UserPrincipal with context that uses SSL

3
votes

I have a PrincipalContext that uses SSL. This works fine when using a method like Context.ValidateCredentials(). But when I need to find a user using UserPrincipal.FindByIdentity() I get the following error:

System.Runtime.InteropServices.COMException: The server is unwilling to process the request. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_SchemaEntry() at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de) at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options) at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry) at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit() --- End of inner exception stack trace --- at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit() at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue) at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue)

My method:

public List<string> GetUserInfo(string user) {
        var list = new List<string>();

        using (var context = new PrincipalContext(ContextType.Domain, "xxxx.xxxx.xxxx:636", "DC=xxxx,DC=xxxx,DC=xxxx", ContextOptions.SimpleBind | ContextOptions.Sealing | ContextOptions.SecureSocketLayer)) {
            var uP = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, user);

            //Do stuff with uP
        return list;
    }

But this is working fine:

public bool ValidateCredentials(string username, string password) {
        using (var context = new PrincipalContext(ContextType.Domain, "xxxx.xxxx.xxxx:636", "DC=xxxx,DC=xxxx,DC=xxxx", ContextOptions.SimpleBind | ContextOptions.Sealing | ContextOptions.SecureSocketLayer)) {
            return context.ValidateCredentials(username, password);
        }
    }

How come I cant work with UserPrincipal using the Context with SSL? If I remove SSL it works fine..

2
c#sslactive-directoryprincipalcontext

2 Answers

5
votes

I changed my ContextOptions to Negotiate and SSL. Then it worked

0
votes

Unfortunately there are not enough code examples that show how to configure PrincipalContext or DirectoryEntry to use LDAPS (SSL Active Directory). I have found these solutions for this issue:

Configure PrincipalContext to use LDAPS:

var path = "test.domainName.local:636";
ContextOptions options = ContextOptions.Negotiate | ContextOptions.SecureSocketLayer;
using (var context = new PrincipalContext(ContextType.Domain, path, "DC=xyz,DC=local", options))
{
 pr("Name: " + context.Name);
 pr("ConnectedServer: " + context.ConnectedServer);
 pr("Container: " + context.Container);
 pr("UserName: " + context.UserName);
}

Configure DirectoryEntry to use LDAPS:

string path = "LDAP://test.domainName.local:636";
var dic = new DirectoryEntry(path);
pr("Name: " + dic.Name);
pr("Path: " + dic.Path);
pr("AuthenticationType: " + dic.AuthenticationType);
pr("SchemaClassName: " + dic.SchemaClassName);
pr("Username: " + dic.Username);