Incorrect use of username/password on LdapOptionsExtensions.Connect for Visus.DirectoryAuthentication - Githubissues

UniStuttgart-VISUS / Visus.LdapAuthentication

LDAP authentication middleware for ASP.NET Core

MIT License

24 stars 8 forks source link

Incorrect use of username/password on LdapOptionsExtensions.Connect for Visus.DirectoryAuthentication #10

Closed Maxhy closed 6 months ago

Maxhy commented 6 months ago

Affected library

[ ] Visus.LdapAuthentication
[x] Visus.DirectoryAuthentication

Environment

Library version 0.8.0
OS: Windows 11
.NET: 8
LDAP Server: OpenLDAP

Summary The use of username/password from method parameters or LdapOptions is inconsistent on Visus.DirectoryAuthentication implementation. On Visus.LdapAuthentication the code is using authentication information passed in parameters where here https://github.com/UniStuttgart-VISUS/Visus.LdapAuthentication/blob/e558e1f3e1780b56c6b89775ae5328c10e38e1b3/Visus.DirectoryAuthentication/LdapOptionsExtensions.cs#L91 and https://github.com/UniStuttgart-VISUS/Visus.LdapAuthentication/blob/e558e1f3e1780b56c6b89775ae5328c10e38e1b3/Visus.DirectoryAuthentication/LdapOptionsExtensions.cs#L97 it is coded to use information from LdapOptions. It doesn't looks right to me.

crowbar27 commented 6 months ago

Thanks for pointing that out. That is actually critical.

crowbar27 commented 6 months ago

Fixed in 0.9.0