Form Based Authentication Active Directory

Use of forms authentication with active directory in asp net 2.0 are done for users with unauthorized request where the users are redirected to a web form to fill out their credentials. After verification, an authorization ticket is issued in the form of a cookie. This form authorization acts like a security blanket over your web application and allows you to have your own custom login interface.

During normal operations sometimes, the access severs error messages such as Please verify that the Directory Server is running" or "Please verify that the Directory Server is responding will appear on the screen. These are generated because the Oracle Access Manager component is not getting a direct response from the directory server in the time allotted.

The perfect solution to this problem will be just checking out the value for the LDAPOperationTimeout parameter in globalparams.xml and to ensure that the failover is configured for this server. This parameter allows the Oracle Access Manager to take over from the primary directory when it takes a long time to respond.

Sometime a problem arises when authentication scheme seems to be well-formed with all requests being forwarded to the Access Server, but it happens that the user is not being authenticated. After configuring an authentication scheme and testing it using the Access Tester, normally the scheme should work properly. But this does not happen and the users are not being authenticated. There is also no any sign of the Access Server conducting a search in the directory server shown in the debug logs.

So to trouble shoot this problem, during the addition of the credential mapping plug-in to an authentication scheme, the credential mapping plug-in should be placed before the validate password plug-in. The plug-in must be processed by the forms authentication active directory. This is done for validating the attribute for the login ID before password validation takes place.

The full authentication process is launched when the user clicks on the log in button and implementation of the authentication request controller takes place. In this process, extraction of the cookie information is done and a GenericPrincipal object is created to identify the authenticated user. A test can also be performed at later stages. If a user is successfully authenticated then he is redirected to a new original web page that he had requested earlier.