Export (0) Print
Expand All

ActiveDirectoryMembershipProvider.CreateUser Method

Adds a new user to the Active Directory data store.

Namespace:  System.Web.Security
Assembly:  System.Web (in System.Web.dll)

[DirectoryServicesPermissionAttribute(SecurityAction.Demand, Unrestricted = true)]
[DirectoryServicesPermissionAttribute(SecurityAction.Assert, Unrestricted = true)]
[DirectoryServicesPermissionAttribute(SecurityAction.InheritanceDemand, Unrestricted = true)]
public override MembershipUser CreateUser(
	string username,
	string password,
	string email,
	string passwordQuestion,
	string passwordAnswer,
	bool isApproved,
	Object providerUserKey,
	out MembershipCreateStatus status
)

Parameters

username
Type: System.String

The user name for the new user.

password
Type: System.String

The password for the new user.

email
Type: System.String

The e-mail address of the new user.

passwordQuestion
Type: System.String

The password question for the new user.

passwordAnswer
Type: System.String

The password answer for the new user.

isApproved
Type: System.Boolean

Whether or not the new user is approved to be validated.

providerUserKey
Type: System.Object

The unique identifier from the membership data source for the user. This parameter must be null when using the ActiveDirectoryMembershipProvider class.

status
Type: System.Web.Security.MembershipCreateStatus

When this method returns, contains one of the MembershipCreateStatus enumeration values indicating whether the user was created successfully.

Return Value

Type: System.Web.Security.MembershipUser
An ActiveDirectoryMembershipUser instance containing the information for the newly created user, or null if the user was not successfully created.

ExceptionCondition
ArgumentException

The providerUserKey parameter is not null.

NotSupportedException

The administrator has not mapped the password question-and-answer fields to attributes of the Active Directory schema, and either the passwordQuestion or passwordAnswer parameter is not null.

ProviderException

The machineKey Element (ASP.NET Settings Schema) configuration element indicates an auto-generated machine encryption key. You must explicitly set the decriptionKey attribute of the machineKey Element (ASP.NET Settings Schema) element to store password answers with the ActiveDirectoryMembershipProvider.

- or -

The ActiveDirectoryMembershipProvider was unable to establish a secure connection to the directory when attempting to set the password for the new user.

COMException

An error occurred while attempting to create the user.

InvalidOperationException

The CreateUser method is called before the ActiveDirectoryMembershipProvider instance is initialized.

The CreateUser method is called by the Membership class to create a new user in the Active Directory data store.

For both Active Directory and Active Directory Application Mode (ADAM) servers, the ActiveDirectoryMembershipProvider class requires that the instance class in the directory be user. Alternative user classes such as inetOrgPerson are not supported.

When using an Active Directory server and the user name is mapped to the userPrincipalName attribute, the ActiveDirectoryMembershipProvider class will automatically generate a random 20-character user name for the sAMAccountName parameter on your behalf.

Parameters default to the following maximum lengths.

Parameter

Maximum length

username

64 characters if using the userPrincipalName attribute. If using the sAMAccountName attribute, the common restriction is 20 characters or less.

password

128 characters.

email

256 characters.

passwordQuestion

256 characters.

passwordAnswer

128 characters before and after encrypting.

The Comment property on the returned ActiveDirectoryMembershipUser instance is limited to 1024 characters.

If the directory schema has been modified by reducing the maximum allowable lengths for these attributes, these lengths will take precedence.

Before creating the user, the ActiveDirectoryMembershipProvider class will make sure the user name is unique. If the ActiveDirectoryMembershipProvider instance is configured to require unique e-mail addresses, it will also make sure the e-mail address is unique.

In an Active Directory user-name uniqueness is enforced by performing a GC search when the user name is mapped to userPrincipalName. If sAMAccountName is used, then the directory will automatically enforce uniqueness of the sAMAccountName across the Active Directory domain.

An ADAM server will automatically enforce user name uniqueness of the userPrincipalName across all application partitions.

Uniqueness of the e-mail address is enforced by performing a subtree search for a duplicate e-mail address starting at the root of the container in which users are created. This is either the default user container (if connected to an Active Directory and no container was specified in the connection string) or the container specified in the connection string.

The ActiveDirectoryMembershipProvider class creates the user directly in the user container specified in the connection string. See the ActiveDirectoryMembershipProvider class topic for more information about connection strings.

For passwords to be set on an Active Directory server, the connectionProtection attribute must be set to SignAndSeal.

When an ADAM server is being used, the connectionProtection attribute can be set to None, but only if you explicitly configure the ADAM server to allow password changes over unsecured connections.

Leading and trailing spaces are trimmed from all string parameter values except password.

Security noteSecurity Note

You cannot create new users unless the credentials used to connect to the Active Directory server have either Domain Administrator rights (not recommended) or the "create child instance," "delete child instance," and "set password" access rights. The "delete child instance" access right is required because creating a user is a multi-step process, and if any step of user creation fails, the ActiveDirectoryMembershipProvider class will delete the user instance rather than leave a partially constructed user instance in the directory.

.NET Framework

Supported in: 4.5.2, 4.5.1, 4.5, 4, 3.5, 3.0, 2.0

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Show:
© 2014 Microsoft