+1-888-365-2779
Try Now
More in this section

Forums / Security / Active Directory providers and impersonation

Active Directory providers and impersonation

2 posts, 0 answered
  1. Arend-Jan Kauffmann
    Arend-Jan Kauffmann avatar
    2 posts
    Registered:
    12 Jan 2010
    27 Aug 2010
    Link to this post
    Hi,

    In the developer manual under Security, Authentication, Active Directory (http://www.sitefinity.com/help/developer-manual/active-directory.html) there is the next sentence:

    If connectionUserName and connectionPassword are not set, the IIS account will be used. If impersonation is used (set to true in the identity tag, as the following example shows), the current user credentials will be used in the process.

    However, when I omit the connectionUserName and connectionPassword properties from the TelerikADRoleProvider I get a configuration error 'Object reference not set to an instance of an object'.
    When I specify these two properties but without values, then this error doesn't occur. However, the AD role provider is not able to get the roles out of Active Directory.

    The same problem counts for TelerikADMembershipProvider. It won't work without the properties connectionUserName and connectionPassword properly set.

    I have tried with impersonation set to true in the system.web -> identity config element. And without impersonation so that the IIS application pool account will be used. Both scenario's fail.

    Am I missing something? Is it a bug? Please give me some hints how to set up AD integration without the need to specify any username / password information in the web.config file.

    Thanks,
    Arend-Jan Kauffmann
  2. Radoslav Georgiev
    Radoslav Georgiev avatar
    3370 posts
    Registered:
    01 Feb 2016
    30 Aug 2010
    Link to this post
    Hello Arend-Jan Kauffmann,

    Thank you for using our services.

    The Active Directory Membership provider which we use can connect to the LDAP using no connection string user name and password - however the identity of your application pool has to have permissions to query the LDAP. The Role Provider however cannot do this. The difference is that the Membership provider inherits from the Microsoft one and there is such functionality. The Role provider is built from scratch - it is used to parse LDAP group objects into roles - there is a difference on how member and group objects are associated in AD. This means that you will have to use a connection username and password for the role provider.

    Greetings,
    Radoslav Georgiev
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
2 posts, 0 answered