D
Dennis Dobslaf
I try to do some authentication with LDAP. But it's a bit different to
the sample in msdn.
I wrote a class LdapAuthentication with a method
public bool IsAuthenticated(String domain, String username, String pwd)
{
String domainAndUsername = domain + @"\" + username;
DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd,
AuthenticationTypes.Anonymous);
try
{
Object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(cn=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if ( null == result )
{
return false;
}
_path = result.Path;
result.GetDirectoryEntry();
_filterAttribute = (String)result.Properties["cn"][0];
}
catch(Exception ex)
{
throw new Exception("Error authenticating user: " + ex.Message );
}
return true;
}
The problem is, that the DirectorySearcher doesn't tell me if a user is
authenticated. It only tells me: an entry with (cn="+username+") has
been found.
The new _path shows me the way to my user (ldap://server/cn=user....).
The user has a attribute named userPassword (which is encrypted in
crypt-mode). So I have to compare the user input to the userPassword
stored in LDAP. My problem: I can't fetch out the userPassword! I need
it to get the salt.
I tried it with the following method (where _path is the whole path to
the user information):
public String GetPwd()
{
DirectoryEntry entry = new DirectoryEntry(_path);
DirectorySearcher search = new DirectorySearcher(entry);
search.PropertiesToLoad.Add("userPassword");
String ladpPwd = "";
try
{
SearchResult result = search.FindOne();
ladpPwd = result.Properties["userPassword"][0];
}
catch ( Exception ex )
{
throw new Exception("Could not find password: " + ex.Message );
}
return ldapPwd;
}
Maybe our LDAP is a little bit different or I don't understand the stuff!
the sample in msdn.
I wrote a class LdapAuthentication with a method
public bool IsAuthenticated(String domain, String username, String pwd)
{
String domainAndUsername = domain + @"\" + username;
DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd,
AuthenticationTypes.Anonymous);
try
{
Object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(cn=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if ( null == result )
{
return false;
}
_path = result.Path;
result.GetDirectoryEntry();
_filterAttribute = (String)result.Properties["cn"][0];
}
catch(Exception ex)
{
throw new Exception("Error authenticating user: " + ex.Message );
}
return true;
}
The problem is, that the DirectorySearcher doesn't tell me if a user is
authenticated. It only tells me: an entry with (cn="+username+") has
been found.
The new _path shows me the way to my user (ldap://server/cn=user....).
The user has a attribute named userPassword (which is encrypted in
crypt-mode). So I have to compare the user input to the userPassword
stored in LDAP. My problem: I can't fetch out the userPassword! I need
it to get the salt.
I tried it with the following method (where _path is the whole path to
the user information):
public String GetPwd()
{
DirectoryEntry entry = new DirectoryEntry(_path);
DirectorySearcher search = new DirectorySearcher(entry);
search.PropertiesToLoad.Add("userPassword");
String ladpPwd = "";
try
{
SearchResult result = search.FindOne();
ladpPwd = result.Properties["userPassword"][0];
}
catch ( Exception ex )
{
throw new Exception("Could not find password: " + ex.Message );
}
return ldapPwd;
}
Maybe our LDAP is a little bit different or I don't understand the stuff!