Basic authentication with ActiveDirectoryMembershipProvider

Question

I'm trying to get users in the local domain authenticated from ActiveDirectory by iis/asp.net application hosted on a non-domain host.

This is the set up

• local domain = MYDOMAIN
• iis host = 10.10.1.1 (not in MYDOMAIN)
• ActiveDirectory LDAP connection string = LDAP://10.20.1.1/DC=MYDOMAIN,DC=local

web.config

<connectionStrings>
    <add name="ADConnectionString" connectionString="LDAP://10.20.1.1/DC=MYDOMAIN,DC=local" />
</connectionStrings>

...

<authorization>
  <allow users="*"/>
  <deny users="?"/>
</authorization>
<membership defaultProvider="ADMembershipProvider">
  <providers>
    <add
       name="ADMembershipProvider"
       type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
       connectionStringName="ADConnectionString"
       connectionUsername="MYDOMAIN\Administrator"
       connectionPassword="password"
       />
  </providers>
</membership>

iis settings

• Basic Authentication enabled
• All other Authentication methods disabled

But with this set up users are not authenticated when credentials entered on the browser auth prompt (user name entered as MYDOMAIN\user - no change without the MYDOMAIN\ part). I don't see iis even connecting to the AD server (10.20.1.1)

What am I doing wrong and how can I debug an issue like this?

Answer 1

Basic Authentication in IIS has no knowledge of Membership Providers in ASP.NET. If you want to do that, then you need to write a custom basic authentication module that uses the Mebership APIs (ValidateUser, RoleProvider and such). Luckily it is extremely easy to do that, and we wrote a sample several years ago on how to do that, see this for the end to end code and configuration of it (do note that the call to membership is commented out in the sample, but you can just uncomment the line) :

http://www.iis.net/learn/develop/runtime-extensibility/developing-a-module-using-net