Reputation: 41
kerberos authentication over ldap
I am working on console application which fetch the users data from active directory using ldap DirectoryServices.Protocols. Currently i am able to fetch the data using the basic authentication over SSL, TLS and simple connection (neither SSL nor TLS). but now i wanted to fetch the data using the kerberos authentication over SSL, TLS and simple connection. I am currently using the below code for this.
LdapDirectoryIdentifier ldap_id = new LdapDirectoryIdentifier(
host,
Int32.Parse(port),
true,
false);
LdapConnection con = new LdapConnection(ldap_id);
con.AuthType = AuthType.Kerberos;
con.SessionOptions.Sealing = true;
con.SessionOptions.Signing = true;
con.SessionOptions.ProtocolVersion = 3;
con.Bind();
This gives me error as "ldap server is unavailable". Can someone please suggest what is wrong with the above code? Also please let me know if any setting I need to do on the server and client for kerberos authentication. Do I need to pass the network credentials as give below as I am passing it for basic authentication?
LdapDirectoryIdentifier ldapIdentifier = new LdapDirectoryIdentifier(
host,
Int32.Parse(port),
true,
false);
NetworkCredential credential = new NetworkCredential(username, password);
LdapConnection con = new LdapConnection(ldapIdentifier, credential, AuthType.Kerberos);
con.SessionOptions.Sealing = true;
con.SessionOptions.Signing = true;
con.SessionOptions.ProtocolVersion = 3;
con.Bind();
Upvotes: 2
Views: 4585
Answers (2)
Reputation: 41
Below is the code that works for Basic, Kerberos Authentication over SSL, TLS and simple (neither SSL nor TLS connection) over LDAP.
Note : The connectionAccountName passed to the NetworkCredential should be the user principle name. you can check user's principle name by checking the Attribute userPrincipleName value in the AttributeEditor section of user of Active Directory and Port for ssl is 636 and for other it will be 389.
var networkCredential = new NetworkCredential(connectionAccountName, connectionAccountPassword);
LdapDirectoryIdentifier ldapDirectoryIdentifier = null;
switch (connectionType)
{
case LDAPConnectionType.SSL:
ldapDirectoryIdentifier = new LdapDirectoryIdentifier(ldapServerName, Convert.ToInt16(LDAPPorts.SSL));
ldapConnection = new LdapConnection(ldapDirectoryIdentifier, networkCredential, authType);
ldapConnection.SessionOptions.ProtocolVersion = 3;
ldapConnection.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(ServerCallback);
ldapConnection.SessionOptions.SecureSocketLayer = true;
break;
case LDAPConnectionType.TLS:
ldapDirectoryIdentifier = new LdapDirectoryIdentifier(ldapServerName, Convert.ToInt16(LDAPPorts.Default));
ldapConnection = new LdapConnection(ldapDirectoryIdentifier, networkCredential, authType);
ldapConnection.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(ServerCallback);
ldapConnection.SessionOptions.StartTransportLayerSecurity(null);
break;
default:
ldapDirectoryIdentifier = new LdapDirectoryIdentifier(ldapServerName, Convert.ToInt16(LDAPPorts.Default));
ldapConnection = new LdapConnection(ldapDirectoryIdentifier, networkCredential, authType);
break;
}
ldapConnection.Bind();
Thanks
Umesh Tayade
Upvotes: 1
Related Questions
- Login authentication via LDAP
- Forms Authentication against Active Directory - LDAP Protocol
- Authenticate with Kerberos in .NET Web API
- Implement Kerberos authentication using C# on IIS
- Kerberos Authentication always unsuccessful
- How to authenticate in LDAP?
- Active Directory Authentication With C#
- c# against Active Directory over LDAP
- How to authenticate users in Active Directory using AuthType.Kerberos?
- Using Kerberos & LDAP