LDAP

Discussion in 'ASP .Net Security' started by jsh02_nova, Nov 10, 2005.

  1. jsh02_nova

    jsh02_nova Guest

    Anybody have experience with authenticating PKI certificates with CA using
    LDAP? I'm try to find a .Net algorithm or code that makes a LDAP request.

    thx
    -jhs
     
    jsh02_nova, Nov 10, 2005
    #1
    1. Advertising

  2. System.DirectoryServices is where the LDAP stack for .NET lives.

    What exactly do you need to look up in LDAP? Do you need to find a
    certificate for a user or just an identifying attribute?

    Joe K.

    "jsh02_nova" <> wrote in message
    news:...
    > Anybody have experience with authenticating PKI certificates with CA using
    > LDAP? I'm try to find a .Net algorithm or code that makes a LDAP request.
    >
    > thx
    > -jhs
    >
    >
     
    Joe Kaplan \(MVP - ADSI\), Nov 11, 2005
    #2
    1. Advertising

  3. Thanks for responding Joe K.,
    I just have to lookup an identifying attribute such as a username. I
    have to come up with an algorithm that authenticates an incoming request
    using PKI certificates, so after researching on msdn it seems the first
    step in authentication is verifying the username in the certificate
    against a username in a directory account on a directory server.
    Do you know any algorithm that show how to pull out the username and
    the CA url from a Class 3 PKI certificate?

    thx
    -jsh



    *** Sent via Developersdex http://www.developersdex.com ***
     
    John Holsinger, Nov 11, 2005
    #3
  4. In .NET, you will typically use the X509Certificate (or perhaps
    X509Certificate2 in .NET 2.0) to wrap binary certificate data. From there,
    there are a variety of methods that pull various known fields such as
    subject out of the certificate. Once you have that as a string, you can
    generally use that to formulate a filter for an LDAP query and you are all
    set.

    It really depends on what data in the certificate contains your identifying
    attribute and whether X509Certificate supports it directly.

    I'd try looking at that first. If you need stuff out of the cert that is
    not supported by X509Certificate, you'll likely need to p/invoke. Mitch
    Gallant has a fantastic website with lots of info dedicated to doing fancy
    stuff with PKI and crypto that way.

    Joe K.

    "John Holsinger" <> wrote in message
    news:%...
    > Thanks for responding Joe K.,
    > I just have to lookup an identifying attribute such as a username. I
    > have to come up with an algorithm that authenticates an incoming request
    > using PKI certificates, so after researching on msdn it seems the first
    > step in authentication is verifying the username in the certificate
    > against a username in a directory account on a directory server.
    > Do you know any algorithm that show how to pull out the username and
    > the CA url from a Class 3 PKI certificate?
    >
    > thx
    > -jsh
    >
    >
    >
    > *** Sent via Developersdex http://www.developersdex.com ***
     
    Joe Kaplan \(MVP - ADSI\), Nov 11, 2005
    #4
  5. jsh02_nova

    jsh02_nova Guest

    Thanks.

    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:...
    > In .NET, you will typically use the X509Certificate (or perhaps
    > X509Certificate2 in .NET 2.0) to wrap binary certificate data. From

    there,
    > there are a variety of methods that pull various known fields such as
    > subject out of the certificate. Once you have that as a string, you can
    > generally use that to formulate a filter for an LDAP query and you are all
    > set.
    >
    > It really depends on what data in the certificate contains your

    identifying
    > attribute and whether X509Certificate supports it directly.
    >
    > I'd try looking at that first. If you need stuff out of the cert that is
    > not supported by X509Certificate, you'll likely need to p/invoke. Mitch
    > Gallant has a fantastic website with lots of info dedicated to doing fancy
    > stuff with PKI and crypto that way.
    >
    > Joe K.
    >
    > "John Holsinger" <> wrote in message
    > news:%...
    > > Thanks for responding Joe K.,
    > > I just have to lookup an identifying attribute such as a username. I
    > > have to come up with an algorithm that authenticates an incoming request
    > > using PKI certificates, so after researching on msdn it seems the first
    > > step in authentication is verifying the username in the certificate
    > > against a username in a directory account on a directory server.
    > > Do you know any algorithm that show how to pull out the username and
    > > the CA url from a Class 3 PKI certificate?
    > >
    > > thx
    > > -jsh
    > >
    > >
    > >
    > > *** Sent via Developersdex http://www.developersdex.com ***

    >
    >
     
    jsh02_nova, Nov 11, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    554
    Raymond DeCampo
    Feb 21, 2006
  2. rcmn
    Replies:
    1
    Views:
    373
    =?ISO-8859-1?Q?Michael_Str=F6der?=
    Nov 6, 2006
  3. Jason Wold

    using LDAP Controls in ruby-ldap

    Jason Wold, Nov 4, 2004, in forum: Ruby
    Replies:
    5
    Views:
    281
  4. Ian Macdonald
    Replies:
    0
    Views:
    239
    Ian Macdonald
    Mar 15, 2005
  5. James Hughes
    Replies:
    4
    Views:
    351
    James Hughes
    Dec 13, 2005
Loading...

Share This Page