Hi Roger

Firstly, like every one else here I would like to thank you for a thoroughly useful and excellent Web App.

Secondly I was wondering if you could help with a problem I am experiencing;
I have been running the latest version of GSP on Windows Server 2003 and connecting to an SQL Server 2000.
All with no problems.
I then implemented AD integration following your instructions in the Admin guide but now I cannot log in.
I can still access the gallery as an anonymous browser but I get access denied whichever account I use to log in.
There are no crashes or debug errors but the following event is recorded in the Application Log:

Event Type: Information
Event Source: ASP.NET 2.0.50727.0
Event Category: Web Event
Event ID: 1315
Date: 30/07/2010
Time: 12:55:11
User: N/A
Computer: UTAH
Description:
Event code: 4006
Event message: Membership credential verification failed.

Event time: 30/07/2010 12:55:11
Event time (UTC): 30/07/2010 11:55:11
Event ID: 0d62323137994755a0e3544b9897f3ba
Event sequence: 13
Event occurrence: 3
Event detail code: 0

Application information:
Application domain: /LM/W3SVC/1/Root/Gallery-17-129249619177377483
Trust level: Full
Application Virtual Path: /Gallery
Application Path: c:\inetpub\wwwroot\Gallery\
Machine name: UTAH

Process information:
Process ID: 94096
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE

Request information:
Request URL: http://utah/Gallery/Default.aspx?g=login&msg=19&ReturnUrl=Membership credential verification failed.fGalleryMembership credential verification failed.fDefault.aspx30/07/2010 12:55:11fmoid30/07/2010 12:55:11d826%26hr30/07/2010 12:55:11d1
Request path: /Gallery/Default.aspx
User host address: 192.168.80.132

User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\NETWORK SERVICE

Name to authenticate: administrator


Custom event details:

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Any reference to this error I can find refers to the fact the anonymous IUSR_Server account needs access permissions on a database, obviously in this case the one used by GSP. I have duelly given this permission but to no avail.
See:
http://blogs.msdn.com/b/...l-please-try-again.aspx

Any light you might be able to shed on this issue would be greatly appreciated.

Thanks

Many thanks for your response Roger but neither solution solved the problem. I have tried several different AD admin accounts for the apps pool and also half a dozen different variations on login style (email address/domain name etc) but still no dice. The original "credential verification" error still occurs. I have even reinstalled GSP from scratch.
All I can think of is that I made a mistake in the original configuration, as follows:

In both instance of me trying to integrate GSP with AD, I experienced the same "cannot find connection string" problem as the forum user "Paul" did in this thread:

http://www.galleryserver...h-Active-Directory.aspx

Your solution was to put in a <clear /> statement in the web.config file.
I wasn't exactly sure where to put it so I put it here:

<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<clear />
<add name="AspNetActiveDirectoryMembershipProvider"

This seemed to do the trick and the original error went away.
Could you confirm that this is the correct location?

Many Thanks

Is the latest version of the guide 2.3.3512, Roger?
I couldn't see the update in that one.

I've got the same problem as benm. My installation has worked fine alle the time, but the AD integration simply won't work. I've tried all the suggestions above, can't get any further...:-( Any further tips?

PS: Running 2008 r2 and SQL Server 2008 r2.

I don't know much about Active Directory - only enough to set up a VM with AD installed and perform a GSP integration. I documented the steps I used to make it work for me.

Here is an idea: Create an empty ASP.NET web application and try to integrate it with AD using one of the many tutorials on the web. If it works, compare it to your GSP configuration to see what is different. If it doesn't work, then you at least have a simple scenario to troubleshoot.

It is indeed.

Huh...! I'm actually a step further, but in the admin guide you say:

"Now, at this point you should be able to log on to Gallery Server with your domain account, but you will receive the following message:
This is because your user account is not a member of any roles in Gallery Server Pro. Recall that when you installed Gallery Server Pro, a role named System Administrator was created with administrative permission. Now you need to add one or more AD users to this role. But how do you do this when no one has authorization to perform this task?
If you are using IIS 7, the answer is easy. Open up IIS Manager, navigate to the Gallery Server Pro web app, and click .NET Users. A list of your AD users appears. Double click the one that you want to be the administrator, and add the user to the System Administrator role in the dialog box. The next time you log on to Gallery Server Pro you will have administrative access."

....but I don't have a .NET Users in IIS Manager, Gallery Server Pro web app? Ive got .Net Authorization, Compilation, Error Pages, Globalization, Profile and Trust Levels. But no Users. And none of the .NET-stuff gives me the option to select any AD-users.

I'm running IIS 7.5. Getting closer, but I need a bit of a push...:-)

I am running IIS 7.5 under .NET 4.0, and I have a .NET Users applet in IIS Manager. I am not sure why you do not. I suggest googling around, as I suspect others have been in your shoes. Perhaps there is an IIS component that needs to be installed, but that is just a guess.

I think so. Add a record to the aspnet_UsersInRoles table. I am not sure what you will use for the UserId column, though. You may have to experiment. Get the RoleId from the aspnet_Roles table.

I see what you mean. I get a .NET Users icon in all my 2.0 apps, but not my 4.0 ones. That is a real monkey wrench into getting this set up. MS better resolve this...

The best thing I can suggest is to set up a test site running under .NET 2.0 and do it there, then inspect the aspnet_ tables, which will tell you what you need to do in your .NET 4.0 app. Then post your findings here to help the rest of us.