[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3970
  • Last Modified:

Authentication using Secure LDAP (ie LDAPS)

Hello Everyone,

I am trying to validate a user against Active Directory.  I current use the following code and it works fine:

    bool authentic = false;
    PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain);
    // validate the credentials against domain.  authentic is True if the account is valid, false if it    fails
    authentic = pc.ValidateCredentials(userName, password);

I pass in the Windows Domain, username, and password into the method and the method returns a true or false depending on the validity of the user account.

Now I have a new requirements that I must use SSL when making calls to LDAP.  How can I convert the code above so that I do the same thing but using LDAP over SSL?

Thank you in advance for any help you can provide.



0
Kozela
Asked:
Kozela
  • 2
  • 2
1 Solution
 
nociSoftware EngineerCommented:
I don't known the API you're using.
To validate SSL (in general) you need to specify the certificate of the Certificate Authority that issued your servers certificate to validate the certificate sent to you by the server, if not explicitly told that certificate you may need to specify a store of all trusted CA certificates.
You need to specify you want to use ldaps  (port 636) or you want to upgrade the existing ldap using TLS1.
0
 
KozelaAuthor Commented:
Thanks noci.  I am using ASPx page with C# to code the ldap query.  There are a few solutions for this on the Internet but they dont seem to work with .NET 3.5.  I am using the SSL certificate to encrypt the connection between my application and LDAP.  Then I am just running a simple LDAP query to check if the user and passsword is valid. So yes, I want to use ldaps (port 636) to query ldap and all the certificates in the certificate store are trusted on the machines running this application.

Any ideas? Thanks for the feedback?
0
 
nociSoftware EngineerCommented:
I have no windows system myself so also no C#. (I could have noticed using the keywords i see now).

That still means you need to be able to specify a certificate...
btw The name Principal does sound more like kerberos than ldap btw.  (Windows domain authentication is almost the same as kerberos authentication)
So yes ldap is involved but only on the server side (the KDC / [Kerberos] Domain Controller )

Here is a (rather old) article about accessing LDAP from .net C#
http://www.novell.com/coolsolutions/feature/11204.html

0
 
KozelaAuthor Commented:
Figured it out.  ere is the solution for reference:

public static bool UserAuthetication(string userName, string password, string domain)
        {
            bool authentic = false;
            try
            {
                DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain, userName, password, AuthenticationTypes.SecureSocketsLayer | AuthenticationTypes.Secure);
                object nativeObject = entry.NativeObject;
                authentic = true;
            }
            catch (Exception e)
            {
                Console.Out.Write("Error Authentication Method / " + e.Message);
                authentic = false;
                return authentic;
            }
            return authentic;
        }
0
 
apeterCommented:
Also with PrincipalContext class you should provide Contextoptions...

Below link will give you details
http://msdn.microsoft.com/en-us/library/bb300969.aspx
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now