question

SAbijith-9493 avatar image
0 Votes"
SAbijith-9493 asked SAbijith-9493 commented

Validate LDAPS

Hi All,
We have a WPF application built on .Net Framework 4.7. This application acts as an LDAPS client by which it authenticates a user against an LDAPS active directory.
We have a requirement to validate the LDAPS x509 v3 certificate before providing access to a user. Can you please let us know the best way to validate the below mentioned parameters:
- The signature
- The stored certificates
- The validity against Certificate Revocation List (CRL)
- The validity date
- The IP address checking on Subject Alternative Name

We have attached the code in the question.

We are aware of the 'ServerCertificateValidationCallback' function used for HTTPS certificate validation. We wanted to know if there anything similar in LDAPS or any other better way to validate an LDAPS connection using certificate.

Any suggestion is welcome.
Thank you in advance

240954-ldaps-code.txt


dotnet-csharp
ldaps-code.txt (404 B)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JackJJun-MSFT avatar image
0 Votes"
JackJJun-MSFT answered SAbijith-9493 commented

@SAbijith-9493, Welcome to Microsoft Q&A, based on my search, you could try to use VerifyServerCertificateCallback to validate the related information about you mentioned.

Please refer to the code example in the answer to know more about it.



Hope it could help you.

Best Regards,
Jack




If the answer is the right solution, please click "Accept Answer" and upvote it.If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @JackJJun-MSFT,
Thank you for your response.

We just wanted to know if there is any way that the same callback can be achieved by using 'DirectoryEntry' object as mentioned in the code attached in the question.

Please let us know on this.

Thank you!!

0 Votes 0 ·

@SAbijith-9493, thanks for the feedback, based on my research, currently there is no same callback in the DirectoryEntry object. Could you consider the VerifyServerCertificateCallback to verify the above information?

0 Votes 0 ·

@SAbijith-9493, is any update? If you find the solution about it, you also could post an answer, which will help others to solve the similar problem.

0 Votes 0 ·
Show more comments