ADAM authentication

Discussion in 'ASP .Net Security' started by Bill Belliveau, Jan 31, 2004.

  1. I've been kicking around ADAM on a 2003 server for a couple of days and after getting the major classes in the schema and making a few objects, now I'm ready to programitically test it. I am able to use the LDP tool locally or remotely to logon as a Windows Identity (admin) or as an ADAM user. I have written code to get AD objects but cant get any ADAM code working nor the examples from the documentation. I'm not sure if this is an ADAM issue or if it has more to do with my unfamiliarity with the Directory

    Below is a mess of code I've blindly been stabing around with. The exceptions I get are usually either the famous "operations error" or "unwilling to process the request" unless I'm reading the rootdse, so it seems to be a security issue. I'm accessing from a Windows 2000 box which seems to have security issues with ADAM, however LDP works.

    Ideas
    Bil

    -- messy code begin-
    DirectoryEntry myEntry = new DirectoryEntry()
    //myEntry.AuthenticationType = AuthenticationTypes.Encryption | AuthenticationTypes.Signing
    //myEntry.Path = @"LDAP://computer:50000/cn=mary baker,ou=adam users,o=microsoft,c=us"
    //myEntry.Path = @"LDAP://computer:50000/o=microsoft"
    //myEntry.Path = @"LDAP://computer:50000/cn=mary baker,ou=adam users,o=microsoft,c=us"
    myEntry.Path = @"LDAP://computer:50000/rootdse"
    myEntry.Password = ""
    myEntry.Username = @"localcompany\Administrator"

    tr

    Debug.Write(myEntry.Guid)
    Object obj = myEntry.NativeObject

    catch(Exception Ex

    Debug.Write(Ex.ToString())
    Debug.Write(Ex.InnerException)
    Debug.Write(Ex.Source)
    Debug.Write(Ex.HelpLink);
    Debug.Write((System.Runtime.InteropServices.Marshal.GetLastWin32Error()).ToString())

    //tr
    //
    //DirectoryEntry myEntry = new DirectoryEntry("LDAP://computer:50000/o=microsoft")
    /
    //myEntry.AuthenticationType = AuthenticationTypes.Encryption | AuthenticationTypes.Signing
    //Debug.Write(myEntry.Name + myEntry.Guid)
    //Debug.Write("Logon = true")
    //
    //catch(Exception Ex
    //
    //Debug.Write(Ex.ToString())
    //Debug.Write(Ex.InnerException)
    //Debug.Write(Ex.Source)
    //Debug.Write(Ex.HelpLink);
    //Debug.Write((System.Runtime.InteropServices.Marshal.GetLastWin32Error()).ToString())
    //
    -------
    Bill Belliveau, Jan 31, 2004
    #1
    1. Advertising

  2. Since no one else chimed in, I did a little bit more poking around on this.
    I haven't done a lot with ADAM yet and have not successfully set a password
    on an ADAM user yet (need a hotfix I think), but here are a couple of
    things:

    With an AD user, you should be able to bind with AuthenticationTypes.Secure
    always. Generally you can pass the username in domain\username format, upn
    format (), distinguished name, or plain user name (although
    that only works with Secure binding).

    With ADAM users, I believe you need to use the distinguished name of the
    user for the username. I don't think you can use Secure binding, so if you
    want to avoid plaintext binds, you need to use SSL.

    To get more details, I'd suggest you follow up in the
    microsoft.public.windows.server.active_directory newsgroup. Dmitri or Eric
    are much deeper in ADAM than I am and should be able to fill in the details.

    Joe K.

    "Bill Belliveau" <> wrote in message
    news:...
    > I've been kicking around ADAM on a 2003 server for a couple of days and

    after getting the major classes in the schema and making a few objects, now
    I'm ready to programitically test it. I am able to use the LDP tool locally
    or remotely to logon as a Windows Identity (admin) or as an ADAM user. I
    have written code to get AD objects but cant get any ADAM code working nor
    the examples from the documentation. I'm not sure if this is an ADAM issue
    or if it has more to do with my unfamiliarity with the Directory.
    >
    > Below is a mess of code I've blindly been stabing around with. The

    exceptions I get are usually either the famous "operations error" or
    "unwilling to process the request" unless I'm reading the rootdse, so it
    seems to be a security issue. I'm accessing from a Windows 2000 box which
    seems to have security issues with ADAM, however LDP works.
    >
    > Ideas?
    > Bill
    >
    >
    > -- messy code begin--
    > DirectoryEntry myEntry = new DirectoryEntry();
    > //myEntry.AuthenticationType = AuthenticationTypes.Encryption |

