After the EMEA ASP.NET 2.0 on Tour event, lots of devs have been asking me about our plans for an AD/ADAM Membership Provider in ASP.NET 2.0.
 
Well, instead of just typing & telling the same information over & over again, why don't I just blog about it and point devs to this post, so here we go... :-)
 

First of all, please note that the Access Provider as found in Beta 1 will be removed from the framework for Beta 2 (and RTM).
However, we plan to post the code though for what used to be the Access providers and let developers modify and use it.
 
For AD/ADAM, there is a Membership provider - both in the later Beta 1 CTP's and Beta 2.
However, granted : it's not immediately obvious though since:
 
a) We don't have a default setting for it.
b) The docs for it won't be completed until RTM.

 
 
In the interim though, you can enable the AD/ADAM provider using the following provider <add /> and connection strings element in config:
 
  <connectionStrings>
    <add name="MyADProviderConnection" connectionString="LDAP://mydomain.corp.test.com/ou=SomeUserOU,DC=mydomain,DC=corp,DC=test,DC=com" />
  </connectionStrings>
 
 
Note that you'll find all of the config attributes - a lot of these have defaults and don't need to be in config unless you want different value:
 
<add name="MyADProvider"
        type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
        connectionStringName="MyADProviderConnection"
 
        connectionUsername="mydomain\administrator"
        connectionPassword="password"
        connectionProtection="Secure"
 
        description="Some description."
 
        enablePasswordReset="true"
        enableSearchMethods="false"
        requiresQuestionAndAnswer="true"
        applicationName="/"
        requiresUniqueEmail="false"
 
        maxInvalidPasswordAttempts = “5”
        passwordAttemptWindow = “10”
        passwordAnswerAttemptLockoutDuration = “30”
 
        minRequiredPasswordLength = “7”
        minRequiredNonAlphanumericCharacters = “1”
        passwordStrengthRegularExpression = “”
 
        attributeMapUsername="userPrincipalName"
        attributeMapEmail="mail"
 
        attributeMapPasswordQuestion="astringattributeforquestion"
        attributeMapPasswordAnswer="astringattributeforanswers"
        attributeMapFailedPasswordAnswerCount="anIntegerattribute"
        attributeMapFailedPasswordAnswerTime="anotherIntegerattribute"
        attributeMapFailedPasswordAnswerLockoutTime="anIntervalattribute"
 />
 
 
Also note that :
- mapping username and email is not necessary if the userPrincipalName and mail are attributes in your directory - these two values are the defaults for the provider. 
- setting up password reset is moderately complex.  If you set "enablePasswordReset" and "requiresQuestionAndAnswer" to false, then you don't need the attribute mappings for password question and password answer.
 
 
Enjoy !
Guntherb.