会员证书验证失败 [英] Membership credential verification failed

问题描述

我遇到这个错误：会员证书验证失败。当我尝试使用基于表单的身份验证与Active Directory用户登录在ASP.NET aplication。

我有一个复杂的设置，如下图所示：

我使用的Active Directory轻型目录服务（AD LDS），又名亚当会员资料库。 我绑定到与代理用户的Active Directory，并完成了的adamsync。 我配置了AD LDS的SSL证书。 在连接到AD LDS使用的LDP.exe，我能够连接/绑定两个AD LDS用户或AD用户，所以代理就可以了。 我的ASP.NET应用程序的谈话到AD LDS中，我能够使用基于窗体身份验证的AD LDS用户成功登录。

但我无法登录我的AD用户使用ASP.NET应用程序，我想什么了？

这是我的web.config这是我的提供者部分：

 ＆LT;添加名称=MyADConnectionString
     的connectionString =LDAP：//本地主机/ OU =用户，DC = preuveConcept，DC =本地/＆GT;

＆LT;身份验证模式=形式＆GT;
  ＆LT;形式loginUrl =〜/帐号/登录超时=2880/＆GT;
＆LT; /认证＆GT;

＆LT;会员defaultProvider =AspNetActiveDirectoryMembershipProvider＆GT;
  ＆LT;供应商＆GT;
    ＆LT;清/＆GT;
    ＆LT;添加名称=AspNetActiveDirectoryMembershipProvider
         TYPE =System.Web.Security.ActiveDirectoryMembershipProvider
         的connectionStringName =MyADConnectionString
         connectionProtection =安全
         enableSearchMethods =真/＆GT;
  ＆LT; /供应商＆GT;
＆LT; /会员＆GT;
 

这是我的登录操作（默认MVC AcountControler）：

  [HttpPost]
    公众的ActionResult LogOn支持（LogOnModel型号，串RETURNURL）
    {
        如果（ModelState.IsValid）
        {
            如果（Membership.ValidateUser（model.UserName，model.Password））
            {
                FormsAuthentication.SetAuthCookie（model.UserName，model.RememberMe）;
                如果（Url.IsLocalUrl（RETURNURL）及＆安培; returnUrl.Length→1＆安培;＆安培; returnUrl.StartsWith（/）
                    ＆功放;＆安培; ！returnUrl.StartsWith（//）及＆安培; ！returnUrl.StartsWith（/ \\））
                {
                    返回重定向（RETURNURL）;
                }
                其他
                {
                    返回RedirectToAction（指数，家）;
                }
            }
            其他
            {
                ModelState.AddModelError（，提供的用户名或密码不正确。）;
            }
        }

        //如果我们走到这一步，事情失败，重新显示形式
        返回查看（模型）;
    }
 

解决方案

此基础上的博客文章：的 http://erlend.oftedal.no/blog/?blogid=71

我会出现我的问题的根源是，我用的是ActiveDirectoryMembershipProvider和它专门rulled出来proxyusers。

Additionnaly，因为我发现在那里： http://directoryprogramming.net/forums/thread/ 4181.aspx

AD LDS或ADAM，不能使用安全绑定，这不是一个简单的绑定通过安全连接（使用SSL）。但在至极我要绑定的Active Directory的使用安全绑定只。

所以，如果我在一个基于Windows的身份验证，我的广告可以将用户身份验证，而不是亚当，如果我使用基于表单ADAM可以验证，但没有广告。

在最后，我要创造我自己的供应商将使用作为DJ KRAZE指定的主体上下文与多上下文

I'm encountering this error : Membership credential verification failed. when I try to login with Active Directory user in an ASP.NET aplication using form based authentication.

I have a complex set-up as follow:

I'm using an Active Directory Lightweight Directory Services (Ad LDS), aka ADAM as a membership repository. I binded it to an Active Directory with proxy users and completed an adamsync. I configured an SSL certificate for the AD LDS. While connected to the AD LDS with LDP.exe, i'm able to connect/bind with both AD LDS users or AD users, so the proxy is ok. My ASP.NET application talk to the AD LDS, an i'm able to successfully login with AD LDS users using forms based authentication.

But i'm unable to login with my AD users with the ASP.NET application, what am i missing out ?

Heres my Provider Section from my web.config :

<add name="MyADConnectionString"
     connectionString="LDAP://localhost/OU=Users,DC=PreuveConcept,DC=local" />

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>

<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
  <providers>
    <clear/>
    <add name="AspNetActiveDirectoryMembershipProvider" 
         type="System.Web.Security.ActiveDirectoryMembershipProvider" 
         connectionStringName="MyADConnectionString" 
         connectionProtection="Secure" 
         enableSearchMethods="true"/>
  </providers>
</membership>

Heres my login action (Default MVC AcountControler) :

    [HttpPost]
    public ActionResult LogOn(LogOnModel model, string returnUrl)
    {
        if (ModelState.IsValid)
        {
            if (Membership.ValidateUser(model.UserName, model.Password))
            {
                FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
                if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
                    && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
                {
                    return Redirect(returnUrl);
                }
                else
                {
                    return RedirectToAction("Index", "Home");
                }
            }
            else
            {
                ModelState.AddModelError("", "The user name or password provided is incorrect.");
            }
        }

        // If we got this far, something failed, redisplay form
        return View(model);
    }

解决方案

Base on that blog post : http://erlend.oftedal.no/blog/?blogid=71

I appears the source of my problem is that I use the ActiveDirectoryMembershipProvider and it specifically rulled out proxyusers.

Additionnaly, As I found out there : http://directoryprogramming.net/forums/thread/4181.aspx

AD LDS or ADAM, cannot use Secure bind, that are not a simple bind over a secure connection (using SSL). But the Active Directory on wich I want to bind uses Secure Bind only.

So if i'm in a Windows Based auth, my AD users can be authenticated, but not ADAM and if I use form based ADAM can be authenticated but not AD.

In conclusion, I have to create my own Provider that will use as DJ KRAZE specified the Principal Context with multiple Context

这篇关于会员证书验证失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！