AD LDS 带 ASP.NET 表单身份验证
我遇到了这个异常:
解析器错误消息:连接字符串中指定的容器不存在
这是我的情况:
我有一个包含 2 个页面 Default.aspx & 的 Web 应用程序。登录.aspx。后者包含一个登录控件。 该应用程序配置为与 AD LDS 实例一起用作成员资格存储。
以下是 web.config 中一些有趣的部分
<authentication mode="Forms">
<forms name=".AuthCookie" loginUrl="Login.aspx" timeout="10" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<membership defaultProvider="MyDSProvider">
<providers>
<add name="MyDSProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
applicationName="ADSecWebApp"
connectionStringName="MyDSConn"
connectionUsername="CN=Admin,CN=Users,CN=MyOrg,DC=MyDomain,C=CA"
connectionPassword="Welcome1"
connectionProtection="None"
/>
</providers>
</membership>
然后我在我的计算机上安装了 AD LDS 的实例。
AD LDS 配置为具有一个应用程序分区“CN=MyOrg,DC=MyDomain,C=CA”。
在此分区下,我创建了一个容器“CN=Users,CN=MyOrg,DC=MyDomain,C=CA”
在此容器下,我创建了两个用户:Admin 和 Admin。约翰·S.两者均已启用并设置了密码(“Admin”为“Welcome1”)
此外,管理员被配置为“CN=Administrators,CN=Roles,CN=MyOrg,DC=MyDomain,C=CA”的成员 (我在网上发现一些文章建议,当在 ADMembershipProvider 配置部分中使用 connectionProtection="None" 时,不能使用 Windows 帐户,而应使用对用于连接的 AD 实例具有管理权限的 AD 帐户。)
此外,我有 Windows 7、IIS7、VS 2008 SP1、.NET 3.5
有人能给我一些关于问题所在的提示吗?我做了很多研究,一一解决了错误,但似乎我被这个问题困住了。
我也希望能得到一些关于为什么会这样的解释,以防我因为我是新手而得到解决方案。
预先感谢
尤利安
I am gettin this exception:
Parser Error Message: The container specified in the connection string does not exist
And here`s my case:
I have an WebApp with 2 pages Default.aspx & Login.aspx. The later contains a login control.
The application is configured to work with and AD LDS instance as a membership store.
Here are some sections of interest in the web.config
<authentication mode="Forms">
<forms name=".AuthCookie" loginUrl="Login.aspx" timeout="10" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<membership defaultProvider="MyDSProvider">
<providers>
<add name="MyDSProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
applicationName="ADSecWebApp"
connectionStringName="MyDSConn"
connectionUsername="CN=Admin,CN=Users,CN=MyOrg,DC=MyDomain,C=CA"
connectionPassword="Welcome1"
connectionProtection="None"
/>
</providers>
</membership>
Then I installed an instance of AD LDS on my machine.
The AD LDS is configured as to have one application partition "CN=MyOrg,DC=MyDomain,C=CA".
Under this partition I created a container "CN=Users,CN=MyOrg,DC=MyDomain,C=CA"
Under this container I created two users: Admin & JohnS. Both were enabled and set up with passwords ("Welcome1" in case of "Admin")
Moreover the Admin was configured as a member of "CN=Administrators,CN=Roles,CN=MyOrg,DC=MyDomain,C=CA"
(I found some articles on the net suggesting that when using connectionProtection="None" in ADMembershipProvider config section then and Windows account cannot be used, instead an AD account should be employed that has adminstration privileges on the AD instance used to connect to.)
Furthermore I have Windows 7, IIS7, VS 2008 SP1, .NET 3.5
Can someone give me some hints on what is wrong? I did research a lot, solved errors one by one, but it seems I got stuck with this one.
I would also appreciate some explanation about why is that in case I am given a solution cause I am a newbie.
Thanks in advance
Iulian
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在同事的帮助下,我发现了问题所在。显然,当我将我的管理员 AD 用户添加到 AD 管理员角色时(=> CN-角色 => CN-管理员 => 属性 => 选择 {member} => 单击添加 DN => 添加我的管理员用户)我没能救他们,或者出了什么问题;无论哪种方式,我的管理员用户都没有保存为管理员成员。
我使用 ldp.exe 找到问题的原因:从某种意义上说,我能够连接到我的实例,然后将会话绑定到我的 CN=Admin 用户,尽管我在树视图中看不到任何内容提示我们 CN=Admin 它仍然不是管理员。
还遗漏了一件事:我必须设置要登录到我的安全 Web 应用程序的帐户的 userPrincipalName,因为在验证 AD 帐户 CN=JohnS 时使用的名称实际上并未由 ActiveDirectoryMembershipProvider 使用用户。我使用了类似名称的电子邮件 [email protected] 作为 userPrincipalName,这是实际上应该使用什么来登录网络应用程序。
在完成所有这些之后,我的 AD LDS & 一切都很顺利。 ASP.NET 表单身份验证示例。
希望其他人会发现这很有用。
谢谢
尤利安
With a help from a co-worker I found what was the problem. Apparently when I added my Admin AD user to AD Administors Role (=> CN-Roles => CN-Administrators => Properties => select {member} => click Add DN => add my Admin user) I missed to save them or something else went wrong; either way my Admin user wasn't saved as Administrators member.
I used ldp.exe to find the cause of the problem: in a sense that I was able to connect to my instance and then to bind the session to my CN=Admin user, although I couldn't see anything in the tree view which hinted us that the CN=Admin it is still not an Administrator.
One more thing that was left out: I had to set the userPrincipalName of the account that I wanted to log into my secure webapp, cause the name I used when creating the AD account CN=JohnS is not actually used by the ActiveDirectoryMembershipProvider when validating the user. I used an email like name, [email protected] for userPrincipalName and this is what actually one should use to log onto web application.
After all these, everything went fine with my AD LDS & ASP.NET forms-authentication sample.
Hopefully someone else will find this useful.
Thanks
Iulian