Programmatically set connectionString for ActiveDirectoryMembershipProvider

Question

One can use

  new PrincipalContext(ContextType.Domain,null)

without providing any connection strings for the Active Directory.

When using ActiveDirectoryMembershipProvider you must provide an LDAP endpoint in web.config.

The site I'm working on will be deployed on multiple sites and I don't want to have to fill the details in the web.config for each deplyoment.

How To: Use Forms Authentication with Active Directory in Multiple Domains on MSDN specifies 3 (!) membership providers to deal with 3 domains which is not impressive. However, this article is from 2005 and it deals with a different tasks then what I'm after.

The question:

Is is possible to use ActiveDirectoryMembershipProvider in a way that the LDAP end point is not hard-coded in the web.config?

I would prefer to use ActiveDirectoryMembershipProvider rather than PrincipalContext to have (potentially) the ability to call ChangePassword etc.

Answer 1

No, it is not possible to use ActiveDirectoryMembershipProvider without specifying a target LDAP server.

The connection string must be specified, and the string must contain a server (contains ADS_FORMAT_SERVER)

You must create a connectionStrings Element (ASP.NET Settings Schema) entry in the Web.config file that identifies the Active Directory server, Active Directory domain, or ADAM application partition to use. The provider will only operate at domain scope, or in a subscope within a domain.

If you want to support an active directory forest, and losing forms authentication is an option, consider using Windows Authentication. Windows Authentication will use NTLM and Kerberos to get the user's identity within a forest, and you can still change a users password via impersonation. See WindowsIdentity.Impersonate().