Want to authenticate against AD but don’t want to use LDAP directly? Would you like to use the AD membership provider, but don’t want tied into the membership API? No problem! That’s because you can programmably create the membership provider, provide some configuration options, and then made an API call to check the login status. The code is very simply the following:
var membershipProviderName = "Provider"; // Does not need to be in web.config var connectionStringName = "SomeConnectionString"; var config = new NameValueCollection(); config.Add("connectionStringName", connectionStringName); var provider = new ActiveDirectoryMembershipProvider(); provider.Initialize(providerName, config); var isValidUser = provider.ValidateUser(user, password);
And that’s all it takes. The provider name is the name you would normally see in the configuration file; we’re defining it during initialization. Next, we need to create configuration options. Our implementation only supplies the connection string name defined in the connection strings setting. Define a connection string, with the name supplied above, that points to the LDAP store. Note that no membership API needs to exist in the
Next, we create and initialize the provider, and use the provider to validate the credentials. Is there an expense to building this up every time? I haven’t tested it out, but logically it seems that would be the case. Just plan it’s use accordingly.