Ask a Question related to ASP.NET Security, Design and Development.
-
Bill Belliveau #1
ADAM authentication
I've been kicking around ADAM on a 2003 server for a couple of days and after getting the major classes in the schema and making a few objects, now I'm ready to programitically test it. I am able to use the LDP tool locally or remotely to logon as a Windows Identity (admin) or as an ADAM user. I have written code to get AD objects but cant get any ADAM code working nor the examples from the documentation. I'm not sure if this is an ADAM issue or if it has more to do with my unfamiliarity with the Directory
Below is a mess of code I've blindly been stabing around with. The exceptions I get are usually either the famous "operations error" or "unwilling to process the request" unless I'm reading the rootdse, so it seems to be a security issue. I'm accessing from a Windows 2000 box which seems to have security issues with ADAM, however LDP works.
Ideas
Bil
-- messy code begin-
DirectoryEntry myEntry = new DirectoryEntry()
//myEntry.AuthenticationType = AuthenticationTypes.Encryption | AuthenticationTypes.Signing
//myEntry.Path = @"LDAP://computer:50000/cn=mary baker,ou=adam users,o=microsoft,c=us"
//myEntry.Path = @"LDAP://computer:50000/o=microsoft"
//myEntry.Path = @"LDAP://computer:50000/cn=mary baker,ou=adam users,o=microsoft,c=us"
myEntry.Path = @"LDAP://computer:50000/rootdse"
myEntry.Password = ""
myEntry.Username = @"localcompany\Administrator"
tr
Debug.Write(myEntry.Guid)
Object obj = myEntry.NativeObject
catch(Exception Ex
Debug.Write(Ex.ToString())
Debug.Write(Ex.InnerException)
Debug.Write(Ex.Source)
Debug.Write(Ex.HelpLink);
Debug.Write((System.Runtime.InteropServices.Marsha l.GetLastWin32Error()).ToString())
//tr
//
//DirectoryEntry myEntry = new DirectoryEntry("LDAP://computer:50000/o=microsoft")
/
//myEntry.AuthenticationType = AuthenticationTypes.Encryption | AuthenticationTypes.Signing
//Debug.Write(myEntry.Name + myEntry.Guid)
//Debug.Write("Logon = true")
//
//catch(Exception Ex
//
//Debug.Write(Ex.ToString())
//Debug.Write(Ex.InnerException)
//Debug.Write(Ex.Source)
//Debug.Write(Ex.HelpLink);
//Debug.Write((System.Runtime.InteropServices.Marsha l.GetLastWin32Error()).ToString())
//
-------
Bill Belliveau Guest
-
Coldfusion/ADAM/LDAP
Is there anyone out there with real experience and has Coldfusion pages that will test LDAP authentication to ADAM and is willing to share them? If... -
Windows Authentication with ADAM
Hello, I have an asp.net 2.0 application with which I want to use ADAM (I'm copying users from a separate active directory because the client... -
window authentication against ADAM users
Hi, Has anyone know how to do window authentication against ADAM users? Thanks for any reply Ann -
Authentication in ADAM
Hi, I can use for security authentication the information about user and group who I have stored in ADAM (Active Directory Application Mode) from... -
ADAM and Object Database
Up to these days, I'm still puzzled to distinguish the difference between ADAM(ActiveDirectory Application Mode) and the Object Databases. Can... -
Joe Kaplan \(MVP - ADSI\) #2 Re: ADAM authentication
Since no one else chimed in, I did a little bit more poking around on this.
I haven't done a lot with ADAM yet and have not successfully set a password
on an ADAM user yet (need a hotfix I think), but here are a couple of
things:
With an AD user, you should be able to bind with AuthenticationTypes.Secure
always. Generally you can pass the username in domain\username format, upn
format (user@domain.com), distinguished name, or plain user name (although
that only works with Secure binding).
With ADAM users, I believe you need to use the distinguished name of the
user for the username. I don't think you can use Secure binding, so if you
want to avoid plaintext binds, you need to use SSL.
To get more details, I'd suggest you follow up in the
microsoft.public.windows.server.active_directory newsgroup. Dmitri or Eric
are much deeper in ADAM than I am and should be able to fill in the details.
Joe K.
