I'm trying to encrypt my Active Directory access with the following code:
// Already tried different paths (LDAP://domain.com, LDAPS://domain.com etc.)
string path = "LDAP://domain.com:636";
var ldapConnection = new DirectoryEntry(path, "loginName", "password");
ldapConnection.AuthenticationType = AuthenticationTypes.Secure; // Works perfectly
ldapConnection.AuthenticationType = AuthenticationTypes.Encryption; // Doesn't work
ldapConnection.AuthenticationType = AuthenticationTypes.SecureSocketsLayer; // Doesn't work
Both Authentication Types that doesn't work throw the same exception:
System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): The username or password is incorrect.
Firstly I saw that I'm missing a Certificate Server on my AD DS and installed it. But after installation I get the same error. I might need to install/configure more things. If so, then please share resources what needs to be done.
My questions: Do I need any prerequisites (e.x. on the AD DS) to be able to use AuthenticationTypes.Encryption or AuthenticationTypes.SecureSocketsLayer? Or do I need a different user for using this Authentication Types?
Any Help is greatly appreciated.
Try this:
Securedefines the type of authentication that is used, whereasSecureSocketsLayerdefines the type of connection. They serve different purposes, so they can be used together.But really, you don't need to specify anything. The default is
Secure, and if you specify port 636, it will use SSL since that's the only way the server would accept the connection on that port. That's why it works when you only specifySecure.That's also the reason it fails if you specify
SecureSocketsLayerby itself. Once you specify anything, the default (Secure) is discarded and only what you specify is used. WithoutSecureit will try basic authentication (AKA "simple bind"), which is probably disabled on your domain.More reading in the documentation for the AuthenticationTypes Enum.