Directoryentry is giving com exception when trying to connect ldap server using secure port for details refer error_secure_port_directoryentry_schema.png

Question

0.00/5 (No votes)

See more:

Details are mentioned below
Exception snapshot
[enter image description here][1]
**STEP A**=>**Validating the proper certificate configuration**

I have a window service via which i am trying to connect the LDAP server from secure port 636 (SSL), all the certificate are properly 
configured and i have verified this using the tool ldap.exe and also check the portqry tool to check if the port 636 is listening or not
and **was successful in doing that**.


**STEP B=>Code Snippet Which is not working for secure port 636(For SSL) but working correctly with non secure port (389)
A strange observation the Below  mention code works well when i run it as console based application even with port 636 but fails when run as window service.**

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;
using System.DirectoryServices.Protocols;
using System.IO;
using System.Linq;
using System.Net;
using System.ServiceProcess;
using System.Text;
using System.Threading.Tasks;

namespace SampleLDAPWindowsService
{
    public partial class Service1 : ServiceBase
    {
        public Service1()
        {
            InitializeComponent();
        }

        protected override void OnStart(string[] args)
        {
           
            TestDirectoryEntryWay();
            
        }

        protected override void OnStop()
        {
            

        }
           
        }
        public DirectoryEntry createDirectoryEntry()
        {
            // create and return new LDAP connection with desired settings  
            DirectoryEntry ldapConnection = null;
            ldapConnection = new DirectoryEntry("LDAP://abc.domain.com:636", "DomainAdmin", "DomainAdmin123", AuthenticationTypes.SecureSocketsLayer);
            return ldapConnection;
        }

        public void TestDirectoryEntryWay()
        {
            DirectorySearcher _searcher = null;
            SearchResult result_user = null;
            DirectoryEntry de = createDirectoryEntry();
            try
            {
                object o = de.SchemaEntry;//Getting a com exception  as the SchemaEntry is null not sure why as the same is working properly in port 389 
                _searcher = new DirectorySearcher(de, "(&(objectClass=user)(SAMAccountName=" + "demouser1" + "))");
                if (_searcher != null)
                {
                    result_user = _searcher.FindOne();
                   
                }
            }
            catch (Exception ex)
            {
				//Getting a com exception 
         
            }
            
        }
    }
}

**STEP C=>Code which is working in both port 636 and port 389 in window service**
<pre lang="c#">using System;
    using System.Collections.Generic;
    using System.ComponentModel;
    using System.Data;
    using System.Diagnostics;
    using System.DirectoryServices;
    using System.DirectoryServices.AccountManagement;
    using System.DirectoryServices.Protocols;
    using System.IO;
    using System.Linq;
    using System.Net;
    using System.ServiceProcess;
    using System.Text;
    using System.Threading.Tasks;
    
    namespace SampleLDAPWindowsService
    {
        public partial class Service1 : ServiceBase
        {
            public Service1()
            {
                InitializeComponent();
            }
    
            protected override void OnStart(string[] args)
            {
                System.Diagnostics.Debugger.Launch();
                // TestDirectoryEntryWay();
                var isLogged2 = SignInLDAP2("DomainAdmin", "DomainAdmin123", ""LDAP://abc.domain.com:636"", "abc.domain.com", true);
            }
    
            protected override void OnStop()
            {
                
    
            }
    
            public  bool SignInLDAP2(string user, string psw, string ldapPath, string domain = null, bool useSSL = false)
            {
                // LdapConnection ldapConnection = new LdapConnection(ldapPath);
    
                var ldapDirectoryIdentifier = new LdapDirectoryIdentifier("abc.domain.com", 636, true, false);
                LdapConnection ldapConnection = new LdapConnection(ldapDirectoryIdentifier);
    
                if (useSSL)
                {
                    ldapConnection.SessionOptions.SecureSocketLayer = true;
    
                    ldapConnection.AuthType = AuthType.Negotiate;
                    
                    ldapConnection.SessionOptions.VerifyServerCertificate += delegate { return true; };
                }
    
                //var networkCredential = new NetworkCredential("Hey", "There", "Guy");
                var networkCredential = new NetworkCredential(user, psw, domain);
                try
                {
                    ldapConnection.Bind(networkCredential);
    
                    bool exists = UserExists("demouser1");
                    return true;
                }
                catch (Exception ex)
                {
                    return false;
                }
            }
            public bool UserExists(string username)
            {
                // create your domain context
                using (PrincipalContext domain = new PrincipalContext(ContextType.Domain, "abc.domain.com", "DomainAdmin", "DomainAdmin123"))
                {
                    // find the user
                    UserPrincipal foundUser = UserPrincipal.FindByIdentity(domain, IdentityType.Name, username);
    
                    return foundUser != null;
                }
            }
           
         
                
            }
        }
    }

**QUESTION Here is**

Is there a problem when working with Secure port with DirectoryEntry, as LdapConnection & networkCredential works smoothly with both the ports(636 &389),
i have a legacy code which uses DirectoryEntry and i want it work for secure port as well can some one please help me, how to make the STEP B working for secure port
also.

Thanks in Advance for all the Support & guidance.

What I have tried:

Already ensured the window service is being used under local system, validated proper certificate installation by connecting the tool like ldapadmin and ldap.exe for the port 636 with ssl checked.

Posted 16-Aug-18 4:31am

aashishmukherjee_

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)