I am getting the following error while connecting using LDAP
Connection.freeWriteSemaphore(-2): semaphore not owned by any thread
I am using the following code
public static bool Authenticate(string userName, string password)
{
//logger.Debug("Try to connect to LDAP to authenticate user with " + userName + "/***");
string uDN = ldapUserDN.Replace("$UID", userName);
bool flag = false;
LdapConnection ldapConn = new LdapConnection();
try
{
ldapConn.Connect(ldapServer, int.Parse(ldapServerPort));
ldapConn.Bind(uDN, password);
flag = ldapConn.Bound;
}
catch (Exception ex)
{
//logger.Error("Exception in Authenticate():", ex);
}
finally
{
ldapConn.Disconnect();
}
return flag;
}
Related
I'm working on remote computer control by WMI using C#. I can connect after I have made the necessary settings on the remote computer. There is no problem so far. But when I shut down a remote computer with the Win32ShutDown command, after reboot the remote computer I received the following error:
System.Runtime.InteropServices.COMException (0x80070522): A required privilege is not held by the client. (Exception from HRESULT: 0x80070522).
How can I solve this?
My connection function:
public static ManagementScope Connect(string ip, string userName = "", string password = "")
{
ManagementScope scope = null;
try
{
ConnectionOptions opts;
scope = new ManagementScope(string.Format("\\\\{0}\\root\\cimv2", ip.Trim()));
if (!string.IsNullOrEmpty(userName))
{
opts = new ConnectionOptions
{
Username = userName,
Password = password,
EnablePrivileges = true,
Impersonation = ImpersonationLevel.Impersonate
};
scope.Options = opts;
}
scope.Connect(); //Error is thrown here
return scope;
}
catch (Exception ex)
{
scope = null;
throw ex;
}
}
My shutdown function:
static void ShutDown()
{
try
{
ConnectionOptions options = new ConnectionOptions
{
Username = "Administrator",
Password = "123",
EnablePrivileges = true,
Impersonation = ImpersonationLevel.Impersonate
};
ManagementScope scope = new ManagementScope(string.Format("\\\\{0}\\root\\cimv2", "192.168.1.50", options));
scope.Connect(); //Error is thrown here
ManagementClass mcWin32 = new ManagementClass("Win32_OperatingSystem") { Scope = scope };
mcWin32.Get();
ManagementBaseObject mboShutdownParams = mcWin32.GetMethodParameters("Win32Shutdown");
mboShutdownParams["Flags"] = 5;
ManagementBaseObject mboShutdown = null;
foreach (ManagementObject manObj in mcWin32.GetInstances())
{
mboShutdown = manObj.InvokeMethod("Win32Shutdown", mboShutdownParams, null);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
finally
{
Console.ReadLine();
}
}
I trying to implement LDAP authentication in C# Web Application.
I tried is using the below code.
try
{
using (LdapConnection conn = new LdapConnection(this.Server))
{
string uname = userName;
if (!string.IsNullOrEmpty(this.UsernamePrepend))
{
uname = string.Concat(this.UsernamePrepend, userName);
}
NetworkCredential cred = new NetworkCredential(uname, password, null);
conn.SessionOptions.SecureSocketLayer = true;
conn.SessionOptions.VerifyServerCertificate = (LdapConnection con, X509Certificate cer) => true;
conn.SessionOptions.ProtocolVersion = 3;
conn.AuthType = AuthType.Basic;
conn.Bind(cred);
}
}
catch (LdapException ldapException)
{
LdapException ex = ldapException;
if (!ex.ErrorCode.Equals(49))
{
this.LogError(ex, userName);
throw ex;
}
}
flag = true;
Every time I run it, it goes into catch block with exception LDAP server is unavailable.
Am I missing something?
Remove conn.SessionOptions.SecureSocketLayer = true; from your code
My login window uses LDAP to authenticate users. However, when validating, it always returns false.
