Re: Pure LDAP Authentication using vb.net
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 19 Sep 2006 12:53:07 -0500
The combo of 12.3-12.5 from our book's website would probably be a
reasonable place to start looking. I believe the full samples will also
contain all of that stuff in a synthesized format. Those are C# only
though. The raw listings are both VB and C#.
Like I said, I don't know how to do group membership in Novell, so I don't
have a sample. You'll need to ask someone. Typically, this goes by looking
at the memberOf attribute on the user's object, but I'm not sure if that
applies to eDirectory. Group membership is wickedly complex in Windows due
to security/distro groups, group types (local, global and universal),
nesting and the possibility of multiple domains and forests. Some
directories support calculated group membership based on search filters.
Best of luck,
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Chris Davoli" <ChrisDavoli@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:52C77378-E2C7-45C1-9469-840314D9DF45@xxxxxxxxxxxxxxxx
Joe, were using LDAP against Novell Directory Services. Do you have any
sample code that does this?
--
Chris Davoli
"Joe Kaplan" wrote:
My book has some stuff showing how to do an LDAP bind to a directory in
order to implement LDAP authentication (ch 12). Most of it deals
directly
with AD or ADAM, but it can be applied to other directories.
The trick with most non-MS directories is that none of the
Microsoft-specific authentication mechanisms like GSS-SPNEGO will work,
so
you will likely need to use something like LDAP simple bind. This must
be
secured with an SSL/LDAP connection to the server, as simple bind uses
plaintext credentials.
Getting group membership is something that is typically done with some
sort
of search against the directory, but the specifics of it will vary from
directory to directory. You probably should get an explanation of how it
is
done for this product in terms of pure LDAP operations. Then you can
translate that into .NET.
You may also be more successful using something like
System.DirectoryServices.Protocols (SDS.P) in .NET 2.0 rather than the
higher level System.DirectoryServices (SDS), as the latter uses ADSI
under
the hood, and ADSI tends to make a lot of default assumptions about
talking
to AD that can make things complicated. You get more control with SDS.P.
The code samples from my book can be downloaded for free from the site in
my
sig. Ch 12 has the auth samples. I'd suggest modifying the SDS.P sample
to
suit your needs.
Best of luck,
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Chris Davoli" <ChrisDavoli@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DB954602-8876-492A-A488-9D4CE68B6FD3@xxxxxxxxxxxxxxxx
I need a vb.net sample code that authenticates users against a
repository
that supports LDAP. The resposiitory is NOT Active Directory. After
authentication it would be great if the sample code also retrieves
group
membership using LDAP.
--
Chris Davoli
.
- References:
- Re: Pure LDAP Authentication using vb.net
- From: Joe Kaplan
- Re: Pure LDAP Authentication using vb.net
- Prev by Date: Re: Different results between declarative and imperative security
- Next by Date: Re: Authentication problem
- Previous by thread: Re: Pure LDAP Authentication using vb.net
- Next by thread: It is an error to use a section allowDefinition='MachineToApplicat
- Index(es):
Relevant Pages
|
