Membership credential verification failed

3.4k views Asked by At

I'm encountering this error : Membership credential verification failed. when I try to login with Active Directory user in an ASP.NET aplication using form based authentication.

I have a complex set-up as follow:

I'm using an Active Directory Lightweight Directory Services (Ad LDS), aka ADAM as a membership repository. I binded it to an Active Directory with proxy users and completed an adamsync. I configured an SSL certificate for the AD LDS. While connected to the AD LDS with LDP.exe, i'm able to connect/bind with both AD LDS users or AD users, so the proxy is ok. My ASP.NET application talk to the AD LDS, an i'm able to successfully login with AD LDS users using forms based authentication.

But i'm unable to login with my AD users with the ASP.NET application, what am i missing out ?

Heres my Provider Section from my web.config :

<add name="MyADConnectionString"
     connectionString="LDAP://localhost/OU=Users,DC=PreuveConcept,DC=local" />

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>

<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
  <providers>
    <clear/>
    <add name="AspNetActiveDirectoryMembershipProvider" 
         type="System.Web.Security.ActiveDirectoryMembershipProvider" 
         connectionStringName="MyADConnectionString" 
         connectionProtection="Secure" 
         enableSearchMethods="true"/>
  </providers>
</membership>

Heres my login action (Default MVC AcountControler) :

    [HttpPost]
    public ActionResult LogOn(LogOnModel model, string returnUrl)
    {
        if (ModelState.IsValid)
        {
            if (Membership.ValidateUser(model.UserName, model.Password))
            {
                FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
                if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
                    && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
                {
                    return Redirect(returnUrl);
                }
                else
                {
                    return RedirectToAction("Index", "Home");
                }
            }
            else
            {
                ModelState.AddModelError("", "The user name or password provided is incorrect.");
            }
        }

        // If we got this far, something failed, redisplay form
        return View(model);
    }
2

There are 2 answers

0
Groumy On BEST ANSWER

Base on that blog post : http://erlend.oftedal.no/blog/?blogid=71

I appears the source of my problem is that I use the ActiveDirectoryMembershipProvider and it specifically rulled out proxyusers.

Additionnaly, As I found out there : http://directoryprogramming.net/forums/thread/4181.aspx

AD LDS or ADAM, cannot use Secure bind, that are not a simple bind over a secure connection (using SSL). But the Active Directory on wich I want to bind uses Secure Bind only.

So if i'm in a Windows Based auth, my AD users can be authenticated, but not ADAM and if I use form based ADAM can be authenticated but not AD.

In conclusion, I have to create my own Provider that will use as DJ KRAZE specified the Principal Context with multiple Context

0
Giorgi On

Old question but in my case this was caused by missing attributeMapUsername="sAMAccountName" from the configuration file.