I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:
Private bool ValidateUser (string username, string password)
{
DirectoryEntry userEntry = new DirectoryEntry(
ldapPath, username, password,
AuthenticationTypes.Anonymous);
//Bind to the native AdsObject to force authentication.
Object obj = userEntry.NativeObject;
DirectorySearcher search = new
DirectorySearcher(userEntry);
search.Filter = "(cn=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (result != null)
return true;
else
return false;
}
The problem is, it returns also true if the username is correct, but
the password is false.
It looks like the user is located but not authenthicated.
I have already tried with several AuthenthicationTypes:
I get an exeption "invalid dn-syntax" for AuthenthicationTypes.None,
AuthenthicationTypes.Delegation, AuthenthicationTypes.FastBind,
AuthenthicationTypes.ReadOnlyServer, AuthenthicationTypes.Sealing.
I get an exception "Die angeforderte Authentifizierungsmethode wird
durch den Server nicht unterstützt" (authenthication method not
supported by server) for AuthenthicationTypes.Secure or if I don't
specify an AuthenthicationType.
Any help is appreciated!
Dorrit
3  26579 
<do********************@communardo.dewrote in message
news:11*********************@v33g2000cwv.googlegro ups.com...
I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:
Private bool ValidateUser (string username, string password)
{
DirectoryEntry userEntry = new DirectoryEntry(
ldapPath, username, password,
AuthenticationTypes.Anonymous);
//Bind to the native AdsObject to force authentication.
Object obj = userEntry.NativeObject;
DirectorySearcher search = new
DirectorySearcher(userEntry);
search.Filter = "(cn=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (result != null)
return true;
else
return false;
}
The problem is, it returns also true if the username is correct, but
the password is false.
It looks like the user is located but not authenthicated.
I have already tried with several AuthenthicationTypes:
I get an exeption "invalid dn-syntax" for AuthenthicationTypes.None,
AuthenthicationTypes.Delegation, AuthenthicationTypes.FastBind,
AuthenthicationTypes.ReadOnlyServer, AuthenthicationTypes.Sealing.
I get an exception "Die angeforderte Authentifizierungsmethode wird
durch den Server nicht unterstützt" (authenthication method not
supported by server) for AuthenthicationTypes.Secure or if I don't
specify an AuthenthicationType.
Any help is appreciated!
Dorrit
<do********************@communardo.dewrote in message
news:11*********************@v33g2000cwv.googlegro ups.com...
I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:
Private bool ValidateUser (string username, string password)
{
DirectoryEntry userEntry = new DirectoryEntry(
ldapPath, username, password,
AuthenticationTypes.Anonymous);
//Bind to the native AdsObject to force authentication.
Object obj = userEntry.NativeObject;
DirectorySearcher search = new
DirectorySearcher(userEntry);
search.Filter = "(cn=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (result != null)
return true;
else
return false;
}
The problem is, it returns also true if the username is correct, but
the password is false.
It looks like the user is located but not authenthicated.
I have already tried with several AuthenthicationTypes:
I get an exeption "invalid dn-syntax" for AuthenthicationTypes.None,
AuthenthicationTypes.Delegation, AuthenthicationTypes.FastBind,
AuthenthicationTypes.ReadOnlyServer, AuthenthicationTypes.Sealing.
I get an exception "Die angeforderte Authentifizierungsmethode wird
durch den Server nicht unterstützt" (authenthication method not
supported by server) for AuthenthicationTypes.Secure or if I don't
specify an AuthenthicationType.
Any help is appreciated!
Dorrit
AuthenticationTypes.Anonymous means ... no authentication is performed, so your credentials
are not checked at all. You should specify None as type, this will force Basic
authentication, basically OpenLdap does only support "basic" and "SecureSocketsLayer", other
types are not supported.
Another point is that you better use System.DirectoryServices.Protocols (FCL v2) when
connecting to non Active Directory, OpenLDAP is not AD and the directory schema is not the
same as the AD schema so you better use lower level LDAP API's then the ADSI (wrapped by
SDS).
Following snip illustrates how you can bind using basic authentication.
using System.DirectoryServices.Protocols;
....
using (LdapConnection ldap = new LdapConnection("ldapserverName"))
{
ldap.AuthType = AuthType.Basic;
ldap.Bind(new NetworkCredential("username", "pwd")); // credentials for the
bind, username in upn format
// do whatever you need to do with the store
SearchRequest req = new SearchRequest("cn=....", ....
