[Last Call] Learn how to a build a cloud-first strategyRegister Now


Authenticating to LDAP in ASP.Net 3.5 Application

Posted on 2009-02-17
Medium Priority
Last Modified: 2013-12-24

We're building an ASP.Net 3.5 application for a client that requires LDAP authentication of the user.  I have a half-page of LDAP documentation from the client (it's a school), and a web full of examples on how to authenticate to LDAP.  I've build something resembling this: http://support.microsoft.com/kb/316748, which runs in our network.

I cannot get any examples to run in the client's network.  I think the problem is in correctly building the Bind DN.  Depending on how I code the authentication method, I either get "Inappropriate Authentication" or "Invalid Bind DN" back from LDAP.  

Here is the advice from the client's IT documentation:

"Use 128 bit or better transport layer authentication when authenticating"
"Connect to ldap.clientdomain.edu"
"The bind DN is: 'uid=myID,ou=people,dc=clientdomain,dc=edu'"

My main confusion is in building the "_path" string, as called for in Microsoft's code.  I've seen many different styles on the web:

- with or without LDAP:// in front, or LDAPS://
- a basic url, like ldap.mydomain.com
- a basic url plus a DN-style string, like ldap.mydomain.com/dc=mydomain,dc=com

I also don't understand how the authentication works.  I've seen examples in many places that call for modifying the anonymous web user to be a user with AD query rights, and using Identity Impersonate to adopt that identity for the application.  Does that mean that I first have to authenticate to LDAP as a system user, then re-authenticate with my web user's credentials?  Two round trips??  Or can I combine them into one?  Or just use the web user's credentials, and skip the anonymous user?

All we want to do is verify that the user has domain credentials before using our app.  We don't want to pull any information back from LDAP other than a "yes" or "no".

Am I the only one who finds this confusing?  :-(

Thanks in advance for any help!

Question by:roblinx
  • 2
LVL 41

Accepted Solution

guru_sami earned 2000 total points
ID: 23662917
Just a pointer if it helps: http://forums.asp.net/t/943717.aspx

Also can you paste the variations you tried and the corresponding errors you get.

Author Comment

ID: 23664745
Here's the testbed I'm trying.  I'll put in commented out lines with the various connection strings I've tried.  Note that I'm just trying to authenticate my own login.  I've been told that we'll use each user's login to both bind and authenticate, so this model should be what we end up using in production, more or less.

I can't debug locally (I'm offsite, and only have remote console access), so I'm not getting useful errors from this code, other than a general exception.

I'm able to use LDP.EXE to look at LDAP interactively, and can give more information from that, if it's helpful.
// have also tried the below with port 636...
//                DirectoryEntry entry = new DirectoryEntry("ldap.schooldomain.edu/uid=myLogin,ou=people,dc=schooldomain,dc=edu", "myLogin", "myPassword", AuthenticationTypes.Secure);
//                DirectoryEntry entry = new DirectoryEntry("ldap://ldap.schooldomain.edu/uid=myLogin,ou=people,dc=schooldomain,dc=edu", "myLogin", "myPassword", AuthenticationTypes.Secure);
//                DirectoryEntry entry = new DirectoryEntry("ldap.schooldomain.edu", "myLogin", "myPassword", AuthenticationTypes.Secure);
//                DirectoryEntry entry = new DirectoryEntry("ldap://ldap.schooldomain.edu:389/uid=myLogin,ou=people,dc=schooldomain,dc=edu", "myLogin", "myPassword", AuthenticationTypes.Secure);
                DirectoryEntry entry = new DirectoryEntry("ldap.schooldomain.edu:389/uid=myLogin,ou=people,dc=schooldomain,dc=edu", "myLogin", "myPassword", AuthenticationTypes.Secure);
                // Bind to the native AdsObject to force authentication.
                Object obj = entry.NativeObject;
                DirectorySearcher search = new DirectorySearcher(entry);
                search.Filter = "(UID=myLogin)";
                SearchResult result = search.FindOne();
                if (null == result)
                    Console.WriteLine("Not Found");
                    Console.WriteLine("Found ");
                // Update the new path to the user in the directory
                _path = result.Path;
                Console.WriteLine("Path: " + _path);
                _filterAttribute = (String)result.Properties["cn"][0];
                Console.WriteLine("Filter: " + _filterAttribute);

Open in new window


Author Closing Comment

ID: 31547926
Thank you for your help.  LDAP is not an easy protocol to use: so many variations in implementation, and variations in methods of integration and access!  We have a solution that works, but I'm not satisfied that it's the best.  I am closing the question and awarding points because I appreciate the participation and help.  

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In real business world data are crucial and sometimes data are shared among different information systems. Hence, an agreeable file transfer protocol need to be established.
Creating a Cordova application which allow user to save to/load from his Dropbox account the application database.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question