"Bill Belliveau" <anonymous@discussions.microsoft.com> wrote in message
news:969497A7-A18A-4090-9A54-AD47E4E2152D@microsoft.com...after getting the major classes in the schema and making a few objects, now> I've been kicking around ADAM on a 2003 server for a couple of days and
I'm ready to programitically test it. I am able to use the LDP tool locally
or remotely to logon as a Windows Identity (admin) or as an ADAM user. I
have written code to get AD objects but cant get any ADAM code working nor
the examples from the documentation. I'm not sure if this is an ADAM issue
or if it has more to do with my unfamiliarity with the Directory.exceptions I get are usually either the famous "operations error" or>
> Below is a mess of code I've blindly been stabing around with. The
"unwilling to process the request" unless I'm reading the rootdse, so it
seems to be a security issue. I'm accessing from a Windows 2000 box which
seems to have security issues with ADAM, however LDP works.AuthenticationTypes.Signing;>
> Ideas?
> Bill
>
>
> -- messy code begin--
> DirectoryEntry myEntry = new DirectoryEntry();
> //myEntry.AuthenticationType = AuthenticationTypes.Encryption |users,o=microsoft,c=us";> //myEntry.Path = @"LDAP://computer:50000/cn=mary baker,ou=adamusers,o=microsoft,c=us";> //myEntry.Path = @"LDAP://computer:50000/o=microsoft";
> //myEntry.Path = @"LDAP://computer:50000/cn=mary baker,ou=adamDebug.Write((System.Runtime.InteropServices.Marsha l.GetLastWin32Error()).ToS> myEntry.Path = @"LDAP://computer:50000/rootdse";
> myEntry.Password = "";
> myEntry.Username = @"localcompany\Administrator";
>
>
> try
> {
> Debug.Write(myEntry.Guid);
> Object obj = myEntry.NativeObject;
> }
> catch(Exception Ex)
> {
> Debug.Write(Ex.ToString());
> Debug.Write(Ex.InnerException);
> Debug.Write(Ex.Source);
> Debug.Write(Ex.HelpLink);
>
tring());DirectoryEntry("LDAP://computer:50000/o=microsoft");> }
> //try
> //{
> //DirectoryEntry myEntry = newAuthenticationTypes.Signing;> //
> //myEntry.AuthenticationType = AuthenticationTypes.Encryption |//Debug.Write((System.Runtime.InteropServices.Marsha l.GetLastWin32Error()).T> //Debug.Write(myEntry.Name + myEntry.Guid);
> //Debug.Write("Logon = true");
> //}
> //catch(Exception Ex)
> //{
> //Debug.Write(Ex.ToString());
> //Debug.Write(Ex.InnerException);
> //Debug.Write(Ex.Source);
> //Debug.Write(Ex.HelpLink);
>
oString());> //}
> -------
Joe Kaplan \(MVP - ADSI\) Guest
-
Bill Belliveau #3 Re: ADAM authentication
Thanks Joe, that is the same understanding I have
I got WindowsIdentity working in ADAM when the AuthenticationTypes are set to secure. I'm guessing that to write with a WindowsIdentity you also need to set the Sign and Encrypt flags based the LDP usage from the ADAM documentation
For the moment I've been pulled into another area, but when this comes up again (and it will) I'll be sure to post a message to the AD group
You've been a very helpful sounding board, thanks for all the input
Bil
----- Joe Kaplan (MVP - ADSI) wrote: ----
Since no one else chimed in, I did a little bit more poking around on this
I haven't done a lot with ADAM yet and have not successfully set a passwor
on an ADAM user yet (need a hotfix I think), but here are a couple o
things
With an AD user, you should be able to bind with AuthenticationTypes.Secur
always. Generally you can pass the username in domain\username format, up
format (user@domain.com), distinguished name, or plain user name (althoug
that only works with Secure binding)
With ADAM users, I believe you need to use the distinguished name of th
user for the username. I don't think you can use Secure binding, so if yo
want to avoid plaintext binds, you need to use SSL
To get more details, I'd suggest you follow up in th
microsoft.public.windows.server.active_directory newsgroup. Dmitri or Eri
are much deeper in ADAM than I am and should be able to fill in the details
Joe K.
Bill Belliveau Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
