Clever Geek Handbook

ADAM Authentication with ADAM User and Easy Bind

I followed Microsoft's ADAM walkthrough step by step and set up an ADAM instance on my local machine. I am trying to authenticate using the "Mary Baker" account, but every time I get a COM exception on the line if (entry.Guid != null)

below. The exception indicates that an unknown username or bad password exists.

However, I can use the ldp utility to connect to ADAM and do a simple bind successfully, so I know the username exists and I have the correct password.

I also set the msDS-UserAccountDisabled property for the user to false and added the user to the Administrators and Readers role.

Any thoughts?

    path = "LDAP://localhost:50000/O=Microsoft,c=US";
    userId = "CN=Mary Baker,OU=ADAM users,";
    password = "Mary@101";

    DirectoryEntry entry = new DirectoryEntry(path, userId, password, AuthenticationTypes.None);
    if (entry.Guid != null)
        LoadWelcomeScreen();

Thank.

0


source to share


4 answers


ADAM stores a unique user ID in a displayName

class attribute user

. They must be unique across the ADAM instance for user authentication. If two users have both attributes displayName

set to "jsmith" then neither user can authenticate to ADAM.



Use the ldp utility to query displayName

for Mary Baker. It could be something like "mbaker". Use this value as userId in this code.

+1


source


Thanks Ryan for your feedback on displayName. Leave my test class on my local ADAM instance for anyone else who might be interested.



    [TestMethod]
    public void CreateUserAccount()
    {
        var username = "amurray";
        var password = "ADAMComplexPassword1234";
        var firstname = "Andy";
        var lastname = "Murray";

        const AuthenticationTypes authTypes = AuthenticationTypes.Signing |
                                              AuthenticationTypes.Sealing |
                                              AuthenticationTypes.Secure;

        var ldapPath = "LDAP://localhost:389/OU=MyProject,OU=Applications,DC=Company,DC=ADAM";
        using (var dirEntry = new DirectoryEntry(ldapPath, "MyPC\\adamuser", "Password1!", authTypes))
        {
            DirectoryEntry user = null;
            const int ADS_PORT = 389;
            const long ADS_OPTION_PASSWORD_PORTNUMBER = 6;
            const long ADS_OPTION_PASSWORD_METHOD = 7;
            const int ADS_PASSWORD_ENCODE_CLEAR = 1;

            try
            {
                user = dirEntry.Children.Add(string.Format("CN={0} {1}", firstname, lastname), "user");
                user.Properties["displayName"].Value = username;
                user.Properties["userPrincipalName"].Value = username;
                user.Properties["msDS-UserAccountDisabled"].Value = false;
                user.Properties["msDS-UserDontExpirePassword"].Value = true;
                user.CommitChanges();
                var userid = user.Guid.ToString();

                // Set port number, method, and password.
                user.Invoke("SetOption", new object[]{ADS_OPTION_PASSWORD_PORTNUMBER,ADS_PORT});
                user.Invoke("SetOption", new object[]{ADS_OPTION_PASSWORD_METHOD,ADS_PASSWORD_ENCODE_CLEAR});

                user.Invoke("SetPassword", new object[] {password});
                user.CommitChanges();
                user.Close();
            }
            catch (Exception e)
            {
                var msg = e.GetBaseException().Message;
                Console.WriteLine(e);
                System.Diagnostics.Debug.Print(msg);
            }                
        }
    }


    [TestMethod]
    public void TestUserAuthentication()
    {
        try
        {
            var ldsContext = new PrincipalContext(ContextType.ApplicationDirectory, "localhost:389",
                                                  "OU=MyProject,OU=Applications,DC=Company,DC=ADAM",
                                                  ContextOptions.SimpleBind);

            // Returns true if login details are valid
            var isValid = ldsContext.ValidateCredentials("amurray", "ADAMComplexPassword1234", ContextOptions.SimpleBind);
        }
        catch (Exception e)
        {
            var msg = e.GetBaseException().Message;
            Console.WriteLine(e);
            System.Diagnostics.Debug.Print(msg);
        }
    }
+1


source


my name is ADAM and I do not approve of this authentication.

(lol, sorry, I had to do it)

0


source


I have not used ADAM or System.DirectoryServices, but I have experience with LDAP and AD; hopefully the following applies.

I have never seen a User ID specified in this format before. (Looks like some kind of relative DN, as indicated by the trailing comma?) Have you tried specifying the user ID as a full DN (as required by standard LDAP) or as bare usernames (if ADAM supports this)?

When diagnosing network problems like this (if my program does what I think I tell it to do to see how it is done compares to a running program running), I found it useful for running Wireshark for both inoperability, so and for a functioning operation to see how they differ. If you've never used Wireshark, hopefully it won't be too heavy to get started:

  • Download, install and run the software.
  • In the Capture section, click Options.
  • Set the interface to localhost or loopback or Ethernet interface. (I don't think loopback works as expected on Windows; you probably want to select your Ethernet interface and update the LDAP url in C # code to use your hostname, not localhost.)
  • In the Capture Filter section, enter "tcp port 50000" (without the quotes).
  • Click Start, start the connect operation, then go to the Capture menu and click Stop.

Wireshark can parse the protocol for you, so you don't need to understand the protocol details too well, although the more you know, the easier it is to interpret all the details. You can run multiple instances of Wireshark to easily compare two different captures (your code and LDP).

0


source






More articles:


All Articles