Share via

LdapDirectoryAccountStore Class

  • Article

 

Specifies properties about connecting to, authenticating users against, and generating claims from an LDAP-based account store. As a top level member of the TrustPolicy’s TrustedAccountStores collection, it represents an ADAM account store. As a property of an ActiveDirectoryAccountStore object it specifies LDAP-related configuration for Active Directory.

Namespace:   System.Web.Security.SingleSignOn
Assembly:  System.Web.Security.SingleSignOn (in System.Web.Security.SingleSignOn.dll)

Inheritance Hierarchy

System.Object
  System.Web.Security.SingleSignOn.TrustPolicyEntryBase
    System.Web.Security.SingleSignOn.TrustPolicyEntry
      System.Web.Security.SingleSignOn.AccountStore
        System.Web.Security.SingleSignOn.LdapDirectoryAccountStore

Syntax

[ComVisibleAttribute(true)]
public sealed class LdapDirectoryAccountStore : AccountStore

[ComVisibleAttribute(true)]
public ref class LdapDirectoryAccountStore sealed : AccountStore

[<Sealed>]
[<ComVisibleAttribute(true)>]
type LdapDirectoryAccountStore = 
    class
        inherit AccountStore
    end

<ComVisibleAttribute(True)>
Public NotInheritable Class LdapDirectoryAccountStore
    Inherits AccountStore

Constructors

Name Description
System_CAPS_pubmethod LdapDirectoryAccountStore()

Initializes a new instance of the LdapDirectoryAccountStore class.

Properties

Name Description
System_CAPS_pubproperty Disabled

Gets or sets whether the trust with this realm is currently active. If this is set, no tokens will be accepted from this partner.(Inherited from TrustPolicyEntryBase.)
System_CAPS_pubproperty LdapBaseDN

Gets or set the distinguished name for the base object from which searches for user objects are conducted. Searches will include all subtrees of the base object.
System_CAPS_pubproperty LdapBindObjectDN

Gets or sets the distinguished name of an object to which to bind in order to validate user credentials. This property must be null for Active Directory.
System_CAPS_pubproperty LdapClaimGeneration

Gets or sets a LdapClaimGeneration object, which specifies how to generate claims from user object attributes.
System_CAPS_pubproperty LdapPort

Gets or sets the port number to use for LDAP network requests. Defaults to 389. This property must be null for Active Directory.
System_CAPS_pubproperty LdapServerName

Gets or sets the host name to use for LDAP network requests. This property must be null for Active Directory.
System_CAPS_pubproperty LdapUsernameAttrib

Gets or sets the name of the LDAP attribute which contains the user name of authenticating users.
System_CAPS_pubproperty TrustEntryDisplayName

Gets or sets the display name for this TrustPolicyEntry.(Inherited from TrustPolicyEntry.)
System_CAPS_pubproperty TrustPolicyEntryUri

Gets or sets the Uri for this TrustPolicyEntry.(Inherited from TrustPolicyEntry.)
System_CAPS_pubproperty UseSsl

Sets or gets a Boolean that indicates whether to use a Secure Sockets Layer (SSL) connection. true indicates that SSL will be used, false indicates SSL will not be used.
System_CAPS_pubproperty uuid

Gets or sets the universal unique identifier (UUID) for this TrustPolicyEntryBase object.(Inherited from TrustPolicyEntryBase.)

Methods

Name Description
System_CAPS_pubmethod Equals(Object)

(Inherited from Object.)
System_CAPS_pubmethod GetHashCode()

(Inherited from Object.)
System_CAPS_pubmethod GetType()

(Inherited from Object.)
System_CAPS_pubmethod ToString()

(Inherited from Object.)

Remarks

The LdapDirectoryAccountStore class is part of the Federation Service’s trust policy configuration.

To authenticate username/password credentials to an ADAM account store, this sequence of events is followed:

  1. The Federation Service establishes an authenticated connection by doing a secure bind to the distinguished name specified by the LdapBaseDN property using the default credentials for the Federation Service application pool.

  2. Using the authenticated connection, the Federation Service finds a user object for the authenticating user by performing a subtree search for an object whose username attribute, specified by the LdapUsernameAttrib property, matches the username in the credentials.

  3. The Federation Service attempts a simple bind with the DN found in step 2 and the password in the credentials to the DN specified by the LdapBindObjectDN property, if specified, or else the LdapBaseDN property.

  4. If step 3 succeeds, the user is authenticated, and attributes are extracted per the LdapClaimGeneration object from the user account found in step 2.

The following properties must be null when the LdapDirectoryAccountStore is part of an ActiveDirectoryAccountStore:

These properties are optional for Active Directory:

Thread Safety

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

See Also

System.Web.Security.SingleSignOn Namespace

Return to top