ActiveDirectoryMembershipProvider without storing username and password?

[Karl]

Hello;

I am trying to create an ASP login page that authenticates against AD.

Is there any way to setup a connection string in web.config that does not
store a user name and password?

If I do this, it works great, but I need to modify the web.config every time
the password changes:

<providers>
<add connectionStringName="NorthAmericaConnectionString"
attributeMapUsername="sAMAccountName" enableSearchMethods="true"
name="NorthAmericaProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,
Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionUsername="username" connectionPassword="mypass"/>
</providers>

As everyone who will be logging in is authorized to search AD, I don't see
why I cannot use the login information from the login form?

Does Microsoft really expect me to either use a non expiring password, or
change all my web.config files on password expiration?

Thanks

Karl

 

[MikeS]

If your shop requires you to use expiring passwords for services and
app pools and the rest how is that currently managed and can you fit
this in with that?

It looks like you can use machine$ or the app pool id instead.

How To: Use Membership in ASP.NET 2.0

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000022.asp

.... If you do not specify account credentials, your application's
process identity is used to access Active Directory, regardless of
whether your application uses impersonation....