ActiveDirectoryMembershipProvider - "Unable to establish secure connection"

Asked 22/7, 2009 at 12:0 Answered 22/1, 2015 at 16:16

Solved asp.net asp.net-membership ldap membership-provider

I am trying to configure an ActiveDirectoryMembershipProvider but I keep getting the message "Unable to establish secure connection with the server".

I have seen online at the MSDN website that I should configure the trust level to unrestricted on my site and I still get that.

Here is my example:

<connectionStrings>

     <add name="LocalAD" connectionString="LDAP://example.com/dc=example,dc=com" />

</connectionStrings>


<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">

    <providers>

        <add name="AspNetActiveDirectoryMembershipProvider"
             type="System.Web.Security.ActiveDirectoryMembershipProvider" 
             applicationName="adtest"
             connectionUsername="cn=Users"
             connectionPassword="password"
             connectionStringName="LocalAD" >

       </add>
    </providers>
</membership>

<trust level="Full" />

<authentication mode="Forms">
      <forms loginUrl="login.aspx"
             protection="All"
             timeout="30"
             name="miBenefitsAdminToolCookie"
             path="/"
             requireSSL="false"
             slidingExpiration="true"
             defaultUrl="Default.aspx"
             cookieless="UseCookies"
             enableCrossAppRedirects="false" />

 </authentication>

 <authorization>
      <deny users="?" />
      <allow users="*" />
 </authorization>

Transmutation answered 22/7, 2009 at 12:0 Comment(0)

You're supplying what looks like a container instead of an actual user name to be used in making the connection to AD. Provide the canonical name of a user with sufficient credentials to access AD. Note that if the server is in the same domain, the Network System user that the worker process runs under may already have enough privileges and you won't need to provide a name/password at all.

    <add name="AspNetActiveDirectoryMembershipProvider"
         type="System.Web.Security.ActiveDirectoryMembershipProvider" 
         applicationName="adtest"
         connectionUsername="cn=actualUser"
         connectionPassword="actualUsersPassword"
         connectionStringName="LocalAD">

   </add>

Busty answered 22/7, 2009 at 12:18 Comment(1)

Thanks. This moved me a step forward. I got another error now "supplied credentials are invalid". This only occurs if I allow the authentication mode in "Forms". If I change it to "Windows" then I am automagically authenticated. – Transmutation 22/7, 2009 at 13:15

The connection username can have different formats depending on how it was configured. If the user is added to the user role only as a DN (distinguished name) then the format of CN=username,DC=container can be used

If the user is added to the user role as a windows user, then the username can be username only.

I hope this clarification helps.

Orleanist answered 22/1, 2015 at 16:16 Comment(0)

Recommended topics

Hot tags