Here is the code for validation which I got from CodeProject:
public bool fnValidateUser()
{
bool validation;
try
{
LdapConnection lcon = new LdapConnection
(new LdapDirectoryIdentifier((string)null, false, false));
NetworkCredential nc = new NetworkCredential(Environment.UserName,
txtPassword.SecurePassword, Environment.UserDomainName);
lcon.Credential = nc;
lcon.AuthType = AuthType.Negotiate;
// user has authenticated at this point,
// as the credentials were used to login to the dc.
lcon.Bind(nc);
validation = true;
}
catch (LdapException)
{
validation = false;
}
return validation;
}
txtPassword.SecurePassword is the PasswordBox. When I enter my password/pin and hit login, it displays the MessageBox for whenever validation is false.
What am I doing wrong?
UPDATE: The exception indicates "The LDAP Server is Unavailable", at this line lcon.Bind(nc);
You can try this sample piece of code.
// the username and password to authenticate
const string domain = "OU=Organization,DC=mydomain,DC=com";
string password = "mypass";
string userName = "myuser";
// define your connection
LdapConnection ldapConnection = new LdapConnection("ldap.mydomain.com:389");
try
{
// authenticate the username and password
using (ldapConnection)
{
// pass in the network creds, and the domain.
var networkCredential = new NetworkCredential(username, password, domain);
// if we're using unsecured port 389, set to false. If using port 636, set this to true.
ldapConnection.SessionOptions.SecureSocketLayer = false;
// since this is an internal application, just accept the certificate either way
ldapConnection.SessionOptions.VerifyServerCertificate += delegate { return true; };
// to force NTLM\Kerberos use AuthType.Negotiate, for non-TLS and unsecured, just use AuthType.Basic
ldapConnection.AuthType = AuthType.Basic;
// authenticate the user
ldapConnection.Bind(networkCredential);
}
catch (LdapException ldapException)
{
//Authentication failed, exception will dictate why
}
}
I went ahead and found another approach for this, without using LDAP.
PrincipalContext adContext = new PrincipalContext(ContextType.Machine);
private async void btnLogin_Click(object sender, RoutedEventArgs e)
{
try
{
using (adContext)
{
if (adContext.ValidateCredentials(txtUsername.Text, txtPassword.Password))
{
MainWindow main = new MainWindow();
main.Show();
main.txtLoggedInUser.Text = UserPrincipal.Current.DisplayName;
this.Close();
}
else
{
MessageBox.Show("Incorrect Username or Password!");
}
}
}
catch(Exception ex)
{
var exceptionDialog = new MessageDialog
{
Message = { Text = ex.ToString() }
};
await DialogHost.Show(exceptionDialog, "RootDialog");
}
}
Is it possible to enable (or disable) a user in Active Directory with LDAP command?
And also, is it possible doing it with C#?
I've already looked
here
and
here
Thanks,
J
using this reference Howto: (Almost) Everything In Active Directory via C#
you can use "userAccountControl" attribute to enable and disable
you need to pass DirectoryEntry to the function
Enable:
public static void Enable(DirectoryEntry user)
{
try
{
int val = (int)user.Properties["userAccountControl"].Value;
user.Properties["userAccountControl"].Value = val & ~0x2;
//ADS_UF_NORMAL_ACCOUNT;
user.CommitChanges();
user.Close();
}
catch (System.DirectoryServices.DirectoryServicesCOMException E)
{
//DoSomethingWith --> E.Message.ToString();
}
}
Disable :
public void Disable(DirectoryEntry user)
{
try
{
int val = (int)user.Properties["userAccountControl"].Value;
user.Properties["userAccountControl"].Value = val | 0x2;
//ADS_UF_ACCOUNTDISABLE;
user.CommitChanges();
user.Close();
}
catch (System.DirectoryServices.DirectoryServicesCOMException E)
{
//DoSomethingWith --> E.Message.ToString();
}
}
Using: Morgan Tech Space as Reference:
Enable Active Directory User Account via userAccountControl using C#
private static void EnableADUserUsingUserAccountControl(string username)
{
try
{
DirectoryEntry domainEntry = Domain.GetCurrentDomain().GetDirectoryEntry();
