13.8. Summary
ActiveDirectoryMembershipProvider works with both AD and ADLDS directory stores. The provider implements all of the functionality of the Membership API with the following two exceptions: the provider does not keep track of users that are online, and the provider does not support password retrieval. You should probably invest some time planning for deploying and using the provider, especially in complex domain environments. When running against AD ActiveDirectoryMembershipProvider works in the scope of either a single domain, or a container within a domain. You can still leverage the provider in multidomain scenarios, but you will need to configure at least one provider instance per domain that you need to work with. Within the scope of a single domain, you can choose to point the provider at the root of the domain (that is, the default naming context), or at a specific container within the domain. In the case of ADLDS, though, you always have an application partition, so for ADLDS the provider will at least always be working in the context of the application partition (which itself is a container). As with AD, you can also configure containers in ADLDS and have the provider work within the context of these containers.
After you have settled on which domain and/or container you are working with, the next major decision is the type of username you plan to support. For ADLDS, the username in the Membership feature will always map to the userPrincipalName attribute in ...
Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
