Pure LDAP Authentication using vb.net

Discussion in 'ASP .Net Security' started by Chris Davoli, Sep 19, 2006.

  1. Chris Davoli

    Chris Davoli Guest

    I need a vb.net sample code that authenticates users against a repository
    that supports LDAP. The resposiitory is NOT Active Directory. After
    authentication it would be great if the sample code also retrieves group
    membership using LDAP.

    --
    Chris Davoli
     
    Chris Davoli, Sep 19, 2006
    #1
    1. Advertising

  2. Chris Davoli

    Joe Kaplan Guest

    My book has some stuff showing how to do an LDAP bind to a directory in
    order to implement LDAP authentication (ch 12). Most of it deals directly
    with AD or ADAM, but it can be applied to other directories.

    The trick with most non-MS directories is that none of the
    Microsoft-specific authentication mechanisms like GSS-SPNEGO will work, so
    you will likely need to use something like LDAP simple bind. This must be
    secured with an SSL/LDAP connection to the server, as simple bind uses
    plaintext credentials.

    Getting group membership is something that is typically done with some sort
    of search against the directory, but the specifics of it will vary from
    directory to directory. You probably should get an explanation of how it is
    done for this product in terms of pure LDAP operations. Then you can
    translate that into .NET.

    You may also be more successful using something like
    System.DirectoryServices.Protocols (SDS.P) in .NET 2.0 rather than the
    higher level System.DirectoryServices (SDS), as the latter uses ADSI under
    the hood, and ADSI tends to make a lot of default assumptions about talking
    to AD that can make things complicated. You get more control with SDS.P.

    The code samples from my book can be downloaded for free from the site in my
    sig. Ch 12 has the auth samples. I'd suggest modifying the SDS.P sample to
    suit your needs.

    Best of luck,

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Chris Davoli" <> wrote in message
    news:D...
    >I need a vb.net sample code that authenticates users against a repository
    > that supports LDAP. The resposiitory is NOT Active Directory. After
    > authentication it would be great if the sample code also retrieves group
    > membership using LDAP.
    >
    > --
    > Chris Davoli
    >
     
    Joe Kaplan, Sep 19, 2006
    #2
    1. Advertising

  3. Chris Davoli

    Chris Davoli Guest

    Joe, were using LDAP against Novell Directory Services. Do you have any
    sample code that does this?
    --
    Chris Davoli



    "Joe Kaplan" wrote:

    > My book has some stuff showing how to do an LDAP bind to a directory in
    > order to implement LDAP authentication (ch 12). Most of it deals directly
    > with AD or ADAM, but it can be applied to other directories.
    >
    > The trick with most non-MS directories is that none of the
    > Microsoft-specific authentication mechanisms like GSS-SPNEGO will work, so
    > you will likely need to use something like LDAP simple bind. This must be
    > secured with an SSL/LDAP connection to the server, as simple bind uses
    > plaintext credentials.
    >
    > Getting group membership is something that is typically done with some sort
    > of search against the directory, but the specifics of it will vary from
    > directory to directory. You probably should get an explanation of how it is
    > done for this product in terms of pure LDAP operations. Then you can
    > translate that into .NET.
    >
    > You may also be more successful using something like
    > System.DirectoryServices.Protocols (SDS.P) in .NET 2.0 rather than the
    > higher level System.DirectoryServices (SDS), as the latter uses ADSI under
    > the hood, and ADSI tends to make a lot of default assumptions about talking
    > to AD that can make things complicated. You get more control with SDS.P.
    >
    > The code samples from my book can be downloaded for free from the site in my
    > sig. Ch 12 has the auth samples. I'd suggest modifying the SDS.P sample to
    > suit your needs.
    >
    > Best of luck,
    >
    > Joe K.
    >
    > --
    > Joe Kaplan-MS MVP Directory Services Programming
    > Co-author of "The .NET Developer's Guide to Directory Services Programming"
    > http://www.directoryprogramming.net
    > --
    > "Chris Davoli" <> wrote in message
    > news:D...
    > >I need a vb.net sample code that authenticates users against a repository
    > > that supports LDAP. The resposiitory is NOT Active Directory. After
    > > authentication it would be great if the sample code also retrieves group
    > > membership using LDAP.
    > >
    > > --
    > > Chris Davoli
    > >

    >
    >
    >
     
    Chris Davoli, Sep 19, 2006
    #3
  4. Chris Davoli

    Joe Kaplan Guest

    The combo of 12.3-12.5 from our book's website would probably be a
    reasonable place to start looking. I believe the full samples will also
    contain all of that stuff in a synthesized format. Those are C# only
    though. The raw listings are both VB and C#.

