Are you evaluating Visual Studio 2005 Beta 2 and ASP.NET 2.0? Did you know that we shipped an Active Directory Membership Provider in Beta 2? Until recently, I didn't either. Apparently we didn't make too much noise about it because while the team had the time to get the provider in, they didn't have time to get the documentation for it.
The good news is that (with a little coaching from some of the very helpful folks on the ASP.NET team) I was able to get this provider working successfully on a Virtual PC image of Visual Studio Team System Beta 2. Given that I'm hardly what one would call an active directory expert, if I can get it working that's a pretty good sign.
So here's what I did:
In addition to my musings above, there's some good coverage of this provider in the security article I pointed to earlier this week (see the authentication section).
A couple of other notes:
I hope if other folks are experimenting with this provider, it'll help you avoid some of the pitfalls that I ran into. I'm guessing that folks with a little more AD and/or LDAP experience will find it easier than I did, but it's very cool to be able to take advantage of AD with a pretty straightforward configuration change, and still have all the login controls "just work".
One other point I want to be sure to make is that it is even more critical, when using Forms Authentication to authenticate against an Active Directory credential store, that you use SSL to protect the login page. By default Forms Authentication (much like Basic Authentication in IIS) sends credentials across the wire unencrypted. So make sure SSL is a part of your development, testing, and deployment plan.