M
mkruluts
Guest
I am working on a project using the .NET 4.5 framework. The company requires the application code to pass through a code analyzer, before it can go to production.
I have an LDAP class where I perform simple searches, but I need to encode the Filter of my queries to make this web application safer. I have found a lot of information on the internet talking about the System.Web.Security.AntiXss namespace, and specifically this website says to use Encoder.LdapFilterEncode(string).
All I can find in that namespace, is what corresponds with the Microsoft documentation, which doesn't have an LdapFilterEncode method. Microsoft even mentions this namespace to prevent LDAP injection attacks on this website, but doesn't identify which method to specifically use for it.
If the LdapFilterEncode is no longer being used, which method should I use in the AntiXss namespace? AntiXssEncoder.HtmlEncode(string, bool)?
Here is a snippet of code to show you what I am working with, the issue is with the _DirectorySearcher.Filter line...
using (DirectorySearcher _DirectorySearcher = new DirectorySearcher(_DirectoryEntry))
{
_DirectorySearcher.SearchScope = SearchScope.Subtree;
_DirectorySearcher.Filter = string.Format("(sAMAccountName={0})", _User[1]);
_DirectorySearcher.PropertiesToLoad.Add("mail");
_DirectorySearcher.PropertiesToLoad.Add("displayName");
}
Any help would be greatly appreciated. Thank you in advance.
Continue reading...
I have an LDAP class where I perform simple searches, but I need to encode the Filter of my queries to make this web application safer. I have found a lot of information on the internet talking about the System.Web.Security.AntiXss namespace, and specifically this website says to use Encoder.LdapFilterEncode(string).
All I can find in that namespace, is what corresponds with the Microsoft documentation, which doesn't have an LdapFilterEncode method. Microsoft even mentions this namespace to prevent LDAP injection attacks on this website, but doesn't identify which method to specifically use for it.
If the LdapFilterEncode is no longer being used, which method should I use in the AntiXss namespace? AntiXssEncoder.HtmlEncode(string, bool)?
Here is a snippet of code to show you what I am working with, the issue is with the _DirectorySearcher.Filter line...
using (DirectorySearcher _DirectorySearcher = new DirectorySearcher(_DirectoryEntry))
{
_DirectorySearcher.SearchScope = SearchScope.Subtree;
_DirectorySearcher.Filter = string.Format("(sAMAccountName={0})", _User[1]);
_DirectorySearcher.PropertiesToLoad.Add("mail");
_DirectorySearcher.PropertiesToLoad.Add("displayName");
}
Any help would be greatly appreciated. Thank you in advance.
Continue reading...