Closed Maxhy closed 6 months ago
Affected library
Environment
Summary The use of username/password from method parameters or LdapOptions is inconsistent on Visus.DirectoryAuthentication implementation. On Visus.LdapAuthentication the code is using authentication information passed in parameters where here https://github.com/UniStuttgart-VISUS/Visus.LdapAuthentication/blob/e558e1f3e1780b56c6b89775ae5328c10e38e1b3/Visus.DirectoryAuthentication/LdapOptionsExtensions.cs#L91 and https://github.com/UniStuttgart-VISUS/Visus.LdapAuthentication/blob/e558e1f3e1780b56c6b89775ae5328c10e38e1b3/Visus.DirectoryAuthentication/LdapOptionsExtensions.cs#L97 it is coded to use information from LdapOptions. It doesn't looks right to me.
Thanks for pointing that out. That is actually critical.
Fixed in 0.9.0
Affected library
Environment
Summary The use of username/password from method parameters or LdapOptions is inconsistent on Visus.DirectoryAuthentication implementation. On Visus.LdapAuthentication the code is using authentication information passed in parameters where here https://github.com/UniStuttgart-VISUS/Visus.LdapAuthentication/blob/e558e1f3e1780b56c6b89775ae5328c10e38e1b3/Visus.DirectoryAuthentication/LdapOptionsExtensions.cs#L91 and https://github.com/UniStuttgart-VISUS/Visus.LdapAuthentication/blob/e558e1f3e1780b56c6b89775ae5328c10e38e1b3/Visus.DirectoryAuthentication/LdapOptionsExtensions.cs#L97 it is coded to use information from LdapOptions. It doesn't looks right to me.