Exception snapshot enter image description here STEP A=>Validating the proper certificate configuration
I have a window service via which i am trying to connect the LDAP server from secure port 636 (SSL), all the certificate are properly configured and i have verified this using the tool ldap.exe and also check the portqry tool to check if the port 636 is listening or not and was successful in doing that.
STEP B=>Code Snippet Which is not working for secure port 636(For SSL) but working correctly with non secure port (389) A strange observation the Below code works well when i run it as console based application even with port 636 but fails when run as window service.
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;
using System.DirectoryServices.Protocols;
using System.IO;
using System.Linq;
using System.Net;
using System.ServiceProcess;
using System.Text;
using System.Threading.Tasks;
namespace SampleLDAPWindowsService
{
public partial class Service1 : ServiceBase
{
public Service1()
{
InitializeComponent();
}
protected override void OnStart(string[] args)
{
TestDirectoryEntryWay();
}
protected override void OnStop()
{
}
}
public DirectoryEntry createDirectoryEntry()
{
// create and return new LDAP connection with desired settings
DirectoryEntry ldapConnection = null;
ldapConnection = new DirectoryEntry("LDAP://abc.domain.com:636", "DomainAdmin", "DomainAdmin123", AuthenticationTypes.SecureSocketsLayer);
return ldapConnection;
}
public void TestDirectoryEntryWay()
{
DirectorySearcher _searcher = null;
SearchResult result_user = null;
DirectoryEntry de = createDirectoryEntry();
try
{
object o = de.SchemaEntry;//Getting a com exception as the SchemaEntry is null not sure why as the same is working properly in port 389
_searcher = new DirectorySearcher(de, "(&(objectClass=user)(SAMAccountName=" + "demouser1" + "))");
if (_searcher != null)
{
result_user = _searcher.FindOne();
}
}
catch (Exception ex)
{
//Getting a com exception
}
}
}
}
STEP C=>Code which is working in both port 636 and port 389 in window service
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;
using System.DirectoryServices.Protocols;
using System.IO;
using System.Linq;
using System.Net;
using System.ServiceProcess;
using System.Text;
using System.Threading.Tasks;
namespace SampleLDAPWindowsService
{
public partial class Service1 : ServiceBase
{
public Service1()
{
InitializeComponent();
}
protected override void OnStart(string[] args)
{
System.Diagnostics.Debugger.Launch();
// TestDirectoryEntryWay();
var isLogged2 = SignInLDAP2("DomainAdmin", "DomainAdmin123", ""LDAP://abc.domain.com:636"", "abc.domain.com", true);
}
protected override void OnStop()
{
}
public bool SignInLDAP2(string user, string psw, string ldapPath, string domain = null, bool useSSL = false)
{
// LdapConnection ldapConnection = new LdapConnection(ldapPath);
var ldapDirectoryIdentifier = new LdapDirectoryIdentifier("abc.domain.com", 636, true, false);
LdapConnection ldapConnection = new LdapConnection(ldapDirectoryIdentifier);
if (useSSL)
{
ldapConnection.SessionOptions.SecureSocketLayer = true;
ldapConnection.AuthType = AuthType.Negotiate;
ldapConnection.SessionOptions.VerifyServerCertificate += delegate { return true; };
}
//var networkCredential = new NetworkCredential("Hey", "There", "Guy");
var networkCredential = new NetworkCredential(user, psw, domain);
try
{
ldapConnection.Bind(networkCredential);
bool exists = UserExists("demouser1");
return true;
}
catch (Exception ex)
{
return false;
}
}
public bool UserExists(string username)
{
// create your domain context
using (PrincipalContext domain = new PrincipalContext(ContextType.Domain, "abc.domain.com", "DomainAdmin", "DomainAdmin123"))
{
// find the user
UserPrincipal foundUser = UserPrincipal.FindByIdentity(domain, IdentityType.Name, username);
return foundUser != null;
}
}
}
}
}
QUESTION Here is
Is there a problem when working with Secure port with DirectoryEntry, as LdapConnection & networkCredential works smoothly with both the ports(636 &389), i have a legacy code which uses DirectoryEntry and i want it work for secure port as well can some one please help me, how to make the STEP B working for secure port also.
Thanks in Advance for all the Support & guidance.
It's likely that the SSL certificate isn't trusted by the computer you're running this on.
I use Chrome to test this. Run Chrome like this (adjust for the path your Chrome is in):
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --explicitly-allowed-ports=636
Then in Chrome, go to https://abc.domain.com:636. If the certificate is trusted, you'll see a "cannot connect" kind of message. But if it is not trusted, Chrome will give you a big red warning and you know that's the problem.
To trust the cert, you need to get the root certificate (as a file, likely *.cer or *.crt) and install it on every machine that will be running your code. Here are instructions for installing a root cert in Windows: https://www.thewindowsclub.com/manage-trusted-root-certificates-windows