Vulnerability in EPiServer.Forms
Have some real issues with the ActiveDirectoryMembershipProvider. I have innstalled a ldap browser on the machine, and my logon information works like a charm, but when I try to use the provider I getThe specified domain or server could not be contactedI have set connectionProtection="None" since the ldap browser only is able to connect without security.
Anyone that have any ideas? I'm starting to run short :)
Have debug'ed some more
It works from one machine, but not another.....
strange since the LDAP Browser works on both of them....
The only thing I can think of is different versions of the .net framework and/or operating system? Are both machines the same?
Foiund this post
Trying to open port 445. Will post if it helps
I can confirm that 445 needs to be opend to get ActiveDirectoryMembershipProvider to work
I can also confirm 389 and 445 needs to be open for it to work. And here's one more:http://fredrikvonwerder.blogspot.se/2011/09/episerver-and-ldap-connectionstring.html
Note that security people will be nervous about opening 445...
Has anyone found why the ActiveDirectoryMembershipProvider needs 445/SMB open?
Some Googling around port 445 in general led me to this:
"In order to create a trust between two domains, you need to have TCP port 445 (the Microsoft SMB port) open on both sides. Having open ports though (especially for SMB traffic) is an invitation to attacks by worms and other malware, so the few ports you need to keep open the better, right?
What's not often known though is that once the trust has been established between the two domains, port 445 can then be closed since the port only needs to be open during trust creation."
If 445 is used by ActiveDirectoryMembershipProvider just to establish trust then it could be ok to close it after getting initial communication up. I'm guessing it won't work but I have suggested that my client does a test.