How to use Active Directory Membership Provider in ASP.NET

09Feb

How to use Active Directory Membership Provider in ASP.NET

By Technical, Engineering , , , , 0 Comments

The ASP.NET membership feature provides secure credential storage for application users.

We will use The following:

  • Web page named Login.aspx and another web page named CreateUser.aspx
  • Login Control.
  • Create User Wizard Control.

Steps:

1- Configure Forms Authentication in Web.config file.

To configure forms authentication, set the <authentication> element’s mode attribute to “Forms” and then configure your application’s Web.config file as shown in the following example:

<authentication mode="Forms">
    <forms loginUrl="Login.aspx" 
           protection="All" 
           timeout="30" 
           name="AppNameCookie" 
           path="/FormsAuth" 
           requireSSL="false" 
           slidingExpiration="true" 
           defaultUrl="default.aspx"
           cookieless="UseCookies"
           enableCrossAppRedirects="false"/>
</authentication>
  • loginUrl points to the login page. You should place this in a folder that requires Secure Sockets Layer (SSL) for access.
  • protection is set to “All” to specify privacy and integrity for the forms authentication ticket.
  • timeout is used to specify a limited session lifetime.
  • name and path are set to unique values for the current application.
  • requireSSL is set to “false”. This configuration means that authentication cookie can be transmitted over channels that are not SSL-protected. If you are concerned about session hijacking, you should consider setting this to “true”.
  • slidingExpiration is set to “true” to enforce a sliding session lifetime. This means that the timeout is reset after each request to your application. defaultUrl is set to the Default.aspx page for the application.
  • cookieless is set to “UseCookies” to specify that the application uses cookies to send the authentication ticket to the client.
  • enableCrossAppRedirects is set to “false” to indicate that the application cannot redirect requests outside the application scope.

Add the following <authorization> element after the element. This permits only authenticated users to access the application. The previously established loginUrl attribute of the element will redirect unauthenticated requests to the Login.aspx page.

<authorization>
<deny users="?" />
<allow users="*" />
</authorization>

Configure the ActiveDirectoryMembershipProvider in Web.config file.

Configure the ActiveDirectoryMembershipProvider in your application’s Web.config file as shown in the following example.

There is an important point in this case How can get my Active Directory connection string.

There is another post is talking about How to get Active Directory connection string you can find it here:

https://www.nilebits.com/blog/2012/02/how-to-get-active-directory-connection-string-in-c-net/ 

<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://domain.testing.com/CN=Users,DC=domain,DC=testing,DC=com" />
</connectionStrings>
<system.web>
...
<membership defaultProvider="MembershipADProvider">
<providers>
<add name="MembershipADProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="<domainName>\administrator"
connectionPassword="password"/>
</providers>
</membership>
...
</system.web>

Last step:

  • Drag and drop Login Control into the Login page.
  • Drag and drop Create User Wizard Control into the CreateUser page.

Now your Web Application or your Website is secured.

Share this post

Author

Founder | CEO | CTO | Project Manager | Product Owner

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

11Jan

Show alert or run JavaScript function after showing the appointment popup in DevExpress using VB.NET

By

You should handle the CustomJSProperties event and add in properties collection... read more

23Mar

C# Keywords Tutorial Part 5: async

By

The async keyword in the robust computer language C# enables programmers... read more

17Apr

Javascript is not working with UpdatePanel

By

If you are using ajax by using UpdatePanel, and there is... read more

14Feb

How To Integrate AI and ML With .NET Applications

By

Artificial Intelligence (AI) and Machine Learning (ML) are playing a bigger... read more

29Mar

C# Keywords Tutorial Part 14: char

By

C# is a popular, modern, object-oriented programming language that is used... read more

17Apr

C# Keywords Tutorial Part 78: stackalloc

By

C# is a contemporary object-oriented programming language that is widely employed... read more

07Mar

Make previous calendar dates not selectable in ASP.NET

By

In order to make all dates before the current date, not... read more

21Apr

C# Keywords Tutorial Part 98: volatile

By

A number of characteristics in the popular programming language C# enable... read more

Mastering Docker A Step-by-Step Guide to Running PostgreSQL and pgAdmin
20Apr

Mastering Docker: A Step-by-Step Guide to Running PostgreSQL and pgAdmin

By

Table of ContentsChapter 1: Understanding DockerChapter 2: Setting Up PostgreSQL with... read more

27Aug

The Ultimate Guide to Implementing Authentication in JavaScript Applications

By

In the fast-paced world of web development, building secure and user-friendly... read more