    AuthenticationTypes.Signing;
    > //myEntry.Path = @"LDAP://computer:50000/cn=mary baker,ou=adam

    users,o=microsoft,c=us";
    > //myEntry.Path = @"LDAP://computer:50000/o=microsoft";
    > //myEntry.Path = @"LDAP://computer:50000/cn=mary baker,ou=adam

    users,o=microsoft,c=us";
    > myEntry.Path = @"LDAP://computer:50000/rootdse";
    > myEntry.Password = "";
    > myEntry.Username = @"localcompany\Administrator";
    >
    >
    > try
    > {
    > Debug.Write(myEntry.Guid);
    > Object obj = myEntry.NativeObject;
    > }
    > catch(Exception Ex)
    > {
    > Debug.Write(Ex.ToString());
    > Debug.Write(Ex.InnerException);
    > Debug.Write(Ex.Source);
    > Debug.Write(Ex.HelpLink);
    >

    Debug.Write((System.Runtime.InteropServices.Marshal.GetLastWin32Error()).ToS
    tring());
    > }
    > //try
    > //{
    > //DirectoryEntry myEntry = new

    DirectoryEntry("LDAP://computer:50000/o=microsoft");
    > //
    > //myEntry.AuthenticationType = AuthenticationTypes.Encryption |

    AuthenticationTypes.Signing;
    > //Debug.Write(myEntry.Name + myEntry.Guid);
    > //Debug.Write("Logon = true");
    > //}
    > //catch(Exception Ex)
    > //{
    > //Debug.Write(Ex.ToString());
    > //Debug.Write(Ex.InnerException);
    > //Debug.Write(Ex.Source);
    > //Debug.Write(Ex.HelpLink);
    >

    //Debug.Write((System.Runtime.InteropServices.Marshal.GetLastWin32Error()).T
    oString());
    > //}
    > -------
    Joe Kaplan \(MVP - ADSI\), Feb 3, 2004
    #2
    1. Advertising

  3. Thanks Joe, that is the same understanding I have
    I got WindowsIdentity working in ADAM when the AuthenticationTypes are set to secure. I'm guessing that to write with a WindowsIdentity you also need to set the Sign and Encrypt flags based the LDP usage from the ADAM documentation

    For the moment I've been pulled into another area, but when this comes up again (and it will) I'll be sure to post a message to the AD group

    You've been a very helpful sounding board, thanks for all the input
    Bil

    ----- Joe Kaplan (MVP - ADSI) wrote: ----

    Since no one else chimed in, I did a little bit more poking around on this
    I haven't done a lot with ADAM yet and have not successfully set a passwor
    on an ADAM user yet (need a hotfix I think), but here are a couple o
    things

    With an AD user, you should be able to bind with AuthenticationTypes.Secur
    always. Generally you can pass the username in domain\username format, up
    format (), distinguished name, or plain user name (althoug
    that only works with Secure binding)

    With ADAM users, I believe you need to use the distinguished name of th
    user for the username. I don't think you can use Secure binding, so if yo
    want to avoid plaintext binds, you need to use SSL

    To get more details, I'd suggest you follow up in th
    microsoft.public.windows.server.active_directory newsgroup. Dmitri or Eri
    are much deeper in ADAM than I am and should be able to fill in the details

    Joe K.
    Bill Belliveau, Feb 3, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?RQ==?=
    Replies:
    0
    Views:
    1,003
    =?Utf-8?B?RQ==?=
    Nov 17, 2005
  2. Lorenzo Soncini

    Authentication in ADAM

    Lorenzo Soncini, Dec 24, 2004, in forum: ASP .Net Security
    Replies:
    2
    Views:
    187
    Patrick Olurotimi Ige
    Dec 28, 2004
  3. Ann

    window authentication against ADAM users

    Ann, Jan 24, 2005, in forum: ASP .Net Security
    Replies:
    3
    Views:
    130
    Joe Kaplan \(MVP - ADSI\)
    Jan 24, 2005
  4. Mafuba

    Windows Authentication with ADAM

    Mafuba, May 12, 2005, in forum: ASP .Net Security
    Replies:
    2
    Views:
    170
    Dominick Baier [DevelopMentor]
    May 14, 2005
  5. gely

    Forms Authentication against ADAM

    gely, Sep 12, 2006, in forum: ASP .Net Security
    Replies:
    2
    Views:
    490
Loading...

Share This Page