Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > ADAM authentication

Reply
Thread Tools

ADAM authentication

 
 
Bill Belliveau
Guest
Posts: n/a
 
      01-31-2004
I've been kicking around ADAM on a 2003 server for a couple of days and after getting the major classes in the schema and making a few objects, now I'm ready to programitically test it. I am able to use the LDP tool locally or remotely to logon as a Windows Identity (admin) or as an ADAM user. I have written code to get AD objects but cant get any ADAM code working nor the examples from the documentation. I'm not sure if this is an ADAM issue or if it has more to do with my unfamiliarity with the Directory

Below is a mess of code I've blindly been stabing around with. The exceptions I get are usually either the famous "operations error" or "unwilling to process the request" unless I'm reading the rootdse, so it seems to be a security issue. I'm accessing from a Windows 2000 box which seems to have security issues with ADAM, however LDP works.

Ideas
Bil

-- messy code begin-
DirectoryEntry myEntry = new DirectoryEntry()
//myEntry.AuthenticationType = AuthenticationTypes.Encryption | AuthenticationTypes.Signing
//myEntry.Path = @"LDAP://computer:50000/cn=mary baker,ou=adam users,o=microsoft,c=us"
//myEntry.Path = @"LDAP://computer:50000/o=microsoft"
//myEntry.Path = @"LDAP://computer:50000/cn=mary baker,ou=adam users,o=microsoft,c=us"
myEntry.Path = @"LDAP://computer:50000/rootdse"
myEntry.Password = ""
myEntry.Username = @"localcompany\Administrator"

tr

Debug.Write(myEntry.Guid)
Object obj = myEntry.NativeObject

catch(Exception Ex

Debug.Write(Ex.ToString())
Debug.Write(Ex.InnerException)
Debug.Write(Ex.Source)
Debug.Write(Ex.HelpLink);
Debug.Write((System.Runtime.InteropServices.Marsha l.GetLastWin32Error()).ToString())

//tr
//
//DirectoryEntry myEntry = new DirectoryEntry("LDAP://computer:50000/o=microsoft")
/
//myEntry.AuthenticationType = AuthenticationTypes.Encryption | AuthenticationTypes.Signing
//Debug.Write(myEntry.Name + myEntry.Guid)
//Debug.Write("Logon = true")
//
//catch(Exception Ex
//
//Debug.Write(Ex.ToString())
//Debug.Write(Ex.InnerException)
//Debug.Write(Ex.Source)
//Debug.Write(Ex.HelpLink);
//Debug.Write((System.Runtime.InteropServices.Marsha l.GetLastWin32Error()).ToString())
//
-------
 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      02-03-2004
Since no one else chimed in, I did a little bit more poking around on this.
I haven't done a lot with ADAM yet and have not successfully set a password
on an ADAM user yet (need a hotfix I think), but here are a couple of
things:

With an AD user, you should be able to bind with AuthenticationTypes.Secure
always. Generally you can pass the username in domain\username format, upn
format ((E-Mail Removed)), distinguished name, or plain user name (although
that only works with Secure binding).

With ADAM users, I believe you need to use the distinguished name of the
user for the username. I don't think you can use Secure binding, so if you
want to avoid plaintext binds, you need to use SSL.

To get more details, I'd suggest you follow up in the
microsoft.public.windows.server.active_directory newsgroup. Dmitri or Eric
are much deeper in ADAM than I am and should be able to fill in the details.

Joe K.

"Bill Belliveau" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I've been kicking around ADAM on a 2003 server for a couple of days and

after getting the major classes in the schema and making a few objects, now
I'm ready to programitically test it. I am able to use the LDP tool locally
or remotely to logon as a Windows Identity (admin) or as an ADAM user. I
have written code to get AD objects but cant get any ADAM code working nor
the examples from the documentation. I'm not sure if this is an ADAM issue
or if it has more to do with my unfamiliarity with the Directory.
>
> Below is a mess of code I've blindly been stabing around with. The

exceptions I get are usually either the famous "operations error" or
"unwilling to process the request" unless I'm reading the rootdse, so it
seems to be a security issue. I'm accessing from a Windows 2000 box which
seems to have security issues with ADAM, however LDP works.
>
> Ideas?
> Bill
>
>
> -- messy code begin--
> DirectoryEntry myEntry = new DirectoryEntry();
> //myEntry.AuthenticationType = AuthenticationTypes.Encryption |

