Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Implement authentication with client certificate

See original GitHub issue

I have existing S.DS.Protocols code that I am migrating to .NET Core, and I can connect fine to my LDAP servers that require username/pwd and everything works as expected.

Now I also have servers that require certificate authentication

Here is the existing code:

var cert = new X509Certificate(keystoreStream.ToArray(), keyStorePassword, X509KeyStorageFlags.MachineKeySet);
var ldapDirectoryIdentifier = new LdapDirectoryIdentifier(hostName, portNumber, true, false);
ldapConnection = new LdapConnection(ldapDirectoryIdentifier, null, AuthType.External);
ldapConnection.SessionOptions.SecureSocketLayer = true;
ldapConnection.ClientCertificates.Add(cert);
ldapConnection.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback((con, cer) => true);
ldapConnection.SessionOptions.ProtocolVersion = 3;
ldapConnection.Bind();

How can I do the identical binding using the Novell library? I don’t see a way to support the external auth type or to bind without a username/password.

Issue Analytics

State:
Created 6 years ago
Comments:13 (6 by maintainers)

Top GitHub Comments

1reaction

barry-r-moorecommented, Jun 16, 2020

@chazt3n not sure i follow your question. We us the library in our app as described in the read me. In terms of authentication vis cert, we implement the client side validation callback, that loads a pfx and attaches to all subsequent calls.

0reactions

dsbenghecommented, Dec 31, 2020

Latest master - which will get published as 3.6.x - has SASL authentication using client certificate implemented e.g.

var options = new LdapConnectionOptions()
  .UseSsl()
  .ConfigureLocalCertificateSelectionCallback(...) // return your client certificate
using var ldapConnection = new LdapConnection(options);
ldapConnection.Connect(...) // to ssl port
ldapConnection.Bind(new SaslExternalRequest());

var options = new LdapConnectionOptions()
  .ConfigureLocalCertificateSelectionCallback(...) // return your client certificate
using var ldapConnection = new LdapConnection(options);
ldapConnection.Connect(...)
ldapConnection.StartTLS();
ldapConnection.Bind(new SaslExternalRequest());
...

Top Results From Across the Web

Client Authentication Certificate 101: How to Simplify ...

Using a client authentication certificate means that users can authenticate on the backend without dealing with insecure or hard-to-remember ...

What Is Client Certificate Authentication?

For a client certificate to pass a server's validation process, the digital signature found on it should have been signed by a CA...

Authentication using HTTPS client certificates

In this post, we implement a simple Node. js example which uses client certificates to authenticate the user. We only one need external ......

What is Certificate-Based Authentication

Generally speaking, client certificate-based authentication refers to an end user's device proving its own identity by providing a digital certificate that ...

SSL Client Authentication Step By Step | make then make install

Install the server certificate in Apache · Copy the CA cert to a permanent place. · Copy the server cert and private key...