0

I am working on a requirement where I need to validate user with active directory account. For this I have used LdapConnection with NetworkCredential and PrincipalContext and in all cases I am able to validate user without SSL. But I need to use validate user with SSL. I have also used the correct port i.e 636/TCP LDAP SSL

Following is the code I did with PrincipalContext 

using (principalContext = new PrincipalContext(ContextType.Domain, ldapServerIp, null, ContextOptions.Negotiate | ContextOptions.SecureSocketLayer, userName, password))
                { bool isCredentialValid = principalContext.ValidateCredentials(userName, password);}

Following is code I did with 

using (ldapConnection = new LdapConnection(ldapServerIp))
                {
                    var networkCredential = new NetworkCredential(_username, _password, ldapServerIp);
                    ldapConnection.SessionOptions.SecureSocketLayer = true;
                    ldapConnection.AuthType = AuthType.Negotiate;
                    ldapConnection.Bind(networkCredential);

                }

Does anyone have did this earlier successfully. If there is any solution that will be very helpful.

David Specht
  • 7,784
  • 1
  • 22
  • 30
Virender Thakur
  • 421
  • 7
  • 23

1 Answers1

1

Both of those should work just fine, as long as you specify the LDAPS port (usually 636). So your ldapServerIp variable should be set to something like example.com:636.

Gabriel Luci
  • 38,328
  • 4
  • 55
  • 84
  • yes i did that 636 is for SSL connectivity. But did not work. – Virender Thakur Feb 07 '20 at 16:24
  • It's possible the certificate is not trusted on the computer you're doing this on. You can use the PowerShell in [this](https://stackoverflow.com/a/22251597/1202807) answer to download the certificate. Use `https://example.com:636` as the URL, and it will save the certificate to a .cer file. Open that file, and it should tell you if the certificate is trusted or not. – Gabriel Luci Feb 07 '20 at 16:31
  • Is there something that I need to check what type of encryption used in signing certificate e.g #SHA, #MD through code. – Virender Thakur Feb 07 '20 at 17:57
  • No. It's exactly the same type of certificate that is used for websites. – Gabriel Luci Feb 07 '20 at 18:44