November Happy Hour will be moved to Thursday December 5th.

AI OnAI Off

EPiServer 7 CMS Active Directory Membership Provider

Jonathan Nguyen
Jonathan Nguyen
Vote:
 

Hi!

We are about to start a new project where the customer needs an Active Directory integration to EPiServer 7 CMS. I haven't worked with AD Membership Provider before and was wondering the following things:

* Does EPi CMS authenticate against AD with LDAP on each login?

* Does EPi CMS replicate the users to SQL Server Database or are the credentials just cached?

* What happens when the connection from the EPiServer to AD disconnects - will the authentication work if the cache is up and running?

* If you set the CacheExpiration to lets say 12 hours - does it mean that the cache will not be refreshed during this time or is it updated incrementally? i.e. The user changes the account password - does he need to wait till the cache is refreshed - in this case 12 hours in order to login with the new password?

* What is cached - only the users who have logged in or all the credentials that are under the defined membership provider location?

 

Cheers,

 

#71343
May 16, 2013 9:33
Vote:
 

Take a look at this blog post from Fredrik Haglund and first decide if you really want to use the LDAP based ActiveDirectoryMembershipProvider instead of the WindowsMembershipProvider. It also answers most of your questions.

http://blog.fredrikhaglund.se/blog/2010/03/08/episerver-security-and-access-control-12/

#71364
May 16, 2013 13:30
Jonathan Nguyen
Jonathan Nguyen
Vote:
 

Thank you - this did indeed answer most of my questions.

#71404
May 17, 2013 5:59
Vote:
 

Great! If you use ActiveDirectoryMembershipProvider you usually want to inherit it and fix the wildcard problem described here:

http://world.episerver.com/Forum/Developer-forum/Installation-and-security/Thread-Container/2008/12/ActiveDirectoryMembershipProvider-and-Search-UserGroup/

Also when you have your own implementation you can easily add your own caching code to the methods of choice in order to reduce LDAP traffic.

#71409
May 17, 2013 9:33
Daniel Ovaska
Daniel Ovaska
Vote:
 

For troubleshooting, feel free to check out 

http://world.episerver.com/Blogs/Daniel-Ovaska/Dates/2013/2/How-to-solve-problems-with-the-ActiveDirectoryMembershipProvider-and-similar-ldap-integrations/

#86448
May 21, 2014 17:03
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.