search

dsbenghe / Novell.Directory.Ldap.NETStandard

.NET LDAP client library for .NET Standard >= 2.0, .NET Core >=1.0, NET5/NET6/NET7/NET8 - works with any LDAP protocol compatible directory server (including Microsoft Active Directory).
MIT License
558 stars 153 forks source link

Error:Connect Error #211

Closed MuhammadNazmi12 closed 2 years ago

MuhammadNazmi12 commented 2 years ago

Hello, I have a problem with this library. I try to connect login page with ldap port 636. Then, when I test it show the error message 'Error: Connect Error'. I already follow the step from the samples, interactive ssl, securebind and starttls. I don't know why even though I follow steps, but it's doesn't work.

try
{ if (id == String.Empty) { IdTxt.Text = "Please insert your id"; }else if (pass == String.Empty) { PassTxt.Text = "Password Missing. Please insert you password"; } else { LdapConnection conn = new LdapConnection(); conn.SecureSocketLayer = true; conn.UserDefinedServerCertValidationDelegate += new RemoteCertificateValidationCallback(SSLHandler); conn.Connect(ldapHost, ldapPort); conn.StartTls(); conn.Bind(ldapVersion, id, pass); ErrorLabel.Text = " SSL Bind Successfull"; Response.Redirect("Logout", false); }

} catch(LdapException a) { //Console.WriteLine("Error: " + a.LdapErrorMessage); ErrorLabel.Text ="Error: " + a.Message; }

    }

    public bool SSLHandler(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
    {
        X509Store store = null;
        X509Stores stores = X509StoreManager.CurrentUser;
        store = stores.TrustedRoot;
        bool isOk = true;
        X509Certificate x509 = null;
        X509CertificateCollection coll = new X509CertificateCollection();
        byte[] data = certificate.GetRawCertData();
        if (data !=null)
        {
            x509 = new X509Certificate(data);
            Response.Write("<b><u>CERTIFICATE DETAILS:</b></u> <br>");
            Response.Write("  Self Signed = " + x509.IsSelfSigned + "  X.509  version=" + x509.Version + "<br>");
            Response.Write("  Serial Number: " + CryptoConvert.ToHex(x509.SerialNumber) + "<br>");
            Response.Write("  Issuer Name:   " + x509.IssuerName.ToString() + "<br>");
            Response.Write("  Subject Name:  " + x509.SubjectName.ToString() + "<br>");
            Response.Write("  Valid From:    " + x509.ValidFrom.ToString() + "<br>");
            Response.Write("  Valid Until:   " + x509.ValidUntil.ToString() + "<br>");
            Response.Write("  Unique Hash:   " + CryptoConvert.ToHex(x509.Hash).ToString() + "<br>");
        }

        if (sslPolicyErrors != System.Net.Security.SslPolicyErrors.None)
        {
            for (int i = 0; i < chain.ChainStatus.Length; i++)
            {
                if (chain.ChainStatus[i].Status == System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.RevocationStatusUnknown)
                {
                    continue;
                }
                chain.ChainPolicy.RevocationFlag = System.Security.Cryptography.X509Certificates.X509RevocationFlag.EntireChain;
                chain.ChainPolicy.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.Online;
                chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 0);
                chain.ChainPolicy.VerificationFlags = System.Security.Cryptography.X509Certificates.X509VerificationFlags.AllFlags;
                bool chainIsValid = chain.Build((System.Security.Cryptography.X509Certificates.X509Certificate2)certificate);
                if (!chainIsValid)
                {
                    isOk = false;
                    break;
                }
            }
        }
        return isOk ;
    }