For others with the same problem... I've located the problem and have a suggestion for how this can be solved.
The problem is that EPi seems to surround the query with two percentage signs, i.e. SQL wildcards. So if the user enters "username", the actual query to the membershipproviders is "%username%". The method that gets called in the membershipprovider is FindUsersByName( ... ) or FindUsersByEmail( ... ). However, the Active Directory doesn't accept a percentage sign as a wildcard - it expects the '*' character as a wildcard character. So the Active Directory is queried for a user with the literal username of '%username%', which in most cases will return no users.
The solution is to implement your own MemberShipProvider by inheriting from System.Web.Security.MembershipProvider. In your membershipprovider, simply redirect all method calls to a private instance of the ActiveDirectoryMembershipProvider, except for calls to FindUsersByName() and FindUsersByEmail(). In those two methods, you will first have to replace '%' with '*' in the usernameToMatch / emailToMatch parameter before calling the underlying FindUsersByName() and FindUsersByEmail().
Hi Karl
This solved my problem, but not before I had struggled for a while. I started out as you suggested, by inheriting from System.Web.Security.MembershipProvider and using a wrapped instance of ActiveDirectoryMembershipProvider. But this failed to work, because the "Initialize(...)" method on the my wrapped AD provider was never called, and I could not figure out how to get it called properbly. Thus, I switched to simply inheriting directly from ActiveDirectoryMembershipProvider, and then it worked straight away, and with much less code! Here is my complete code:
public class EPiServerAdMembershipProvider : ActiveDirectoryMembershipProvider { private readonly ILog _log = LogManager.GetLogger(typeof (EPiServerAdMembershipProvider)); public EPiServerAdMembershipProvider() { _log.Info("Created custom AD membership provider"); } public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords) { return base.FindUsersByName(usernameToMatch.Replace('%', '*'), pageIndex, pageSize, out totalRecords); } public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords) { return base.FindUsersByEmail(emailToMatch.Replace('%', '*'), pageIndex, pageSize, out totalRecords); } }
We are using the ActiveDirectoryMembershipProvider in EpiServer 5 R1. It works for most functions (login etc) but we are having problems when using the Find User/Group functionality in admin mode. It works fine if "Search" is clicked without any parameters - the result is a list of all users which is expected. However, as soon as a name is entered, the result comes back empty.
This is turning out to be a problem since our client has 5000+ users...
This is how the ActiveDirectoryMembershipProvider is configured:
Does anyone have a solution?
Best Regards,
Karl Ahlin