How do I use Forms Authentication with Active Directory?

From Guidance Share

Jump to: navigation, search

J.D. Meier, Prashant Bansode, Alex Mackman


Use the built-in ActiveDirectoryMembershipProvider. Use the new login controls to create a forms authentication login page.

To use forms authentication with an Active Directory user store:

  • Configure your application for Forms Authentication in the Web.Config file as follows
  <authentication mode="Forms">
  • Configure your application to deny access to unauthenticated users in the Web.config file as follows:
     <deny users="?"/>
  • Configure an LDAP connection string in the connectionStrings section of Web.config to point to the Active Directory to be used.
     <add name="ADConnectionString" 				   
        DC=testdomain,DC=test,DC=com" />
  • Configure the ActiveDirectoryMembershipProvider in the Web.config file specifying at least the connection string name and optionally the credentials (using connectionUserName and connectionPassword attributes) of an account with permissions to access Active Directory. If you do not specify account credentials, your application's process identity is used to access Active Directory, regardless of whether your application uses impersonation.
  • Ensure that the *defaultProvider* attribute is set to the provider configured.
  <membership defaultProvider="MyADMembershipProvider">
           type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=, 
            Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
  • Use the Login control to create a login page (login.aspx) for forms authentication.
  • Encrypt the connectionStrings section using protected configuration. Also if you specify user credentials in the ActiveDirectoryMembershipProvider configuration encrypt the membership configuration section as well.

More Information

For information on forms authentication using Active Directory, see “How To: Use Forms Authentication with Active Directory in ASP.NET 2.0” at

Personal tools