Getting .NET Forms Authentication to Work with Active Directory

Developers new to Active Directory programming might find it frustrating that the ActiveDirectoryMembershipProvider example codes provided by Microsoft does not seem to work, at least on Windows 2008 R2 with ASP.NET 4.0 using “logon” usernames eg. “administrator”, “domain\joe”.

The reason is because the ActiveDirectoryMembershipProvider by default maps username to as UPN username (User Principal Name, ie. instead of SAM account name (Security Accounts Manager, ie. administrator, domain\joe).

To enable logging on using SAM account name, add attributeMapUsername=”SAMAccountName” to your web.config:


Leave a Reply