The Blog at Jumptree, a guide to project management, business, coding and anything else that we can think of.

Active Directory And ASP.NET 2.0 Forms Authentication

| Sat Mar 15 2008

I don’t know if I’m just the minority among the ASP.NET developers, but for years, I’ve never had to deal with the Active Directory simply because most projects that I’ve done before were in hosting environments where Active Directory is a luxury to have.

Things are different these days when it comes to support a product like Jumptree Project. Lately, we’ve had quite a few inquires from companies and government agencies where Active Directory authentication is the norm, and such it’s essential for them to link the users in their system with Jumptree together.

So how does a developer—who is not a network admin guru—setup such an environment to develop against Active Directory?

The Hardware

  • Machine A Windows 2000 Server — We will setup Active Directory here
  • Machine B Windows XP Pro — This will be our client machine where ASP.NET 2.0 will be used to authenticate against the Active Directory
  • Router — Connects Machine A and Machine B together.

Setting up Active Directory

Step 1: First you need to configure Active Directory.

Rather than reinvent the wheel, here’s a step-by-step instruction guide by Johannes Helmig that you should follow. Just make sure you reboot the server (Machine A) when you are done.

Step 2: Now to add a user account for our ASP.NET code later to test against. Go to Administrative Tools > Active Directory Users and Computers.

Step 3: Next, expand your domain name and then right-click New > User.

TIP: Copy down the name because you will need it for your ASP.NET Connection String, in my case, it’s NEMOHome.com.

Step 4: The next screen will ask for your first name, last name, full name, user logon name and pre-windows 2000 logo name. Simply entering a name like John Smith or whatever suits your taste.

Step 5: The last step is to create the password for this user account.

Just check the checkboxes User cannot change password and Password never expires for simplicity’s sake and click Finish when you are done.

That’s it for as far as setting up Active Directory goes. Let’s move onto our Machine B where the Windows XP Pro is.

Configuring the client machine

Step 1: On Machine B, right-click the My Computer icon, select the Computer Name tab and click the Change button.

Change Domain

Click on the Domain radio box, and enter the Domain name that was mentioned in Step 3. Click OK afterwards.

Now, you should have everything setup. Reboot the machine and when logging on enter the username that you added to the Active Directory using the domain that you setup earlier.

NOTE: For me, everything seemed to work at first. But after logging in, it started to hang—nothing was loading and the screen stayed frozen completely.

So I had do a hard reboot and use the local machine to log back in.

If that happens make sure you are using the servers IP and not the routers.

Open up your command prompt and do a ipconfig /all and take a look at your DNS IP Address.

In my case, originally, my DNS IP Address was pointed to the router and I had to change the DNS IP Address to the server to get it to work.

To do that, first right-click on My Network Place and find your network card. Then right-click on its Properties and select Internet Protocol (TCP/IP).

Then select Properties and on the bottom, change the DNS Address to your server. Click OK and reboot.

ASP.NET 2.0 Active Directory with Forms Authentication

When it comes down to it, the only tricky part about using forms authentication against Active Directory is about two configuration sections.

  1. ConnectionString
  2. Membership Configuration

Here is a sample of my configuration and I’ll explain it afterwards:

<configuration>
<appSettings/>
<connectionStrings>
<add
name="ADConnectionString"
connectionString= "LDAP://NEMOHome.com/CN=Users,DC=NEMOHome,DC=com"
/>
</connectionStrings>
<system.web>
<compilation debug="false" />
<membership defaultProvider="MembershipADProvider">
<providers>
<add
name="MembershipADProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="NEMOHome.com\liming.xu"
connectionPassword="changeme"
/>
</providers>
</membership>
<authentication mode="Forms">
<forms name=".ASPNET" loginUrl="login.aspx" defaultUrl="protected/default.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

As you can see, the part around the Authentication and Authorization sections are nothing special, however pay attention to

1. connectionStrings

The syntax of Active Directory starts with LDAP:// followed by the domain name that I mentioned earlier in the article. It’s absolutely important for you to get the domain name right.

The second important element is CN= which stands for user container and in my case it’s Users and the rest of the tokens DC are simply substrings of our domain name.

2. Membership

Now in the membership section, first use this provider:

System.Web.Security.ActiveDirectoryMembershipProvider

…then set the connectionStringName to the connectionString.

Also, the connectionUsername and connectionPassword I used is the account I setup earlier. I’ve seen others use a different user for this, but I’m too lazy efficient, so I just used the one I created before.

