Re: Authenticating users using asp.net/vb.net against iPlanet LDAP

From: Joe Kaplan (ilearnedthisthehardway@noway.com)
Date: 11/14/02 

From: "Joe Kaplan" <ilearnedthisthehardway@noway.com>
Date: Wed, 13 Nov 2002 17:08:41 -0600

I meant to try doing the bind using SSL with a known good username and
password such as the administrator or doing a bind anonymously with SSL a
la:

(to verify SSL works with a known good uid/password)

oVerify = New DirectoryServices.DirectoryEntry(cPath, "adminuserid",
"adminpassword",
System.DirectoryServices.AuthenticationTypes.SecureSocketsLayer)

(to verify that SSL works with an anonymous bind)
oVerify = New DirectoryServices.DirectoryEntry(cPath, "", "",
System.DirectoryServices.AuthenticationTypes.SecureSocketsLayer Or
System.DirectoryServices.AuthenticationTypes.Anonymous)

I'm not sure if that will prove anything, but it might provide more useful
info. Sorry or the confusion.

Joe K.

"Vinay" <vinay_hs@nospam.yahoo.com> wrote in message
news:e5QO161iCHA.1652@tkmsftngp09...
> Hi Joe:
>
> When you mentioned 'bind with the dir with any username and pws using SSL'
> did you mean using something other than ADSI? If yes, how can I test/do
> this?
> By the looks of it I can bind anonymously...since I get the adsPath for
the
> user.
>
> Vinay
>
> "Joe Kaplan" <ilearnedthisthehardway@noway.com> wrote in message
> news:eqz0z#0iCHA.2636@tkmsftngp08...
> > Your code looks fine to me. This sounds like an SSL problem of some
sort.
> > Can you bind to the directory with any username and password using SSL
> > (AuthenticationTypes.SecureSocketsLayer)? Can you bind anonymously?
> >
> > Good luck. Hopefully someone else will have some other trouble shooting
> > ideas.
> >
> > Joe K.
> >
> > "Vinay" <vinay_hs@nospam.yahoo.com> wrote in message
> > news:euSeYA0iCHA.2616@tkmsftngp11...
> > > Hi All:
> > >
> > > I've been trying to figure this out on and off for a while now...but
now
> I
> > > really do need to get this sorted out and working. Would appreciate
some
> > > help on this!
> > >
> > > Background:
> > > We are developing an using asp.net. Users of this app first need to
> login
> > to
> > > the system (the login is using their email address and domain
password).
> > > This system is hosted on a Win2K server. Users need to be
authenticated
> > > against an iPlanet LDAP server. The win2K server is within the
> > > organization's firewall.
> > >
> > > The win2k server has a certificate that has been installed on it.
(Used
> > the
> > > generate certificate request etc..process in IIS for this). The
> company's
> > IT
> > > dept sent us back the certificate, which we then installed. This is
> > > apparently necessary in order to communicate with the ldap server
using
> > SSL.
> > >
> > > The code I am using to try and do the authentication is:
> > >
> > >
> >
>
****************************************************************************
> > > Dim ds As DirectoryServices.DirectorySearcher
> > > Dim oSRAll As DirectoryServices.SearchResultCollection
> > > Dim cPath As String
> > > Dim oVerify As DirectoryServices.DirectoryEntry
> > >
> > > Dim de As New
> > >
> >
>
DirectoryServices.DirectoryEntry("LDAP://ldap.company.com:389/uid=user@compa
> > > ny.com, ou=employees,o=company.com", "user@company.com", "password",
> > > System.DirectoryServices.AuthenticationTypes.Anonymous)
> > >
> > > ds = New DirectoryServices.DirectorySearcher(de)
> > > ds.Filter = "(mail=user@company.com)"
> > > ds.PropertiesToLoad.Add("mail")
> > > ds.PropertiesToLoad.Add("givenName")
> > > ds.PropertiesToLoad.Add("adsPath")
> > >
> > > Dim sr As DirectoryServices.SearchResult
> > > Dim fullname As String
> > > Dim email As String
> > >
> > > oSRAll = ds.FindAll
> > > 'MsgBox(oSRAll.Count)
> > > For Each sr In oSRAll
> > > cPath = sr.Properties("adsPath")(0)
> > > Next
> > >
> > > MsgBox(cPath)
> > >
> > > Try
> > >
> > > oVerify = New DirectoryServices.DirectoryEntry(cPath,
> "user@company.com",
> > > "password",
> > System.DirectoryServices.AuthenticationTypes.SecureSocketsLayer)
> > >
> > > MsgBox(oVerify.Properties("distingushedName").Value)
> > >
> > > Catch
> > >
> > > MsgBox("Not authenticated")
> > >
> > > End Try
> > >
> > >
> >
>
****************************************************************************
> > > ***************************************
> > >
> > > Here is what happens with the above code-
> > >
> > > When I create the directoryentry the first time, anonymously, and
filter
> > > based on the (mail=user@company.com) and retrieve the adsPath this
works
> > > fine. I do this using port 389, which is meant for anonymous access.
> > >
> > > Using the adsPath (and changing the port to 636) I then try to create
> the
> > > user object, by passing the emailID (which is what the ldap document
of
> > the
> > > company says I should use) and the NT domain password. This is where
it
> > > fails. Even the errors I get don't seem to be consistent. Sometimes
the
> > > error is 'Server not operational' at other times it is 'Object does
not
> > > exist'.
> > >
> > > As is probably obvious, my knowledge of server certificates, using
> > adsi/ldap
> > > is pretty limited...and I am yet learning, which leads me to assume I
am
> > > missing something very obvious here. Would appreciate it very much if
> > > someone could help me out here! I need to get the authentication
process
> > > working pretty soon!
> > >
> > > TIA!
> > >
> > > Vinay
> > > vinay_hs@nospam.yahoo.com
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: LDAP Binding - solved
    ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... Hooking the SSL bind Cert event and returning true solved that. ... username and empty string password. ...
    (microsoft.public.dotnet.security)
  • Re: Authenticating users using asp.net/vb.net against iPlanet LDAP
    ... When you mentioned 'bind with the dir with any username and pws using SSL' ... >> This system is hosted on a Win2K server. ... >> Dim oSRAll As DirectoryServices.SearchResultCollection ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: ADAM bind proxy failing after w2k to w2k3 domain upgrade
    ... I'm not using ssl to bind now - eliminating complexity to resolve this ... I never configured to require ssl, ... > Secure Proxy bind as you said you had SSL running?) ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM gives the users from an Active Directory
    ... Note that setting up SSL when doing simple bind is generally a really good ... especially if you have any trust issues on the network between the app ... That is actually why that setting exists in ADAM. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM Authentication
    ... Changing to simple bind seem to work. ... sUserName = "Mary Baker" ... Dim dsSystem As New DirectorySearcher ... authenticate, also will not authenticate using the "LDP" utility. ...
    (microsoft.public.windows.server.active_directory)
Loading