select Attributes tab.



Add all the properties created above.
Go to ADAM ADSI Edit , select the instance and right click on it. In that select Update Schema Now.

Note:I created a document of "ADAM Instance Creation" with all of screen shots. You can find below.
Interacting with ADAM with ASP.Net
Step 1: Create a website and add three pages to the application with name Registration.aspx, Login.aspx, Welcome.aspx.
Step 2: Open Registration.aspx page. Drag “CreateUserWizard” control and set the “ContinueDestinationPageUrl” as “~/login.aspx”.
Step 3: Now open login.aspx page. Drag “Login” control and set the “DestinationPageUrl” property to welcome.aspx. and set “DisplayRememberMe” to false.
Step 4: Now open the web.config file and add the blow mentioned code.




  1. <appSettings>

  2.         <add key="connectionUsername" value="CN=TestAdminUser,OU=TestAdmin,O=Admtest,DC=Testing,DC=COM"/>

  3.         <add key="connectionPassword" value="hello"/>

  4.         <add key="connectionServer" value="localhost"/>

  5.         <add key="connectionPortNumber" value="50001"/>

  6.         <add key="connectionRoot" value="O=Aest,DC=Testing,DC=COM"/>

  7.         <add key="connectionUsersContainer" value="TestUsers"/>

  8.         <add key="defaultRoles" value="Readers"/>

  9.         <add key="connectionRolesContainer" value="Roles"/>

  10.         <add key="connectionAdminsContainer" value="TestAdmin"/>

  11.     </appSettings>




  1. <appSettings>

  1. <connectionStrings>

  •         <add name="TestCon" connectionString="LDAP://localhost:50001/OU=TestUsers,O=Aest,DC=Testing,DC=COM"/>

  •     </connectionStrings>





    1. <appSettings>

    1.  <machineKey validationKey="51AF1A8093A19043C4AAEC218BC36D9C3299C06AA823DDDAC5877431E7AFE90C1B053057EA760CA4DCC15D3CED15035588BB1B461C959434DE68B8381CDF99AA" decryptionKey="BCE825E1668990B11CE01AFF01C4AFE8D63AE300958A85EC" validation="SHA1"/>

    2.         <membership defaultProvider="MyADAMMembershipProvider">

    3.             <providers>

    4.                 <add name="MyADAMMembershipProvider"

    5.          type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"

    6.           connectionStringName="TestCon"

    7.           connectionUsername="CN=TestAdminUser,OU=TestAdmin,O=Aest,DC=Testing,DC=COM"

    8.           connectionPassword="hello"

    9.           connectionProtection="None"

    10.           enableSearchMethods="true"

    11.           requiresUniqueEmail="false"

    12.           enablePasswordReset="true"

    13.           requiresQuestionAndAnswer="true"

    14.           attributeMapPasswordQuestion="PasswordQuestion"

    15.           attributeMapPasswordAnswer="PasswordAnswer"

    16.           attributeMapFailedPasswordAnswerCount="BadPasswordAnswerCount"

    17.           attributeMapFailedPasswordAnswerTime="BadPasswordAnswerTime"

    18.           attributeMapFailedPasswordAnswerLockoutTime="BadPasswordAnswerLockoutTime"

    19.         minRequiredNonalphanumericCharacters="0"

    20.       passwordStrengthRegularExpression = "(?=.{7,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@`~$%^+=!*])"/>

    21.             </providers>

    22.         </membership>





    Once you modified web.config as like above. Then run the registration page and create a User. If user created succesfully you can find a file created with user name in "TestUsers" section of ADAM.
    Note:Add "System.DirectoryServices" assembly reference to your application.
    Download ADAM

    Download creating ADAM Instance Step by step Document.

    Download Sample Application
    Posted by Ramky at 12:53 AM Labels: , ,

    2 comments:

    Anonymous said...

    ARE YOU FED UP BY SEARCHING FOR A GOOD COLLEGE AND GOOD EDUCATION ? DON’T WASTE YOUR VALUABLE TIME, WE PROVIDE YOU DETAILS OF GOOD EDUCATIONAL COLLEGES AND OUR EXPERTS WILL GIVE YOU GOOD COUNSELING ABOUT YOUR FUTURE AND WE ALSO PROVIDE A WIDE RANGE OF EDUCATIONAL AND GENERAL KNOWLEDGE BOOKS.SO GO AHEAD CLICK HERE
    HAVE A BRIGHT FURTRE.

    August 10, 2010 at 10:49 PM
    Anonymous said...

    GOT BORED BY SEARCHING FOR PHONE NUMBERS IN TELEPHONE DIRECTORY, NOW YOU DON’T WORRY FOR SEARCHING, WE MAKE YOUR JOB EASY FOR SEARCHING PHONE NUMBERS JUST click here AND LOGIN INTO OUR SITE AND ENJOY THE SEARCH.

    THANQ

    August 11, 2010 at 12:52 AM

    Post a Comment

    Subscribe to: Post Comments (Atom)