LDAP

J

jsh02_nova

Anybody have experience with authenticating PKI certificates with CA using
LDAP? I'm try to find a .Net algorithm or code that makes a LDAP request.

thx
-jhs
 
J

Joe Kaplan \(MVP - ADSI\)

System.DirectoryServices is where the LDAP stack for .NET lives.

What exactly do you need to look up in LDAP? Do you need to find a
certificate for a user or just an identifying attribute?

Joe K.
 
J

John Holsinger

Thanks for responding Joe K.,
I just have to lookup an identifying attribute such as a username. I
have to come up with an algorithm that authenticates an incoming request
using PKI certificates, so after researching on msdn it seems the first
step in authentication is verifying the username in the certificate
against a username in a directory account on a directory server.
Do you know any algorithm that show how to pull out the username and
the CA url from a Class 3 PKI certificate?

thx
-jsh
 
J

Joe Kaplan \(MVP - ADSI\)

In .NET, you will typically use the X509Certificate (or perhaps
X509Certificate2 in .NET 2.0) to wrap binary certificate data. From there,
there are a variety of methods that pull various known fields such as
subject out of the certificate. Once you have that as a string, you can
generally use that to formulate a filter for an LDAP query and you are all
set.

It really depends on what data in the certificate contains your identifying
attribute and whether X509Certificate supports it directly.

I'd try looking at that first. If you need stuff out of the cert that is
not supported by X509Certificate, you'll likely need to p/invoke. Mitch
Gallant has a fantastic website with lots of info dedicated to doing fancy
stuff with PKI and crypto that way.

Joe K.
 
J

jsh02_nova

Thanks.

Joe Kaplan (MVP - ADSI) said:
In .NET, you will typically use the X509Certificate (or perhaps
X509Certificate2 in .NET 2.0) to wrap binary certificate data. From there,
there are a variety of methods that pull various known fields such as
subject out of the certificate. Once you have that as a string, you can
generally use that to formulate a filter for an LDAP query and you are all
set.

It really depends on what data in the certificate contains your identifying
attribute and whether X509Certificate supports it directly.

I'd try looking at that first. If you need stuff out of the cert that is
not supported by X509Certificate, you'll likely need to p/invoke. Mitch
Gallant has a fantastic website with lots of info dedicated to doing fancy
stuff with PKI and crypto that way.

Joe K.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top