....
}
Willy.
OK, I'll try the approach with DirectoryServices.Protocols then. Thanks
for the tip.
Dorrit
Willy Denoyette [MVP] schrieb:
<do********************@communardo.dewrote in message
news:11*********************@v33g2000cwv.googlegro ups.com...
I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:
Private bool ValidateUser (string username, string password)
{
DirectoryEntry userEntry = new DirectoryEntry(
ldapPath, username, password,
AuthenticationTypes.Anonymous);
//Bind to the native AdsObject to force authentication.
Object obj = userEntry.NativeObject;
DirectorySearcher search = new
DirectorySearcher(userEntry);
search.Filter = "(cn=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (result != null)
return true;
else
return false;
}
The problem is, it returns also true if the username is correct, but
the password is false.
It looks like the user is located but not authenthicated.
I have already tried with several AuthenthicationTypes:
I get an exeption "invalid dn-syntax" for AuthenthicationTypes.None,
AuthenthicationTypes.Delegation, AuthenthicationTypes.FastBind,
AuthenthicationTypes.ReadOnlyServer, AuthenthicationTypes.Sealing.
I get an exception "Die angeforderte Authentifizierungsmethode wird
durch den Server nicht unterstützt" (authenthication method not
supported by server) for AuthenthicationTypes.Secure or if I don't
specify an AuthenthicationType.
Any help is appreciated!
Dorrit
AuthenticationTypes.Anonymous means ... no authentication is performed, so your credentials
are not checked at all. You should specify None as type, this will force Basic
authentication, basically OpenLdap does only support "basic" and "SecureSocketsLayer", other
types are not supported.
Another point is that you better use System.DirectoryServices.Protocols (FCL v2) when
connecting to non Active Directory, OpenLDAP is not AD and the directory schema is not the
same as the AD schema so you better use lower level LDAP API's then the ADSI (wrapped by
SDS).
Following snip illustrates how you can bind using basic authentication.
using System.DirectoryServices.Protocols;
...
using (LdapConnection ldap = new LdapConnection("ldapserverName"))
{
ldap.AuthType = AuthType.Basic;
ldap.Bind(new NetworkCredential("username", "pwd")); // credentials for the
bind, username in upn format
// do whatever you need to do with the store
SearchRequest req = new SearchRequest("cn=....", ....
...
}
Willy.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Michael Glaesemann |
last post by:
Hello all,
Recently I've been thinking about different methods of managing users
that log into a PostgreSQL-backed application. The users I'm thinking
of are not necessarily DBAs: they're...
|
by: ALI-R |
last post by:
I know how to authenticate to a webservice using either of these
ways(Assuming that rService represents the webservice):
1) rService.Credentials = new...
|
by: EricRybarczyk |
last post by:
I am starting a rewrite of an existing Classic ASP web site in ASP.NET 2.0.
The existing ASP application has several types of users, each with a separate
login process (separate login page,...
|
by: dorrit.Riemenschneider |
last post by:
I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:
Private bool ValidateUser (string username, string password)
{
DirectoryEntry...
|
by: fomalhaut |
last post by:
Hi All,
I'm builing an application that requires domain admin access to run,
and I'm trying to allow for the application to be run as a normal user
and allow the user to provide it with a...
|
by: Michael Howes |
last post by:
I would think this would be very, very easy but in the 50 searches
I've done I haven't found anything.
If our application requires login and that user/password be a local
windows account or more...
|
by: Jagath84 |
last post by:
Hi all,
I want to update openldap directory from c#. I used following code for make Directory entry as below.
public static DirectoryEntry GetDirectoryEntry()
{
...
|
by: Jon |
last post by:
I am modifying an app for a customer in ASP.Net 1.1. The app is running on a
server outside their network, yet they want to authenticate users against
their internal active directory set up (they...
|
by: kurtk |
last post by:
I had a question about the use of the HTTP header 'WWW-Authenticate'
in PHP scripts. For example, the script below sends the header 'WWW-
Authenticate: Basic Realm="Secret Stash"', followed by the...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
