comments (not for humans)
We tried to setup an ADAM in our test environment that is using user proxies against AD. While the ActiveDirectoryMembershipProvider works with normal ADAM user accounts, we could not, however, log in with any of our proxy accounts.

After a bit of debugging and not getting anywhere, we decided reflector was needed. So opened the ActiveDirectoryMembershipProvider in reflector, subclassed the ActiveDirectoryMembershipProvider it so we could debug the state of it during calls to the ValidateUser(username, password). After stepping through some of the methods by hand, I found the following method:
private MembershipUser FindUser(DirectoryEntry containerEntry, string filter, SearchScope searchScope,
bool retrieveSAMAccountName, out DirectoryEntry userEntry, out bool resetBadPasswordAnswerAttributes,
out string sAMAccountName)
{
MembershipUser membershipUserFromSearchResult = null;
DirectorySearcher searcher = new DirectorySearcher(containerEntry);
searcher.SearchScope = searchScope;
searcher.Filter = "(&(objectCategory=person)(objectClass=user)" + filter + ")";
...
As you can see the last line here, explicitly filters out proxy accounts as they have object class userProxy.
Dominic Richard
Oh my god !! So many hours lost before I red this post.

Thx.
Comments closed for this post