ActiveDirectoryMembershipProvider - "Unable to establish secure connection"

asp.net asp.net-membership ldap membership-provider
Pablo picture Pablo · Jul 22, 2009 · Viewed 25.5k times · Source

I am trying to configure an ActiveDirectoryMembershipProvider but I keep getting the message "Unable to establish secure connection with the server".

I have seen online at the MSDN website that I should configure the trust level to unrestricted on my site and I still get that.

Here is my example:

<connectionStrings>

     <add name="LocalAD" connectionString="LDAP://example.com/dc=example,dc=com" />

</connectionStrings>


<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">

    <providers>

        <add name="AspNetActiveDirectoryMembershipProvider"
             type="System.Web.Security.ActiveDirectoryMembershipProvider" 
             applicationName="adtest"
             connectionUsername="cn=Users"
             connectionPassword="password"
             connectionStringName="LocalAD" >

       </add>
    </providers>
</membership>

<trust level="Full" />

<authentication mode="Forms">
      <forms loginUrl="login.aspx"
             protection="All"
             timeout="30"
             name="miBenefitsAdminToolCookie"
             path="/"
             requireSSL="false"
             slidingExpiration="true"
             defaultUrl="Default.aspx"
             cookieless="UseCookies"
             enableCrossAppRedirects="false" />

 </authentication>

 <authorization>
      <deny users="?" />
      <allow users="*" />
 </authorization>

Answer

tvanfosson picture tvanfosson · Jul 22, 2009

You're supplying what looks like a container instead of an actual user name to be used in making the connection to AD. Provide the canonical name of a user with sufficient credentials to access AD. Note that if the server is in the same domain, the Network System user that the worker process runs under may already have enough privileges and you won't need to provide a name/password at all.

    <add name="AspNetActiveDirectoryMembershipProvider"
         type="System.Web.Security.ActiveDirectoryMembershipProvider" 
         applicationName="adtest"
         connectionUsername="cn=actualUser"
         connectionPassword="actualUsersPassword"
         connectionStringName="LocalAD">

   </add>

Related questions

ActiveDirectoryMembershipProvider "The specified domain or server could not be contacted."

I have an application that is using ActiveDirectoryMembershipProvider to grant access to users. The application is hosted on a non-domain machine, with a firewall between the application server and the domain controller. We've opened the LDAP port to the DC …

Read More
SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified

Well i have a big problem that i'm trying for days to solve but i could not do it, so i need your help. I have a web application in asp.net 4.0 where i implemented custom membership and role providers. …

Read More
Why is <deny users="?" /> included in the following example?

The ? wildcard represents unauthenticated users while * represents all users, authenticated and unauthenticated. My book shows the following example of URL authorization: <authorization> <deny users="?" /> <allow users="dan,matthew" /> <deny users="*" /> </authorization&…

Read More