Exemplo n.º 1
0
        static async Task Main(string[] args)
        {
            var u  = "child@RS_Child.RuslanAD.local";
            var ip = "10.199.77.175";

            db   = GetDomainDN(ip);
            user = LDAPAuthHelper.CreateUserFromInputData(u, AuthType.Basic);
            TryConnectInner(ip, u, "Fenofenora11");
        }
Exemplo n.º 2
0
        private static IEnumerable <UserLogins> GetUserLogins()
        {
            // Preparing to search the Domain for the user's SAM or UPN
            var request = new SearchRequest(db,
                                            string.Format(SamOrUpnSearchFilter, user.Name, $"{user.Name}@{user.Domain}"), SearchScope.Subtree);

            request.Attributes.Add(MsDsPrincipalUserAttrName);
            request.Attributes.Add(UpnAttrName);


            var directoryResponse = connection.SendRequest(request);
            var dnResponse        = directoryResponse as SearchResponse;

            if (dnResponse == null)
            {
                throw new DirectoryException(
                          $"Failed to retrieve the user's {user.Name} attributes from the directory. " +
                          $"Error: {((directoryResponse != null) ? directoryResponse.ErrorMessage : string.Empty)}");
            }

            Console.WriteLine("GetUserAttributes: Search response item count: {0}", dnResponse.Entries.Count);

            var result = new List <UserLogins>();

            if (dnResponse.Entries.Count <= 0)
            {
                return(result);
            }

            foreach (SearchResultEntry entry in dnResponse.Entries)
            {
                var sam = LDAPAuthHelper.GetAttributeNameAndValue(entry.Attributes[MsDsPrincipalUserAttrName]);
                var upn = LDAPAuthHelper.GetAttributeNameAndValue(entry.Attributes[UpnAttrName]);
                result.Add(new UserLogins(sam.Value, upn.Value));
                Console.WriteLine($"GetLoginAttributes: Retrieved user's logins: {sam.Key} = {sam.Value}, {upn.Key} = {upn.Value}");
            }

            return(result);
        }
Exemplo n.º 3
0
        private static bool TryConnectInner(string server, string userName, string password, bool isThrowException = false)
        {
            user = LDAPAuthHelper.CreateUserFromInputData(userName, AuthType.Basic);
            var authType          = AuthType.Basic;
            var networkCredential = LDAPAuthHelper.CreateNetworkCredential(user, userName, password, authType);

            try
            {
                Console.WriteLine($"Creating LDAP connection to '{server}'.");
                connection = new LdapConnection(server)
                {
                    AuthType   = authType,
                    AutoBind   = true,
                    Credential = networkCredential
                };

                connection.SessionOptions.ProtocolVersion = 3;

                var domain = LDAPAuthHelper.GetDomainNameFromDistinguishedName(db);

                // Since UPN allows to define various suffixes and combination of UPN with Kerberos requires
                // exact domain name in the provided credential we have to create correct domain name
                // from configured domain distinguished name in this case, also we can use full non-parsed username
                if (authType == AuthType.Kerberos && user.LoginType == LoginType.Upn)
                {
                    networkCredential.Domain   = domain;
                    networkCredential.UserName = userName;
                }

                // We have to do additional check for the user name
                // because of the following LDAP bind bug https://stackoverflow.com/questions/1153703/ldap-bind-s-returning-ldap-success-with-wrong-credentials
                connection.Bind(networkCredential);

                Console.WriteLine($"The user account '{userName}' was successfully connected to LDAP server '{server}' using '{authType}' authentication type.");

                // Get full SAM and UPN user names from LDAP and verify the value is equal to the login
                // provided by user in login page or LDAP test connection form
                var logins = GetUserLogins();

                var login = logins.FirstOrDefault(x =>
                                                  (user.LoginType == LoginType.Sam ? x.Sam : x.Upn).Equals(userName,
                                                                                                           StringComparison.InvariantCultureIgnoreCase));

                if (login == null && user.LoginType == LoginType.Upn)
                {
                    // maybe we have short hand login like ldap@automation
                    // that we can convert to [email protected]
                    var userWitouhtDomain = user.Name;
                    var userWithDomain    = userWitouhtDomain + "@" + domain;
                    login = logins.FirstOrDefault(x => x.Upn.Equals(userWithDomain, StringComparison.InvariantCultureIgnoreCase));
                }

                if (login != null)
                {
                    user.UserUpn = login.Upn;
                    user.UserDn  = GetUserDN();
                    Console.WriteLine($"The user account '{userName}' was successfully verified using LDAP attributes.");
                    return(true);
                }

                Console.WriteLine($"The user account '{userName}' was not verified using LDAP attributes.");
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex);
            }

            return(false);
        }