I'm trying to encrypt my Active Directory access with the following code:
// Already tried different paths (LDAP://domain.com, LDAPS://domain.com etc.)
string path = "LDAP://domain.com:636";
var ldapConnection = new DirectoryEntry(path, "loginName", "password");
ldapConnection.AuthenticationType = AuthenticationTypes.Secure; // Works perfectly
ldapConnection.AuthenticationType = AuthenticationTypes.Encryption; // Doesn't work
ldapConnection.AuthenticationType = AuthenticationTypes.SecureSocketsLayer; // Doesn't work
Both Authentication Types that doesn't work throw the same exception:
System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): The username or password is incorrect.
Firstly I saw that I'm missing a Certificate Server on my AD DS and installed it. But after installation I get the same error. I might need to install/configure more things. If so, then please share resources what needs to be done.
My questions: Do I need any prerequisites (e.x. on the AD DS) to be able to use AuthenticationTypes.Encryption
or AuthenticationTypes.SecureSocketsLayer
? Or do I need a different user for using this Authentication Types?
Any Help is greatly appreciated.
CodePudding user response:
Try this:
ldapConnection.AuthenticationType = AuthenticationTypes.Secure | AuthenticationTypes.SecureSocketsLayer;
Secure
defines the type of authentication that is used, whereas SecureSocketsLayer
defines the type of connection. They serve different purposes, so they can be used together.
But really, you don't need to specify anything. The default is Secure
, and if you specify port 636, it will use SSL since that's the only way the server would accept the connection on that port. That's why it works when you only specify Secure
.
That's also the reason it fails if you specify SecureSocketsLayer
by itself. Once you specify anything, the default (Secure
) is discarded and only what you specify is used. Without Secure
it will try basic authentication (AKA "simple bind"), which is probably disabled on your domain.
More reading in the documentation for the AuthenticationTypes Enum.