SSL ADAM and XP

[Noremac]

I am going around in circles. Sorry for posting a question that may already
be answered.

I want to use the ADAM Membership Provider on my development Windows XP
machine using VS2005.

I have ADAM working on my local computer. I got it working through the
ASP.NET 2.0 RBAC article.

I setup web.config based on stuff I googled. But when I call this line:
MembershipUserCollection users = Membership.GetAllUsers(), I get the "Unable
to establish secure connection with the server using SSL".

I can only find references to getting SSL with W2K machines or disabling SSL
on XP machines. I want to have SSL work on XP.

I do have a fabrikam certificate from other samples I have on this machine.

These are the ldap connection strings I have tried that do not work:
LDAP://localhost:389/CN=AzManAdamStore,OU=SecNetPartition,O=SecNet,C=US
LDAP://localhost:636/CN=AzManAdamStore,OU=SecNetPartition,O=SecNet,C=US
LDAP://fabrikam.com:389/CN=AzManAdamStore,OU=SecNetPartition,O=SecNet,C=US
LDAP://fabrikam.com:636/CN=AzManAdamStore,OU=SecNetPartition,O=SecNet,C=US

Thanks!
Noremac

 

[Joe Kaplan]

If you already have an SSL cert for fabrikam.com, you can use that for ADAM
(as long as you use the fabrikam.com DNS name to connect, not localhost).

For ADAM, you want to install the cert and private key into store for the
service account running ADAM. If you do some Google searches, you'll find
more details.

Joe K.

 

[Noremac]

Hi Joe,

I think I am getting close.

The missing piece for the certificate setup for me was going into MMC and
adding a Certificates SNAP-IN pointing to the ADAM Instance Service. Then I
added fabrikam to the Personal folder. I tested with ldp and confirmed it
connects.

Also, I found this relevant blog: http://www.oftedal.no/~erlend/?blogid=7.
Also, if you don't have a cert, look at this one:
http://blogs.msdn.com/cjacks/archive/2005/11/15/493122.aspx

The other piece of the puzzle that is missing for me is connecting through
the Membership provider in ASP.NET 2.0. With connectionProtection="Secure" it
complains with "Logon failure: unknown user name or bad password". It is
calling the exception a Configuration Error. The exception is only published
to the application event viewer through the generic ASP.NET 2.0 logging
handler. Nothing is reported to the Security Audit log nor the ADAM instance
log.

BTW, this happens when I call Membership.GetAllUsers();

I have no users in the ADAM so far.

We won't be using ADAM for authenticating users. The users will exist
through CardSpace or OpenId. We'll just be using ADAM as an account store to
augment those identities with some attributes we want (last visited, etc.).

So the idea is the Windows Identity of the ASPNET process (currently the
same one running the ADAM instance on my dev box) will connect to ADAM to
create and retrieve user objects. But is this the wrong idea? Do I need to
create an ADAM user object through LDP that will be the administrator and
then hard-code that username and password into web.config?

Noremac

 

[Joe Kaplan]

Unfortunately I don't know anything useful about the AD membership provider
yet, so I'm not sure exactly what to tell you regarding how you want to use
it. It should be possible to find a way to augment use data in ADAM but use
a different source for the actual authentication. However, I'm guessing
you'll need to write your own provider to accomplish that. I don't think
any of the built in providers allow for a split model like that.

Joe K.

 

[Dominick Baier]

Have a look at the profile feature in ASP.NET - thats what you really want.
That said, there is no profile provider for ADAM and you have to write your
own.