I am trying to configure an ActiveDirectoryMembershipProvider but I keep getting the message "Unable to establish secure connection with the server".
我正在尝试配置一个ActiveDirectoryMembershipProvider,但是我一直得到这样的消息:“无法与服务器建立安全连接”。
I have seen online at the MSDN website that I should configure the trust level to unrestricted on my site and I still get that.
我在MSDN的网站上看到,我应该在我的网站上配置信任级别,使其不受限制,我仍然能理解。
Here is my example:
这是我的例子:
<connectionStrings>
<add name="LocalAD" connectionString="LDAP://example.com/dc=example,dc=com" />
</connectionStrings>
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider"
applicationName="adtest"
connectionUsername="cn=Users"
connectionPassword="password"
connectionStringName="LocalAD" >
</add>
</providers>
</membership>
<trust level="Full" />
<authentication mode="Forms">
<forms loginUrl="login.aspx"
protection="All"
timeout="30"
name="miBenefitsAdminToolCookie"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="Default.aspx"
cookieless="UseCookies"
enableCrossAppRedirects="false" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
2 个解决方案
#1
5
You're supplying what looks like a container instead of an actual user name to be used in making the connection to AD. Provide the canonical name of a user with sufficient credentials to access AD. Note that if the server is in the same domain, the Network System user that the worker process runs under may already have enough privileges and you won't need to provide a name/password at all.
您提供了看起来像容器的内容,而不是用于连接到AD的实际用户名。提供具有足够凭据访问AD的用户的规范名称。注意,如果服务器位于同一域中,那么worker进程运行的网络系统用户可能已经拥有足够的特权,您根本不需要提供名称/密码。
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider"
applicationName="adtest"
connectionUsername="cn=actualUser"
connectionPassword="actualUsersPassword"
connectionStringName="LocalAD">
</add>
#2
1
The connection username can have different formats depending on how it was configured. If the user is added to the user role only as a DN (distinguished name) then the format of CN=username,DC=container can be used
连接用户名可以有不同的格式,这取决于它是如何配置的。如果用户仅作为DN(专有名称)添加到用户角色,则可以使用CN=username、DC=container的格式
If the user is added to the user role as a windows user, then the username can be username only.
如果用户作为windows用户添加到用户角色,那么用户名只能是用户名。
I hope this clarification helps.
我希望这一澄清能有所帮助。
#1
5
You're supplying what looks like a container instead of an actual user name to be used in making the connection to AD. Provide the canonical name of a user with sufficient credentials to access AD. Note that if the server is in the same domain, the Network System user that the worker process runs under may already have enough privileges and you won't need to provide a name/password at all.
您提供了看起来像容器的内容,而不是用于连接到AD的实际用户名。提供具有足够凭据访问AD的用户的规范名称。注意,如果服务器位于同一域中,那么worker进程运行的网络系统用户可能已经拥有足够的特权,您根本不需要提供名称/密码。
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider"
applicationName="adtest"
connectionUsername="cn=actualUser"
connectionPassword="actualUsersPassword"
connectionStringName="LocalAD">
</add>
#2
1
The connection username can have different formats depending on how it was configured. If the user is added to the user role only as a DN (distinguished name) then the format of CN=username,DC=container can be used
连接用户名可以有不同的格式,这取决于它是如何配置的。如果用户仅作为DN(专有名称)添加到用户角色,则可以使用CN=username、DC=container的格式
If the user is added to the user role as a windows user, then the username can be username only.
如果用户作为windows用户添加到用户角色,那么用户名只能是用户名。
I hope this clarification helps.
我希望这一澄清能有所帮助。