stackoom
  简体   繁体   中英

Form Authentication against our Active Directory’s LDAP server will always return invalid username/password

 原文  2014-12-17 12:15:19       asp.net/ asp.net-mvc/ authentication/ ldap/ membership-provider

Question

I am working on an asp.net mvc-5 web application. And I am using asp.net membership provider to authentication users against our ldap server using form authentication.

Here is the login action method:- 

[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginModel model, string returnUrl)
{


    MembershipProvider domainProvider;

    domainProvider = Membership.Providers["TestDomain1ADMembershipProvider"];
    if (ModelState.IsValid)
    {

        // Validate the user with the membership system.
        if (domainProvider.ValidateUser(model.UserName, model.Password))
        {


            FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);

        }
        else
        {
            //  Response.Write("Invalid UserID and Password");
            ModelState.AddModelError("", "The user name or password provided is incorrect.");
            return View(model);
        }

        return RedirectToLocal(returnUrl);

    }

    return View(model);
}

And the web.config file where I defined a <providers> and a <connection string> for ldap:- 

<providers>
<add name="TestDomain1ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0, &#xA;Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="DomainConnectionString"  connectionUsername="*****\administrator" connectionPassword="*****" attributeMapUsername="sAMAccountName"/>
</providers>

& 

<connectionStrings>
    <add name="DomainConnectionString" connectionString="LDAP://WIN-SPDev.tgroup.local/OU=Domain Controllers,DC=tgroup,DC=local"/>
       </connectionStrings>

But now when a user enters his username/password the domainProvider.ValidateUser(model.UserName, model.Password) always return false.

Can anyone advice on this please?

Thanks

1 answers

solution1
 2 ACCPTED  2014-12-17 18:01:08

The ValidateUser method may return false when the correct credentials are supplied, under the following circumstances:

1.The user account was locked out by the directory server because of too many failed logon attempts. The user will not be able to log on until the directory's lockout duration passes.

2.If the EnablePasswordReset property is true, the user account will be locked if the user supplied a bad password answer too many times. The user's account will unlock after the time specified in the PasswordAnswerAttemptLockoutDuration property has passed.

3.The user must exist in the container specified in the connection string. Valid credentials are supplied for a user account located in a different container or in a different domain. The user must exist in the container specified in the connection string.

May be you need to enter username as DOMAIN\\username (see 3rd item)?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Forms Authentication against Active Directory - LDAP Protocol SimpleBind Authentication against Active Directory How to validate LDAP path against Active Directory Can I access and Active Directory user's username on a web form? Forms Authentication Using Active Directory / LDAP Form authentication against active directory works on IIS Express but errors when deployed to IIS asp.net IIS - what is the physical file that has Username/Password of directory's Basic HTTP Authentication Login Page redirects to login page after authentication against active directory Force widows authentication in .NET 3.1 to always prompt for username and password to login Active Directory : how to retrieve username and password from Login control
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM