Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > LDAP

Reply
 
 
jsh02_nova
Guest
Posts: n/a
 
      11-10-2005
Anybody have experience with authenticating PKI certificates with CA using
LDAP? I'm try to find a .Net algorithm or code that makes a LDAP request.

thx
-jhs


 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      11-11-2005
System.DirectoryServices is where the LDAP stack for .NET lives.

What exactly do you need to look up in LDAP? Do you need to find a
certificate for a user or just an identifying attribute?

Joe K.

"jsh02_nova" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Anybody have experience with authenticating PKI certificates with CA using
> LDAP? I'm try to find a .Net algorithm or code that makes a LDAP request.
>
> thx
> -jhs
>
>



 
Reply With Quote
 
 
 
 
John Holsinger
Guest
Posts: n/a
 
      11-11-2005
Thanks for responding Joe K.,
I just have to lookup an identifying attribute such as a username. I
have to come up with an algorithm that authenticates an incoming request
using PKI certificates, so after researching on msdn it seems the first
step in authentication is verifying the username in the certificate
against a username in a directory account on a directory server.
Do you know any algorithm that show how to pull out the username and
the CA url from a Class 3 PKI certificate?

thx
-jsh



*** Sent via Developersdex http://www.developersdex.com ***
 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      11-11-2005
In .NET, you will typically use the X509Certificate (or perhaps
X509Certificate2 in .NET 2.0) to wrap binary certificate data. From there,
there are a variety of methods that pull various known fields such as
subject out of the certificate. Once you have that as a string, you can
generally use that to formulate a filter for an LDAP query and you are all
set.

It really depends on what data in the certificate contains your identifying
attribute and whether X509Certificate supports it directly.

I'd try looking at that first. If you need stuff out of the cert that is
not supported by X509Certificate, you'll likely need to p/invoke. Mitch
Gallant has a fantastic website with lots of info dedicated to doing fancy
stuff with PKI and crypto that way.

Joe K.

"John Holsinger" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Thanks for responding Joe K.,
> I just have to lookup an identifying attribute such as a username. I
> have to come up with an algorithm that authenticates an incoming request
> using PKI certificates, so after researching on msdn it seems the first
> step in authentication is verifying the username in the certificate
> against a username in a directory account on a directory server.
> Do you know any algorithm that show how to pull out the username and
> the CA url from a Class 3 PKI certificate?
>
> thx
> -jsh
>
>
>
> *** Sent via Developersdex http://www.developersdex.com ***



 
Reply With Quote
 
jsh02_nova
Guest
Posts: n/a
 
      11-11-2005
Thanks.

"Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)> wrote
in message news:(E-Mail Removed)...
> In .NET, you will typically use the X509Certificate (or perhaps
> X509Certificate2 in .NET 2.0) to wrap binary certificate data. From

there,
> there are a variety of methods that pull various known fields such as
> subject out of the certificate. Once you have that as a string, you can
> generally use that to formulate a filter for an LDAP query and you are all
> set.
>
> It really depends on what data in the certificate contains your

identifying
> attribute and whether X509Certificate supports it directly.
>
> I'd try looking at that first. If you need stuff out of the cert that is
> not supported by X509Certificate, you'll likely need to p/invoke. Mitch
> Gallant has a fantastic website with lots of info dedicated to doing fancy
> stuff with PKI and crypto that way.
>
> Joe K.
>
> "John Holsinger" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > Thanks for responding Joe K.,
> > I just have to lookup an identifying attribute such as a username. I
> > have to come up with an algorithm that authenticates an incoming request
> > using PKI certificates, so after researching on msdn it seems the first
> > step in authentication is verifying the username in the certificate
> > against a username in a directory account on a directory server.
> > Do you know any algorithm that show how to pull out the username and
> > the CA url from a Class 3 PKI certificate?
> >
> > thx
> > -jsh
> >
> >
> >
> > *** Sent via Developersdex http://www.developersdex.com ***

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
python-ldap/win32 or python/ldap/win32 rcmn Python 1 11-06-2006 11:47 PM
Need to wrtie LDAP class to *answer* LDAP queries. junk1@davidbevan.co.uk Java 1 02-21-2006 09:59 PM
ruby-ldap: uninitialized constant LDAP::LDAP_CONTROL_PAGEDRESULTS James Hughes Ruby 4 12-13-2005 11:46 PM
[ANN] Ruby/LDAP 0.9.1: LDAP API (RFC1823) library. Ian Macdonald Ruby 0 03-15-2005 11:23 PM
using LDAP Controls in ruby-ldap Jason Wold Ruby 5 11-07-2004 03:35 AM



Advertisments