// ldap filter
string searchFilter = string.Format(#"(&(objectCategory=person)(objectClass=user)
(!sAMAccountType=805306370)(|(userPrincipalName={0})(sAMAccountName={0})))", username);
DirectorySearcher searcher = new DirectorySearcher(domainEntry, searchFilter);
SearchResult searchResult = searcher.FindOne();
if (searcher != null)
{
DirectoryEntry userEntry = searchResult.GetDirectoryEntry();
int old_UAC=(int)userEntry.Properties["userAccountControl"][0];
// AD user account disable flag
int ADS_UF_ACCOUNTDISABLE = 2;
// To enable an ad user account, we need to clear the disable bit/flag:
userEntry.Properties["userAccountControl"][0] = (old_UAC & ~ADS_UF_ACCOUNTDISABLE);
userEntry.CommitChanges();
Console.WriteLine("Active Director User Account Enabled successfully
through userAccountControl property");
}
else
{
//AD User Not Found
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
Disable Active Directory User Account via userAccountControl using C#
private static void DisableADUserUsingUserAccountControl(string username)
{
try
{
DirectoryEntry domainEntry = Domain.GetCurrentDomain().GetDirectoryEntry();
// ldap filter
string searchFilter = string.Format(#"(&(objectCategory=person)(objectClass=user)
(!sAMAccountType=805306370)(|(userPrincipalName={0})(sAMAccountName={0})))", username);
DirectorySearcher searcher = new DirectorySearcher(domainEntry, searchFilter);
SearchResult searchResult = searcher.FindOne();
if (searcher != null)
{
DirectoryEntry userEntry = searchResult.GetDirectoryEntry();
int old_UAC = (int)userEntry.Properties["userAccountControl"][0];
// AD user account disable flag
int ADS_UF_ACCOUNTDISABLE = 2;
// To disable an ad user account, we need to set the disable bit/flag:
userEntry.Properties["userAccountControl"][0] = (old_UAC | ADS_UF_ACCOUNTDISABLE);
userEntry.CommitChanges();
Console.WriteLine("Active Director User Account Disabled successfully
through userAccountControl property");
}
else
{
//AD User Not Found
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
Enable AD User Account via UserPrincipal using C#
private static void EnableADUserUsingUserPrincipal(string username)
{
try
{
PrincipalContext principalContext = new PrincipalContext(ContextType.Domain);
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity
(principalContext, username);
userPrincipal.Enabled = true;
userPrincipal.Save();
Console.WriteLine("Active Director User Account Enabled successfully through UserPrincipal");
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
Disable AD User Account via UserPrincipal using C#
private static void DiableADUserUsingUserPrincipal(string username)
{
try
{
// To use this class, you need add reference System.DirectoryServices.AccountManagement which
is available only from .NET 3.5;
PrincipalContext principalContext = new PrincipalContext(ContextType.Domain);
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity
(principalContext, username);
userPrincipal.Enabled = false;
userPrincipal.Save();
Console.WriteLine("Active Director User Account Disabled successfully through UserPrincipal");
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
You can use PrincipalContext to enable/ disable AD account.
To Enable the AD you can do something like this:
private static void EnableADUserUsingUserPrincipal(string username)
{
try
{
PrincipalContext principalContext = new PrincipalContext(ContextType.Domain);
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity
(principalContext, username);
userPrincipal.Enabled = true;
userPrincipal.Save();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
To disable Active Directory you can just set the userPrincipal.Enabled = false;
I want to make my WinForms-App to use the SingleSign-On (SSO) feature with Microsoft Accounts.
I created a LiveApp and I'm able to Login to my App with the LiveSDK 5.4.
But everytime I click on my Login-Button the permissions list appears and I need to accept it again.
