locked
Active Directory Authentication using LDAP over SSL RRS feed

  • Question

  • I am trying to authenticate a user using the System.DirectoryServices library.  The gist of the code is:

    string domainUserName = "MyDomain.local\AUser";
    string password = "Password1";
    string LDAPConnectionString = "LDAP://MyDomain.local/cn=users,dc=MyDomain,dc=local"
    AuthenticationTypes authType = AuthenricationTypes.Secure;
    
    using (DirectoryEntry entry = new DirectoryEntry(LDAPConnectionString, domainUserName, password, authType))
    {
        //Bind to the native AdsObject to force authentication.
        object obj = entry.NativeObject;

    This works fine, however if I change authType to AuthenricationTypes.SecureSocketsLayer it fails with the exception

    System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): The user name or password is incorrect.
    
       at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
       at System.DirectoryServices.DirectoryEntry.Bind()
       at System.DirectoryServices.DirectoryEntry.get_NativeObject()
       at LDAPTest.DirectoryServicesAuthentication.Authenticate(String user, String password)

    I have reviewed various articles online in order to configure LDAP over SSL and am reasonably sure that I have it configured correctly, but am unable to successfully bind using my code.

    I have used ldp.exe and am able to successfully connect using MyDomain.local as the server, port 636, and SSL checked.  I am also then able bind using the same credentials.

    I am also able to successfully bind using the LdapConnection class

    string host = "MyDomain.local";
    int port = 636;
    string userName = "AUser";
    string password = "Password1";
    
    LdapDirectoryIdentifier ldi = new LdapDirectoryIdentifier(host, port);
    LdapConnection connection = new LdapConnection(ldi);
    
    connection.SessionOptions.SecureSocketLayer = secure;
    connection.Credential = new NetworkCredential(userName, password);
    connection.AuthType = AuthType.Negotiate;
    connection.Bind();
    

    Any idea why the directory services bind fails?

    Thanks,

    Andy


    Friday, August 25, 2017 8:01 PM

Answers

  • Thanks Wendy,

    I thought I looked for an AD forum and didn't see it. 

    In any case, I found my issue.  My user name was in the format <domain>\<user> but the domain was not the pre-Windows 2000 domain name.

    Thanks to everyone who looked at this thread.

    Tuesday, August 29, 2017 8:33 PM

All replies

  • Hi Andy Walldorff 2,

    Thank you for posting here.

    For your question is more related to LADP and SSL, you could post a new thread in Active Directory and LDAP forum for suitable support.

    The CLR Forum discuss and ask questions about .NET Framework Base Classes (BCL) such as Collections, I/O, Regigistry, Globalization, Reflection. Also discuss all the other Microsoft libraries that are built on or extend the .NET Framework, including Managed Extensibility Framework (MEF), Charting Controls, CardSpace, Windows Identity Foundation (WIF), Point of Sale (POS), Transactions. 

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, August 29, 2017 2:26 AM
  • Thanks Wendy,

    I thought I looked for an AD forum and didn't see it. 

    In any case, I found my issue.  My user name was in the format <domain>\<user> but the domain was not the pre-Windows 2000 domain name.

    Thanks to everyone who looked at this thread.

    Tuesday, August 29, 2017 8:33 PM
  • Hi Andy Walldorff 2,

    Thanks for your sharing.

    If your question has been solved, please mark the reply as answer. This will make answer searching easier in the forum and be beneficial to community members as well.

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.


    Wednesday, August 30, 2017 1:52 AM