ActiveDirectoryMembershipProvider - "Unable to establish secure connection"

Question

I am trying to configure an ActiveDirectoryMembershipProvider but I keep getting the message "Unable to establish secure connection with the server".

I have seen online at the MSDN website that I should configure the trust level to unrestricted on my site and I still get that.

Here is my example:

<connectionStrings>

     <add name="LocalAD" connectionString="LDAP://example.com/dc=example,dc=com" />

</connectionStrings>


<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">

    <providers>

        <add name="AspNetActiveDirectoryMembershipProvider"
             type="System.Web.Security.ActiveDirectoryMembershipProvider" 
             applicationName="adtest"
             connectionUsername="cn=Users"
             connectionPassword="password"
             connectionStringName="LocalAD" >

       </add>
    </providers>
</membership>

<trust level="Full" />

<authentication mode="Forms">
      <forms loginUrl="login.aspx"
             protection="All"
             timeout="30"
             name="miBenefitsAdminToolCookie"
             path="/"
             requireSSL="false"
             slidingExpiration="true"
             defaultUrl="Default.aspx"
             cookieless="UseCookies"
             enableCrossAppRedirects="false" />

 </authentication>

 <authorization>
      <deny users="?" />
      <allow users="*" />
 </authorization>

Answer 1

You're supplying what looks like a container instead of an actual user name to be used in making the connection to AD. Provide the canonical name of a user with sufficient credentials to access AD. Note that if the server is in the same domain, the Network System user that the worker process runs under may already have enough privileges and you won't need to provide a name/password at all.

    <add name="AspNetActiveDirectoryMembershipProvider"
         type="System.Web.Security.ActiveDirectoryMembershipProvider" 
         applicationName="adtest"
         connectionUsername="cn=actualUser"
         connectionPassword="actualUsersPassword"
         connectionStringName="LocalAD">

   </add>

Answer 2

The connection username can have different formats depending on how it was configured. If the user is added to the user role only as a DN (distinguished name) then the format of CN=username,DC=container can be used

If the user is added to the user role as a windows user, then the username can be username only.

I hope this clarification helps.