尝试使用安全端口连接

时间:2018-08-16 06:31:04

标签: c# ssl directoryentry

异常快照 enter image description here 步骤A => 验证正确的证书配置

我有一个窗口服务,通过它我试图从安全端口636(SSL)连接LDAP服务器,所有证书均正确 配置,并且我已经使用工具ldap.exe对此进行了验证,并且还检查了portqry工具,以检查端口636是否正在侦听 并且成功做到了这一点

  

步骤B =>代码段不适用于安全端口636(对于SSL),但可与非安全端口(389)正常工作   观察下面的代码在我作为基于控制台的代码运行时效果很好   甚至具有636端口的应用程序,但在作为窗口服务运行时失败。 

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;
using System.DirectoryServices.Protocols;
using System.IO;
using System.Linq;
using System.Net;
using System.ServiceProcess;
using System.Text;
using System.Threading.Tasks;

namespace SampleLDAPWindowsService
{
    public partial class Service1 : ServiceBase
    {
        public Service1()
        {
            InitializeComponent();
        }

        protected override void OnStart(string[] args)
        {

            TestDirectoryEntryWay();

        }

        protected override void OnStop()
        {


        }

        }
        public DirectoryEntry createDirectoryEntry()
        {
            // create and return new LDAP connection with desired settings  
            DirectoryEntry ldapConnection = null;
            ldapConnection = new DirectoryEntry("LDAP://abc.domain.com:636", "DomainAdmin", "DomainAdmin123", AuthenticationTypes.SecureSocketsLayer);
            return ldapConnection;
        }

        public void TestDirectoryEntryWay()
        {
            DirectorySearcher _searcher = null;
            SearchResult result_user = null;
            DirectoryEntry de = createDirectoryEntry();
            try
            {
                object o = de.SchemaEntry;//Getting a com exception  as the SchemaEntry is null not sure why as the same is working properly in port 389 
                _searcher = new DirectorySearcher(de, "(&(objectClass=user)(SAMAccountName=" + "demouser1" + "))");
                if (_searcher != null)
                {
                    result_user = _searcher.FindOne();

                }
            }
            catch (Exception ex)
            {
                //Getting a com exception 

            }

        }
    }
}

STEP C =>可在窗口服务的636端口和389端口中运行的代码 

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;
using System.DirectoryServices.Protocols;
using System.IO;
using System.Linq;
using System.Net;
using System.ServiceProcess;
using System.Text;
using System.Threading.Tasks;

namespace SampleLDAPWindowsService
{
    public partial class Service1 : ServiceBase
    {
        public Service1()
        {
            InitializeComponent();
        }

        protected override void OnStart(string[] args)
        {
            System.Diagnostics.Debugger.Launch();
            // TestDirectoryEntryWay();
            var isLogged2 = SignInLDAP2("DomainAdmin", "DomainAdmin123", ""LDAP://abc.domain.com:636"", "abc.domain.com", true);
        }

        protected override void OnStop()
        {


        }

        public  bool SignInLDAP2(string user, string psw, string ldapPath, string domain = null, bool useSSL = false)
        {
            // LdapConnection ldapConnection = new LdapConnection(ldapPath);

            var ldapDirectoryIdentifier = new LdapDirectoryIdentifier("abc.domain.com", 636, true, false);
            LdapConnection ldapConnection = new LdapConnection(ldapDirectoryIdentifier);

            if (useSSL)
            {
                ldapConnection.SessionOptions.SecureSocketLayer = true;

                ldapConnection.AuthType = AuthType.Negotiate;

                ldapConnection.SessionOptions.VerifyServerCertificate += delegate { return true; };
            }

            //var networkCredential = new NetworkCredential("Hey", "There", "Guy");
            var networkCredential = new NetworkCredential(user, psw, domain);
            try
            {
                ldapConnection.Bind(networkCredential);

                bool exists = UserExists("demouser1");
                return true;
            }
            catch (Exception ex)
            {
                return false;
            }
        }
        public bool UserExists(string username)
        {
            // create your domain context
            using (PrincipalContext domain = new PrincipalContext(ContextType.Domain, "abc.domain.com", "DomainAdmin", "DomainAdmin123"))
            {
                // find the user
                UserPrincipal foundUser = UserPrincipal.FindByIdentity(domain, IdentityType.Name, username);

                return foundUser != null;
            }
        }



        }
    }
}

问题,这里是

使用带有DirectoryEntry的安全端口时是否存在问题,因为LdapConnection和networkCredential可以在两个端口(636&389)上正常工作,  我有一个使用DirectoryEntry的旧代码,我也希望它可以用于安全端口,请有人帮我一下,如何使STEP B用于安全端口  也。

预先感谢所有支持和指导。

1 个答案:

答案 0 :(得分:0)

运行此证书的计算机很可能不信任SSL证书。

我使用Chrome浏览器对此进行了测试。像这样运行Chrome(调整Chrome所在的路径):

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --explicitly-allowed-ports=636

然后在Chrome中转到https://abc.domain.com:636。如果证书是受信任的,您将看到“无法连接”的消息。但是,如果不受信任,Chrome会向您发出红色警告,您就知道是问题所在。

要信任证书,您需要获取根证书(作为文件,可能是* .cer或* .crt),并将其安装在将要运行代码的每台计算机上。以下是在Windows中安装根证书的说明:https://www.thewindowsclub.com/manage-trusted-root-certificates-windows

相关问题
最新问题