I'm trying to authenticate using ADAM and LDAP. I really have no experience with this stuff, but I've been thrown in the deep end at work to figure it out.
Here's what I know. I'm using a program called JXplorer to look at the ADAM server, running on a VM on my computer. Here are the login details
This works perfectly. What I'm trying to do is replicate this process using VB.NET. I've tried a bunch of stuff and nothing seems to be working, I'm getting constant exceptions, ranging from bad password to unknown error. Here's the code I've started with -
Dim userName As String = "ADAM_TESTER"
Dim userPassword As String = "password"
Dim serverAddress As String = "LDAP://10.0.0.142:389"
Private Sub Main_Load(sender As Object, e As EventArgs) Handles MyBase.Load
Try
Dim de As DirectoryEntry = New DirectoryEntry("LDAP://10.0.0.142:389/OU=Users,DC=TEST,DC=corp", userName, userPassword)
Dim deSearch As DirectorySearcher = New DirectorySearcher()
deSearch.SearchRoot = de
deSearch.Filter = "(&(objectClass=user) (cn=" + userName + "))"
Dim results As SearchResultCollection = deSearch.FindAll()
If (results.Count > 0) Then
Dim d As DirectoryEntry = New DirectoryEntry(results(0).Path, userName, userPassword)
If (d.Guid.ToString IsNot Nothing) Then
'The directory entry is valid
'DoSomething()
End If
End If
I've also tried changing the userName above to the details in User DN in JXplorer. I'm really stuck here and have been looking for answers for hours.
Any help would be appreciated.
FYI, Users is a container, not an OU. I believe you could have also used "LDAP://10.0.0.142:389/CN=Users,DC=TEST,DC=corp"
It is almost certainly a need for userName to be the full DN. ADAM needs a full DN for logins in most cases.
Thanks for the thoughts Geoff, I eventually figured it out. It turned out that I needed the connection string not including the OU=Users. The final string ended up being -
LDAP://10.0.0.142:389/DC=TEST,DC=corp
I've no idea why it didn't want the OU=Users. I spend about a day trying all the different combinations until finally this was accepted.
Related
Can someone help me to understand why this works fine...
Dim cs = "Data Source=C:\folder\Livros.sdb;Version=3;"
Dim cn = New System.Data.SQLite.SQLiteConnection(cs)
cn.Open() ' no exception
... while this breaks when opening connection (it is exactly the same file)...
Dim cs = "Data Source=\\NetworkServer\folder\Livros.sdb;Version=3;"
Dim cn = New System.Data.SQLite.SQLiteConnection(cs)
cn.Open() ' exception: {"unable to open database file"}
... and fix it because I need to place database file in network location so I can access it regardless of the computer I run the application?
Thank you very much!
Ok, so by trial and error I found the solution, although I can't quite understand the reason it works:
Dim cs = "Data Source=\\NetworkServer\folder\Livros.sdb;Version=3;"
Dim cn = New System.Data.SQLite.SQLiteConnection(cs)
cn.ParseViaFramework = True ' JUST ADDED THIS STATEMENT
cn.Open() ' no exception
If somebody can explain why .ParseViaFramework = True does the trick, please feel free to comment.
Similar question was asked here.
SQLite: Cannot open network file programmatically, even though worked before
The top answer gives a few more fixes. Linking here as this is the first stackoverflow that came up when I searched. Also I was using a SQLiteConnectionStringBuilder and could not find a way to set the parseViaFramework so the first solution was the one I needed.
Double the leading two backslashes in the file name (e.g. "\\\\network\share\file.db").
Use a mapped drive letter.
Use the SQLiteConnection constructor that takes the parseViaFramework boolean argument and pass 'true' for that argument.
I have created a MongoDB account at mlab, but I cant seem to connect to it. It fails with the credentials. I cant seem to figure out, what I does wrong, besides it maybe is the connection string. Problem is, that I got that from Mlab (have added it here, but without the right user and password)
Thanks in advance
Dim connstring As String = "mongodb://USER:PASS#ds021239.mlab.com:22234"
Dim mongo As MongoServer = MongoServer.Create(connstring)
mongo.Connect()
Dim mydatabase As MongoDatabase = mongo.GetDatabase("profundo", SafeMode.True)
Dim collection = mydatabase.GetCollection(Of BsonDocument)("Client")
MsgBox(collection.Count)
This has probably been asked somewhere before, but I have been searching for a while and cant find anything. I'm basically trying to create a sort-of internal messaging system in VB and am having trouble with a function that I'm working on. I already have a user database and secure login system and I'm now working on a form to send a message from user to user.
