EDN Admin
Well-known member
Im trying to query an LDAP server and verify 1) that the user exists, 2) that their password is correct. I can successfuly do #1, but my code also works even if I use a bad password.
Any help would be appreciated. public LDAPConnect(string ldapHost, string ldapUser, string ldapPwd, string ldapDomain, string ldapTarget)
{
setParameters(ldapHost, ldapUser, ldapPwd, ldapDomain, ldapTarget); // Set the properties
//Create LDAP Entry point
DirectoryEntry deService = new DirectoryEntry();
deService .Path = "LDAP://" + ldapHost + "/" + ldapTarget;
deService .Username = ldapUser;
//deService .Password = ldapPwd;
deService .AuthenticationType = AuthenticationTypes.Anonymous;
DirectorySearcher dsSearch = new DirectorySearcher(deService );
dsSearch.Filter = "(cn=" + ldapUser + ")";
dsSearch.PropertiesToLoad.Add("uid");
try
{
SearchResult srResult = dsSearch.FindOne();
if (srResult != null)
{
if (srResult.Properties.Contains("lockoutTime"))
{
if (Int64.Parse(srResult.Properties["lockoutTime"][0].ToString()) != 0)
{
//they are locked out... so throw error or return false;
result = false;
response = "User is locked out";
}
}
//otherwise, verify creds.
DirectoryEntry deUser = srResult.GetDirectoryEntry();
deUser.Username = ldapUser;
deUser.Password = ldapPwd;
deUser.AuthenticationType = AuthenticationTypes.Secure;
try
{
//just create a var, it will fail if creds are wrong.
string path = deUser.Path;
result = true;
response = "Good credentials"; // ok, good creds if you got here
}
catch (Exception ex)
{
//so, this means their password was bad... NOT the username.
result = false;
response = "Bad credentials";
}
finally
{
deUser.Dispose();
}
}
else
{
//throw an error here since you did not find the user (bad username)
result = false;
response = "Did not find user";
}
}
catch (Exception e)
{
result = false;
response = "Authentication server is offline or VPN not established.";
}
finally {
deService.Dispose();
dsSearch.Dispose();
}
}
View the full article
Any help would be appreciated. public LDAPConnect(string ldapHost, string ldapUser, string ldapPwd, string ldapDomain, string ldapTarget)
{
setParameters(ldapHost, ldapUser, ldapPwd, ldapDomain, ldapTarget); // Set the properties
//Create LDAP Entry point
DirectoryEntry deService = new DirectoryEntry();
deService .Path = "LDAP://" + ldapHost + "/" + ldapTarget;
deService .Username = ldapUser;
//deService .Password = ldapPwd;
deService .AuthenticationType = AuthenticationTypes.Anonymous;
DirectorySearcher dsSearch = new DirectorySearcher(deService );
dsSearch.Filter = "(cn=" + ldapUser + ")";
dsSearch.PropertiesToLoad.Add("uid");
try
{
SearchResult srResult = dsSearch.FindOne();
if (srResult != null)
{
if (srResult.Properties.Contains("lockoutTime"))
{
if (Int64.Parse(srResult.Properties["lockoutTime"][0].ToString()) != 0)
{
//they are locked out... so throw error or return false;
result = false;
response = "User is locked out";
}
}
//otherwise, verify creds.
DirectoryEntry deUser = srResult.GetDirectoryEntry();
deUser.Username = ldapUser;
deUser.Password = ldapPwd;
deUser.AuthenticationType = AuthenticationTypes.Secure;
try
{
//just create a var, it will fail if creds are wrong.
string path = deUser.Path;
result = true;
response = "Good credentials"; // ok, good creds if you got here
}
catch (Exception ex)
{
//so, this means their password was bad... NOT the username.
result = false;
response = "Bad credentials";
}
finally
{
deUser.Dispose();
}
}
else
{
//throw an error here since you did not find the user (bad username)
result = false;
response = "Did not find user";
}
}
catch (Exception e)
{
result = false;
response = "Authentication server is offline or VPN not established.";
}
finally {
deService.Dispose();
dsSearch.Dispose();
}
}
View the full article