Assembly: System.Web.Security.SingleSignOn (in system.web.security.singlesignon.dll)
The LdapDirectoryAccountStore class is part of the Federation Service’s trust policy configuration.
To authenticate username/password credentials to an ADAM account store, this sequence of events is followed:
The Federation Service establishes an authenticated connection by doing a secure bind to the distinguished name specified by the LdapBaseDN property using the default credentials for the Federation Service application pool.
Using the authenticated connection, the Federation Service finds a user object for the authenticating user by performing a subtree search for an object whose username attribute, specified by the LdapUsernameAttrib property, matches the username in the credentials.
The Federation Service attempts a simple bind with the DN found in step 2 and the password in the credentials to the DN specified by the LdapBindObjectDN property, if specified, or else the LdapBaseDN property.
If step 3 succeeds, the user is authenticated, and attributes are extracted per the LdapClaimGeneration object from the user account found in step 2.
The following properties must be null when the LdapDirectoryAccountStore is part of an ActiveDirectoryAccountStore:
These properties are optional for Active Directory: