Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

ActiveDirectoryMembershipUser Class

Exposes and updates membership user information stored in an Active Directory data store.

Namespace: System.Web.Security
Assembly: System.Web (in system.web.dll)
[SerializableAttribute] 
public class ActiveDirectoryMembershipUser : MembershipUser
/** @attribute SerializableAttribute() */ 
public class ActiveDirectoryMembershipUser extends MembershipUser
SerializableAttribute 
public class ActiveDirectoryMembershipUser extends MembershipUser
Not applicable.

The ActiveDirectoryMembershipUser object is used to represent a single membership user in the Active Directory membership data store. It exposes information about the membership user such as the e-mail address, and provides functionality for the membership user such as the ability to change or reset his or her password.

An ActiveDirectoryMembershipUser object is returned by the application's membership provider whenever the application is configured to use an Active Directory data store. In an application that can be configured to use different data stores, or in an application that uses multiple data stores, you can refer to the base class, MembershipUser. Because the ActiveDirectoryMembershipUser object does not implement the LastActivityDate and LastLoginDate properties, you must be prepared to handle the NotSupportedException that is thrown when these members are accessed on an ActiveDirectoryMembershipUser object.

The ActiveDirectoryMembershipUser class implements internal optimizations used by the ActiveDirectoryMembershipProvider class to minimize the number of attribute updates that occur when calling the UpdateUser method. It also serializes the SecurityIdentifier representation (available in the ProviderUserKey property) so that an ActiveDirectoryMembershipUser object can be serialized and deserialized without throwing exceptions.

A ActiveDirectoryMembershipUser object is returned by the GetUser and CreateUser methods or as part of a MembershipUserCollection returned by the GetAllUsers, FindUsersByName, and FindUsersByEmail methods.

An ActiveDirectoryMembershipUser object is required by the UpdateUser method when you want to update the information for an existing membership user.

ActiveDirectoryMembershipUser properties are mapped to Active Directory attributes. The following table lists the ActiveDirectoryMembershipUser properties and their default attribute mappings.

Property

Default directory attribute

Can be mapped?

ProviderUserKey

securityIdentifier

No

Username

userPrincipalName

Yes, but must be either userPrincipalName or sAMAccountName

Comment

comment

No

CreationDate

whenCreated

No

Email

mail

Yes, but must be a single-valued attribute of type Unicode String.

LastActivityDate

n/a

Not supported by ActiveDirectoryMembershipProvider.

LastLoginDate

n/a

Not supported by ActiveDirectoryMembershipProvider.

LastPasswordChangedDate

pwdLastSet

No

PasswordQuestion

none, but must be mapped to an attribute if using question-and-answer security for password reset or retrieval.

Yes, but must be a single-valued attribute of type Unicode String.

IsApproved

User-Account-Control (AD)

mDS-UserAccountDisabled (ADAM)

No

IsLockedOut

computed from lockoutTime and the AD lockout duration (AD on Windows 2000)

msDS-User-Account-Control-Computed (AD on Windows Server 2003)

msDS-User-Account-Control-Computed (ADAM)

No

LastLockoutDate

If locked out due to too many bad password attempts, the lockout time attribute is returned.

If locked out due to too many bad password answer attempts, the value stored in the attribute defined by attributeMapFailedPasswordAnswerLockoutTime is returned.

If locked out due to both a bad password and too many bad password attempts, the most recent date/time value is returned.

If the account is not locked out, return 1/1/1753 for SQL compatibility.

No

The following code example demonstrates using properties on the ActiveDirectoryMembershipUser object on a Web page that may return user information from multiple membership data stores. Because the ActiveDirectoryMembershipUser object that underlies the MembershipUser object returned by the membership provider does not implement the LastActivityDate and LastLoginDate properties, the code first checks the type of the user object returned from the membership provider before displaying the contents of those properties.


<%@ Page Language="C#" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">

  protected void Page_Load(object sender, EventArgs e)
  {
    MembershipUser user =
        Membership.GetUser();

    userName.Text = user.UserName;
    emailAddress.Text = user.Email;

    if (user is ActiveDirectoryMembershipUser)
    {
      lastLoginDate.Text = "Not available";
      lastActivityDate.Text = "Not available";
    }
    else
    {
      lastLoginDate.Text = user.LastLoginDate.ToShortDateString();
      lastActivityDate.Text = user.LastActivityDate.ToShortDateString();
    }
    
    System.Security.Principal.SecurityIdentifier sidValue =
      (System.Security.Principal.SecurityIdentifier)user.ProviderUserKey;

    sid.Text = sidValue.ToString();
  }
</script>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
  <title>User information</title>
</head>
<body>
  <form id="form1" runat="server">
    <div>
      <table>
        <tr>
          <td>
            User name:</td>
          <td>
            <asp:Literal ID="userName" runat="server" /></td>
        </tr>
        <tr>
          <td>
            E-mail Address:</td>
          <td>
            <asp:Literal ID="emailAddress" runat="server" /></td>
        </tr>
        <tr>
          <td>
            Last Login Date:</td>
          <td>
            <asp:Literal ID="lastLoginDate" runat="server" /></td>
        </tr>
        <tr>
          <td>
            Last Activity Date:</td>
          <td>
            <asp:Literal ID="lastActivityDate" runat="server" /></td>
        </tr>
        <tr>
          <td>
            Security Identifier SID:</td>
          <td>
            <asp:Literal ID="sid" runat="server" /></td>
        </tr>
      </table>
    </div>
  </form>
</body>
</html>

System.Object
   System.Web.Security.MembershipUser
    System.Web.Security.ActiveDirectoryMembershipUser
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 98, Windows Server 2000 SP4, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.