ActiveDirectoryMembershipProvider and Search User/Group

Vote:
 

We are using the ActiveDirectoryMembershipProvider in EpiServer 5 R1. It works for most functions (login etc) but we are having problems when using the Find User/Group functionality in admin mode. It works fine if "Search" is clicked without any parameters - the result is a list of all users which is expected. However, as soon as a name is entered, the result comes back empty.

This is turning out to be a problem since our client has 5000+ users...

This is how the ActiveDirectoryMembershipProvider is configured:

          <add name="ActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
      connectionStringName="ActiveDirectoryProviderConnection"
connectionUsername="..."
connectionPassword="..."
enableSearchMethods="true"
attributeMapUsername="sAMAccountName"
                     />

Does anyone have a solution?

Best Regards,

Karl Ahlin

#26441
Dec 05, 2008 10:10
Vote:
 
Could you please type *<name> instead of <name> and check?. 
#26449
Dec 05, 2008 12:55
Vote:
 
I've tried, unfortunately it doesn't help. I've also tried <name>* and *<name>* without luck.
#26453
Dec 05, 2008 14:01
Vote:
 

For others with the same problem... I've located the problem and have a suggestion for how this can be solved.

The problem is that EPi seems to surround the query with two percentage signs, i.e. SQL wildcards. So if the user enters "username", the actual query to the membershipproviders is "%username%". The method that gets called in the membershipprovider is FindUsersByName( ... ) or FindUsersByEmail( ... ). However, the Active Directory doesn't accept a percentage sign as a wildcard - it expects the '*' character as a wildcard character. So the Active Directory is queried for a user with the literal username of '%username%', which in most cases will return no users.

The solution is to implement your own MemberShipProvider by inheriting from System.Web.Security.MembershipProvider. In your membershipprovider, simply redirect all method calls to a private instance of the ActiveDirectoryMembershipProvider, except for calls to FindUsersByName() and FindUsersByEmail(). In those two methods, you will first have to replace '%' with '*' in the usernameToMatch / emailToMatch parameter before calling the underlying FindUsersByName() and FindUsersByEmail().

#26482
Dec 08, 2008 13:19
Vote:
 

Thanks Karl. This solved one of my problems today...

#44072
Sep 30, 2010 9:53
Vote:
 

Hi Karl

This solved my problem, but not before I had struggled for a while. I started out as you suggested, by inheriting from System.Web.Security.MembershipProvider and using a wrapped instance of ActiveDirectoryMembershipProvider. But this failed to work, because the "Initialize(...)" method on the my wrapped AD provider was never called, and I could not figure out how to get it called properbly. Thus, I switched to simply inheriting directly from ActiveDirectoryMembershipProvider, and then it worked straight away, and with much less code! Here is my complete code:

 

    public class EPiServerAdMembershipProvider : ActiveDirectoryMembershipProvider
    {
        private readonly ILog _log = LogManager.GetLogger(typeof (EPiServerAdMembershipProvider));
 
        public EPiServerAdMembershipProvider()
        {
            _log.Info("Created custom AD membership provider");
        }
 
        public override MembershipUserCollection FindUsersByName(string usernameToMatchint pageIndexint pageSize,
                                                                 out int totalRecords)
        {
            return base.FindUsersByName(usernameToMatch.Replace('%''*'), pageIndexpageSizeout totalRecords);
        }
 
        public override MembershipUserCollection FindUsersByEmail(string emailToMatchint pageIndexint pageSize,
                                                                  out int totalRecords)
        {
            return base.FindUsersByEmail(emailToMatch.Replace('%''*'), pageIndexpageSizeout totalRecords);
        }
    }

 

 

#72018
Jun 05, 2013 15:18
This thread is locked and should be used for reference only.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.