Error 0x80005000 with LdapConnection and LDAPS

老子叫甜甜 提交于 2019-12-13 06:37:20

问题


Before I start, I've already visited Unknown Error (0x80005000) with LDAPS Connection and changed my code and while it did solve the problem it seems that it has mysteriously come back.

Here's the good stuff:

public static bool Authenticate(string username, string password, string domain)
{
    bool authentic = false;

    try
    {
        LdapConnection con = new LdapConnection(
            new LdapDirectoryIdentifier(Host, Port));
        if (IsSSL)
        {
            con.SessionOptions.SecureSocketLayer = true;
            con.SessionOptions.VerifyServerCertificate = ServerCallback;
        }
        con.Credential = new NetworkCredential(username, password);
        con.AuthType = AuthType.Basic;
        con.Bind();
        authentic = true;
    }
    catch (LdapException)
    {
        return false;
    }
    catch (DirectoryServicesCOMException)
    { }
    return authentic;
}

public static bool IsSSL
{
    get
    {
        return ConnectionString.ToLower().Contains("ldaps");
    }
}

public static string ConnectionString
{
    get
    {
        if (string.IsNullOrEmpty(_connectionString))
            _connectionString = CompleteConfiguration.GetLDAPConnectionString();

        return _connectionString;
    }
    set { _connectionString = value; }
}

public static int Port
{
    get
    {
        var x = new Uri(ConnectionString);
        int port = 0;
        if (x.Port != -1)
        {
            port = x.Port;
        }
        else
        {
            port = x.OriginalString.ToLower().Contains("ldaps")
                       ? 636
                       : 389;
        }
        return port;
    }
}

public static string Host
{
    get
    {
        var x = new Uri(ConnectionString);
        return x.Host;
    }
}

private static bool ServerCallback(LdapConnection connection, X509Certificate certificate)
{
    return true;
}

Here's the bad stuff: When I attempt to authenticate to the application I get the following error, to be precise this is triggered by the con.Bind() line:

[COMException (0x80005000): Unknown error (0x80005000)] System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +378094 System.DirectoryServices.DirectoryEntry.Bind() +36 System.DirectoryServices.DirectoryEntry.get_NativeObject() +31 Complete.Authentication.GCAuthentication.Authenticate(String username, String password, String domain) in c:\Builds\6\Idealink.Open.Pancanal\Panama Canal\Sources\Idealink.Open\Complete.Authentication\GCAuthentication.cs:27 Complete.Authentication.AuthenticationFactory.ValidateUserLdap(String username, String password, String domain, Boolean isValid, String usernameWithDomain) in c:\Builds\6\Idealink.Open.Pancanal\Panama Canal\Sources\Idealink.Open\Complete.Authentication\AuthenticationFactory.cs:93

It is quite confusing as it seems that some user accounts work and others don't. However when I place the above code in an isolated test environment it does succeed each and every time regardless of which account I use. When I place it back on the Windows 2008 R2 Server with ASP.NET and IIS it fails as stated above. The failures are consistent though - accounts consistently fail or succeed, from that perspective there is no randomness.

The LDAP Server must be accessed using LDAPS and NOT LDAP which is why we cannot use the DirectoryEntry object - the LDAP server is controlled by a client and therefore cannot be reconfigured or altered in any way. We simply want to capture username/password on a web form and then use BIND on the LDAP server to check credentials.

We are using .NET 3.5 and cannot upgrade at this time so I respectfully ask that if your main suggestion and arguments are to upgrade than please hold off on your contribution.

Thanks, hope you can help


回答1:


Would something like this work for you..?

const string Domain = "ServerAddress:389";
const string constrParts = @"OU=Users,DC=domain,DC=com";
const string Username = @"karell";
PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, Domain, constrParts);
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext,  username);

Here is a really good site for great references and examples DirectoryServices DirectoryEntry

for Connection over SSL you could do something like the following

const int ldapInvalidCredentialsError = 0x31;
const string server = "your_domain.com:636";
const string domain = "your_domain.com";

try
{
    using (var ldapSSLConn = new LdapConnection(server))
    {
        var networkCredential = new NetworkCredential(username, password, domain);
        ldapSSLConn.SessionOptions.SecureSocketLayer = true;
        ldapSSLConn.AuthType = AuthType.Negotiate;
        ldapSSLConn.Bind(networkCredential);
    }

    // If the bind succeeds, the credentials are valid
    return true;
}
catch (LdapException ldapEx)
{
    // Invalid credentials a specific error code
    if (ldapEx.ErrorCode.Equals(ldapInvalidCredentialsError))
    {
        return false;
    }

    throw;
}

MSDN list of Invalid LDAP Error Codes



来源:https://stackoverflow.com/questions/14218204/error-0x80005000-with-ldapconnection-and-ldaps

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!