When the ActiveDirectoryMembership provider connects to Active Directory, it uses the account whose credentials are specified on the connectionUsername property (note the lower-case n, which is different from the connectionStringName property).

If you specify the connectionUsername property, you must also specify the connectionPassword property, otherwise an exception is thrown.

If you do not specify account credentials, Active Directory uses your ASP.NET Web application’s process account.

From MSDN

And that’s it. Go to your login page and log in as usual and you will see, everything works as expected.

NOTE: By default, User.Identity.Name in this case equals to your login username. So your username in this case it’s user@domain.

This is called the UPNs format. If you don’t like it and want to simply have the user type in their username without the domain, then in your membership configuration, add

attributeMapUsername="sAMAccountName"

This is called the SAM-Format.

Conclusion

Overall, not bad eh? Hope this guide helps those ASP.NET developers who are trying to get started with Active Directory. I’ve attached the test source files here for you, modify as you see fit.

ActiveDirectory.zip (4 KB)

As of now, Jumptree Project Management does not yet support Active Directory authentication. It will be included however in the next v1.2 release.

Want a better way to manage projects and collaborate with your team?

Check out our Jumptree Project Management Software »

Why we chose ASP.NET to run our startup

| Tue Sep 18 2007

Sasha Sydoruk asks, “Where are all the cool startups that run on ASP.NET?

Well I’m not sure if we’re considered cool enough, but we choose ASP.NET over Java for a variety of reasons.

ASP.NET is easier to setup and deploy

Since Jumptree Project is download software, we needed to ensure that we could readily support our customer’s installation and deployment process.

Have you ever run into problems deploying a Java application and then having to spend hours going through your configuration files and resolving library conflicts? Fun!

Java may be multi-platform, but there are numerous middleware implementations of J2EE—each with its own quirks. So instead of spending time improving your application, you end up having to answer support calls on why your Tomcat application doesn’t work on IBM Websphere.

With .NET, the environment is pretty much standard—so it’s a lot easier for us to provide support.

It’s easier to develop in ASP.NET because it’s just so RAD

The .NET platform supports a vast array of libraries that makes a developer’s life a whole lot easier compared to traditional ASP and Java.

There are a few Java frameworks that stand out, like JSTL, JSF, Struts, Spring, etc., but to make them work together is a painful and convoluted process.

ASP.NET isn’t that expensive

Yes, Java is free. Java Editor Eclipse is free. Java runtime is free. Apache/Tomcat web/servlet server is free.

Free is good.

And this may be the biggest reason why a lot of startups choose something other than .NET.

However, for US $375 you can join the Microsoft Empower for ISVs program and get a whole lotta software, including Visual Studio, Windows Server, SQL Server, Office, MSDN Premium Subscription…

Of course $375 vs. Free isn’t really much of a fight, but do consider the hidden costs—like how much easier it is to setup a .NET environment.

Great community support

There are a lot of great .NET blogs and resources such as The Code Project, 4 Guys From Rolla, NetFx3, and CodePlex—a site hosting open source projects.

And if you run into any problems, just check out the asp.net forum where Microsoft actually has employees answering your questions! Gotta love it when a multi-billion dollar company is trying to promote something…

One platform, multi-language

What happens if your C# developer decides to leave halfway through a project?

Don’t worry because you can just as readily hire a VB.NET developer to continue the work because the .NET platform can interpret both languages.

And if you don’t like C# or VB.NET go ahead and try Ruby or Python.

The whole product

In Crossing the Chasm, Geoffrey A. Moore describes the concept of the whole product:

The concept is very straightforward: There is a gap between the marketing promise made to the customer—the compelling value proposition—and the ability of the shipped product to fulfill that promise. For that gap to be overcome, the product must be augmented by a variety of services and ancillary products to become the whole product.

Page 108, 2002 Edition

Essentially, the whole product is the sum of the product plus anything else that might benefit the customer, such as technical support, add-ons, and system integration.

So by choosing .NET, we can leverage all the work that Microsoft has done to promote it. And when the time comes, we can more easily integrate our project management software with popular Microsoft products, like Outlook, Excel, and SharePoint.

What are you good at?

Ultimately, you should choose a language that you are familiar with and good at. I could have spent time learning Ruby on Rails, PHP or any of the other trendy languages, but I just needed to get started.

And so when I had to choose between Java and .NET—well…that was an easy choice.

Want a better way to manage projects and collaborate with your team?

Check out our Jumptree Project Management Software »