AuthenticationTypes.Signing;
> //myEntry.Path = @"LDAP://computer:50000/cn=mary baker,ou=adam

users,o=microsoft,c=us";
> //myEntry.Path = @"LDAP://computer:50000/o=microsoft";
> //myEntry.Path = @"LDAP://computer:50000/cn=mary baker,ou=adam

users,o=microsoft,c=us";
> myEntry.Path = @"LDAP://computer:50000/rootdse";
> myEntry.Password = "";
> myEntry.Username = @"localcompany\Administrator";
>
>
> try
> {
> Debug.Write(myEntry.Guid);
> Object obj = myEntry.NativeObject;
> }
> catch(Exception Ex)
> {
> Debug.Write(Ex.ToString());
> Debug.Write(Ex.InnerException);
> Debug.Write(Ex.Source);
> Debug.Write(Ex.HelpLink);
>

Debug.Write((System.Runtime.InteropServices.Marsha l.GetLastWin32Error()).ToS
tring());
> }
> //try
> //{
> //DirectoryEntry myEntry = new

DirectoryEntry("LDAP://computer:50000/o=microsoft");
> //
> //myEntry.AuthenticationType = AuthenticationTypes.Encryption |

AuthenticationTypes.Signing;
> //Debug.Write(myEntry.Name + myEntry.Guid);
> //Debug.Write("Logon = true");
> //}
> //catch(Exception Ex)
> //{
> //Debug.Write(Ex.ToString());
> //Debug.Write(Ex.InnerException);
> //Debug.Write(Ex.Source);
> //Debug.Write(Ex.HelpLink);
>

//Debug.Write((System.Runtime.InteropServices.Marsha l.GetLastWin32Error()).T
oString());
> //}
> -------



 
Reply With Quote
 
 
 
 
Bill Belliveau
Guest
Posts: n/a
 
      02-03-2004
Thanks Joe, that is the same understanding I have
I got WindowsIdentity working in ADAM when the AuthenticationTypes are set to secure. I'm guessing that to write with a WindowsIdentity you also need to set the Sign and Encrypt flags based the LDP usage from the ADAM documentation

For the moment I've been pulled into another area, but when this comes up again (and it will) I'll be sure to post a message to the AD group

You've been a very helpful sounding board, thanks for all the input
Bil

----- Joe Kaplan (MVP - ADSI) wrote: ----

Since no one else chimed in, I did a little bit more poking around on this
I haven't done a lot with ADAM yet and have not successfully set a passwor
on an ADAM user yet (need a hotfix I think), but here are a couple o
things

With an AD user, you should be able to bind with AuthenticationTypes.Secur
always. Generally you can pass the username in domain\username format, up
format ((E-Mail Removed)), distinguished name, or plain user name (althoug
that only works with Secure binding)

With ADAM users, I believe you need to use the distinguished name of th
user for the username. I don't think you can use Secure binding, so if yo
want to avoid plaintext binds, you need to use SSL

To get more details, I'd suggest you follow up in th
microsoft.public.windows.server.active_directory newsgroup. Dmitri or Eri
are much deeper in ADAM than I am and should be able to fill in the details

Joe K.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Forms Authentication against ADAM gely ASP .Net Security 2 09-12-2006 08:19 PM
Adam authentication with connectionProtection set to "None" =?Utf-8?B?RQ==?= ASP .Net 0 11-17-2005 04:20 PM
Windows Authentication with ADAM Mafuba ASP .Net Security 2 05-14-2005 07:53 AM
window authentication against ADAM users Ann ASP .Net Security 3 01-24-2005 03:43 AM
Authentication in ADAM Lorenzo Soncini ASP .Net Security 2 12-28-2004 11:10 PM



Advertisments