    Like I said, I don't know how to do group membership in Novell, so I don't
    have a sample. You'll need to ask someone. Typically, this goes by looking
    at the memberOf attribute on the user's object, but I'm not sure if that
    applies to eDirectory. Group membership is wickedly complex in Windows due
    to security/distro groups, group types (local, global and universal),
    nesting and the possibility of multiple domains and forests. Some
    directories support calculated group membership based on search filters.

    Best of luck,

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Chris Davoli" <> wrote in message
    news:...
    > Joe, were using LDAP against Novell Directory Services. Do you have any
    > sample code that does this?
    > --
    > Chris Davoli
    >
    >
    >
    > "Joe Kaplan" wrote:
    >
    >> My book has some stuff showing how to do an LDAP bind to a directory in
    >> order to implement LDAP authentication (ch 12). Most of it deals
    >> directly
    >> with AD or ADAM, but it can be applied to other directories.
    >>
    >> The trick with most non-MS directories is that none of the
    >> Microsoft-specific authentication mechanisms like GSS-SPNEGO will work,
    >> so
    >> you will likely need to use something like LDAP simple bind. This must
    >> be
    >> secured with an SSL/LDAP connection to the server, as simple bind uses
    >> plaintext credentials.
    >>
    >> Getting group membership is something that is typically done with some
    >> sort
    >> of search against the directory, but the specifics of it will vary from
    >> directory to directory. You probably should get an explanation of how it
    >> is
    >> done for this product in terms of pure LDAP operations. Then you can
    >> translate that into .NET.
    >>
    >> You may also be more successful using something like
    >> System.DirectoryServices.Protocols (SDS.P) in .NET 2.0 rather than the
    >> higher level System.DirectoryServices (SDS), as the latter uses ADSI
    >> under
    >> the hood, and ADSI tends to make a lot of default assumptions about
    >> talking
    >> to AD that can make things complicated. You get more control with SDS.P.
    >>
    >> The code samples from my book can be downloaded for free from the site in
    >> my
    >> sig. Ch 12 has the auth samples. I'd suggest modifying the SDS.P sample
    >> to
    >> suit your needs.
    >>
    >> Best of luck,
    >>
    >> Joe K.
    >>
    >> --
    >> Joe Kaplan-MS MVP Directory Services Programming
    >> Co-author of "The .NET Developer's Guide to Directory Services
    >> Programming"
    >> http://www.directoryprogramming.net
    >> --
    >> "Chris Davoli" <> wrote in message
    >> news:D...
    >> >I need a vb.net sample code that authenticates users against a
    >> >repository
    >> > that supports LDAP. The resposiitory is NOT Active Directory. After
    >> > authentication it would be great if the sample code also retrieves
    >> > group
    >> > membership using LDAP.
    >> >
    >> > --
    >> > Chris Davoli
    >> >

    >>
    >>
    >>
     
    Joe Kaplan, Sep 19, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Todd Aspeotis
    Replies:
    3
    Views:
    471
    Kanenas
    May 30, 2005
  2. =?Utf-8?B?Q2hyaXMgRGF2b2xp?=

    Pure LDAP Authentication using vb.net

    =?Utf-8?B?Q2hyaXMgRGF2b2xp?=, Sep 19, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    3,583
    =?Utf-8?B?Q2hyaXMgRGF2b2xp?=
    Sep 19, 2006
  3. Replies:
    4
    Views:
    799
    Ben C
    Mar 29, 2008
  4. Jason Wold

    using LDAP Controls in ruby-ldap

    Jason Wold, Nov 4, 2004, in forum: Ruby
    Replies:
    5
    Views:
    255
  5. Replies:
    1
    Views:
    212
    Austin Ziegler
    Oct 11, 2006
Loading...

Share This Page