What I want to do is to run this query on form load:
SELECT usr_id, usrname FROM dbo.users
WHERE usrname NOT IN
(
SELECT ALL usrname
FROM dbo.users
WHERE usrname = '" & //textbox containing username that's logged in// & "'
)
I want to output the items to a Combobox. The purpose of this is so that (since it's an internal system for, say, employees to communicate) a user wouldn't necessarily have to know the username of the receiver in order to send them a message. I will be changing the function eventually to display the actual name of the user rather than the username, but I can add that in later and as of right now it's not important. Here is my code so far:
Private Sub NewMsg_Load(sender As Object, e As EventArgs) Handles MyBase.Load
Dim con As New SqlConnection
con.ConnectionString = //connection string for database
Dim query As String = //query mentioned above
Try
con.Open()
Using sqlcmd As New SqlCommand(query, con)
Dim sqldr As SqlDataReader = sqlcmd.ExecuteReader
Dim dt As DataTable = New DataTable
dt.Load(sqldr)
sendtoBox.ValueMember = "usr_id"
sendtoBox.DisplayMember = "usrname"
sendtoBox.DataSource = dt
con.Close()
End Using
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Information)
con.Close()
End Try
End Sub
The query itself works perfectly when I run it on the SQL Server, and sure enough when the form loads users are displayed in the Combobox just like I want them to. The only problem is it's still including the username that I am trying to exclude. So I have reluctantly decided to ask for a little help because I can't figure out why it's not excluding the specified username :(
Any help will be appreciated. Thanks.
Problem was my own stupidity lol. Nothing wrong with the code itself, may be useful for someone so I will leave it up here :)
For the person who thinks this does not answer the question, I would like to initially state that I was the one who asked the question.
This was being used for a "Send Message" form, and the desired function was as follows:
GET CURRENTLY LOGGED IN USERS USERNAME FROM A TEXTBOX ON A DIFFERENT FORM! >
Connect to database >
Run a query against database to gather all users EXCEPT the logged in user >
Display results in a ComboBox.
The query was fine, the code was fine, everything was fine. The PROBLEM here was that when I was debugging the form I was NOT LOGGING IN and hence the TextBox that contained the username that I wanted to exclude was EMPTY, so instead of excluding say "admin" it was excluding "" because nobody was logged in.
So tell me, how is this not an answer? It was me being dumb that caused the problem in the first place, but the VB code and SQL query may help someone else, that is why I have left it up and answered by explaining that there is nothing wrong with the code. Get off your high-horse man...
Currently, users log into a web application with their AD (active directory) credentials which are validated against the AD. Once inside the application, certain users will need to update the AD. When I hardcode a username/password, I am able to update the AD, however when I try to force the object to use the logon credentials or if I don't specify the username/password, it throws an error. Obviously due to security concerns, I do not want to hardcode credentials. Is there a solution for this?
Error - System.DirectoryServices.DirectoryServicesCOMException: An operations error occurred.
Public Shared Sub SetProperty(ByVal de As DirectoryEntry, ByVal propName As String, ByVal propValue As String)
If Not propValue Is Nothing Then
If de.Properties.Contains(propName) Then
de.Properties(propName)(0) = propValue
Else
de.Properties(propName).Add(propValue)
End If
End If
End Sub
Public Shared Function GetDirectoryEntry(ByVal path As String) As DirectoryEntry
Dim de As New DirectoryEntry()
de.Path = path
de.Username = "<username>"
de.Password = "<password>"
'Not setting the username or password or setting both to Nothing throws the error
de.AuthenticationType = AuthenticationTypes.Secure
Return de
End Function
Dim de As DirectoryEntry = GetDirectoryEntry("<path>")
Dim searcher As DirectorySearcher = New DirectorySearcher(de)
searcher.Filter = "(&(objectCategory=person)(objectClass=user)(cn=" & fullName & "))"
searcher.SearchScope = SearchScope.SubTree
Dim result As SearchResult = searcher.FindOne()
If Not result Is Nothing Then
Dim deResult As New DirectoryEntry(result.Path)
SetProperty(deResult, "accountExpires", toAccountExpirationDate)
deResult.CommitChanges()
deResult.Close()
End If
de.Close()
In order to not have to specify any credentials before doing the operation, either the user IIS is running under needs to have AD editing privileges (which by default it most certainly does not), or you need to set Impersonation and use Windows authentication so that it runs as the user viewing the page.
The second case has an extra difficulty due to impersonation not being able to "double hop", that is the webserver would also have to be a domain controller or you'd have to set some extra AD delegation privileges on the server that your domain admins might not want to give you.
The solution for your problem in this case is to change the user account your application is running under to one that already has the permissions you need. The danger in that is that any security hole will give the attacker those same privileges.
Alternately, you can encrypt some credentials and decrypt to use them, which is slightly better then hard coding. I guess having the users supply credentials manually and then using them the same way you're currently using hard coded ones would also work.
Done quite a bit of looking but not finding what i need. From a win form i'd like to open up a web browser passing in a url. But i need to provide authentication while doing this. I tried just using a system.diagnostics.process.start("http://userid:pw#site") but that does not work. Was hoping someone could lend a hand.
thanks
shannon
Using the tip.. here is what i have...
Dim m As New System.Security.SecureString
Dim pw As String = "mypassword"
For Each c As Char In pw
m.AppendChar(c)
Next
Dim pis As ProcessStartInfo = New ProcessStartInfo("http://test/pagegoingafter.aspx")
With pis
.UserName = "userid"
.Password = m
.UseShellExecute = False
End With
Process.Start(pis)
I'm getting a logon failure: unknown user name or password.
it's seems strange to me.. but if i do in firefox http://userid:mypassword#test/pagegoingafter.aspx i can get to my page. If i do the same thing in IE 8... no joy.
so is there anything else that can be done to get IE to work.. cause i'm thinking that would allow the above code to work as well.
You can provide credentials to the process.
See this overload to Process.Start - it takes a username, password and domain.
There are other alternatives - see this blog post.