This is my code:
private const string ClientID = "{MY_CLIENT_ID}";
private LiveAuthClient liveAuthClient;
private LiveConnectClient liveConnectClient;
string[] scopes = new string[] { "wl.offline_access", "wl.emails", "wl.signin" };
private void buttonLogin_Click(object sender, EventArgs e)
{
liveAuthClient = new LiveAuthClient(ClientID);
webBrowser1.Navigate(liveAuthClient.GetLoginUrl(scopes));
}
private async void webBrowser1_Navigated(object sender, WebBrowserNavigatedEventArgs e)
{
if (this.webBrowser1.Url.AbsoluteUri.StartsWith("https://login.live.com/oauth20_desktop.srf"))
{
AuthResult authResult = new AuthResult(this.webBrowser1.Url);
if (authResult.AuthorizeCode != null)
{
try
{
LiveConnectSession session = await liveAuthClient.ExchangeAuthCodeAsync(authResult.AuthorizeCode);
this.liveConnectClient = new LiveConnectClient(session);
LiveOperationResult meRs = await this.liveConnectClient.GetAsync("me");
dynamic meData = meRs.Result;
if(string.Equals(meData.emails.account, MyAppUser.EmailAddress))
MessageBox.Show("Successful login: " + meData.name);
}
catch (LiveAuthException aex)
{
MessageBox.Show("Failed to retrieve access token. Error: " + aex.Message);
}
catch (LiveConnectException cex)
{
MessageBox.Show("Failed to retrieve the user's data. Error: " + cex.Message);
}
}
else
{
MessageBox.Show(string.Format("Error received. Error: {0} Detail: {1}", authResult.ErrorCode, authResult.ErrorDescription));
}
}
}
What I need to change? I don't want the User to accept the permissions on each login.
You can use IRefreshTokenHandler to save token as following example:
public class RefreshTokenHandler : IRefreshTokenHandler
{
private string path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\oneDrive\\RefreshTokenHandler\\RefreshTokenInfo.RefreshToken-me";
public Task<RefreshTokenInfo> RetrieveRefreshTokenAsync()
{
return Task.Factory.StartNew<RefreshTokenInfo>(() =>
{
if (File.Exists(path))
{
return new RefreshTokenInfo(File.ReadAllText(path));
}
return null;
});
}
public Task SaveRefreshTokenAsync(RefreshTokenInfo tokenInfo)
{
// Note:
// 1) In order to receive refresh token, wl.offline_access scope is needed.
// 2) Alternatively, we can persist the refresh token.
return Task.Factory.StartNew(() =>
{
if (File.Exists(path)) File.Delete(path);
if (!Directory.Exists(Path.GetDirectoryName(path))) Directory.CreateDirectory(Path.GetDirectoryName(path));
File.AppendAllText(path, tokenInfo.RefreshToken);
});
}
}
after that you get session as following:
RefreshTokenHandler handler = new RefreshTokenHandler();
liveAuthClient = new LiveAuthClient(ClientID, handler);
var Session = liveAuthClient.InitializeAsync(scopes).Result.Session;
if (Session == null)
{
webBrowser1.Navigate(liveAuthClient.GetLoginUrl(scopes));
}
else
{
try
{
this.liveConnectClient = new LiveConnectClient(Session);
LiveOperationResult meRs = await this.liveConnectClient.GetAsync("me");
dynamic meData = meRs.Result;
if (string.Equals(meData.emails.account, MyAppUser.EmailAddress))
MessageBox.Show("Successful login: " + meData.name);
}
catch (LiveAuthException aex)
{
MessageBox.Show("Failed to retrieve access token. Error: " + aex.Message);
}
catch (LiveConnectException cex)
{
MessageBox.Show("Failed to retrieve the user's data. Error: " + cex.Message);
}
}
I've only used this API in Objective C, but I had to follow two steps.
Use the wl.offline_access scope. (Which you're already doing)
You only show the login screen if the sessions object is null. If your session object is already populated, you can proceed as you would if the sign in was successful.