LDAP authentication problem in ASP.NET Core for restricted users (logon workstations) using Novell.Directory.Ldap.NETStandard2_0
I use Novell.Directory.Ldap.NETStandard2_0 package to authenticate users from Active Directory and it works fine for most of users.
using (var cn = new LdapConnection())
cn.Connect(ldapOptions.Host, ldapOptions.Port);
var userDn = username.IndexOf('@') < 0 ? username + $"@ldapOptions.Domain" : username;
cn.Bind(userDn, password);
if (cn.Bound)
result.Result = AuthResult.Succeed;
result.Message = "Login Successful using LDAP: 0.";
return result;
The problem is when we need to authenticate users that are restricted to logon to only certain computers in our domain (Active Directory).
I added the computer that host my application (IIS & Win Server 2016) to the list but it still fails and restricted users cannot be authenticated yet.
How can I solve this issue? should I change my code? or Active Directory/IIS settings?
asp.net-mvc active-directory .net-core ldap windows-server
asked Nov 12 at 8:07
Baratali Qadamalizada
335
add a comment |
I use Novell.Directory.Ldap.NETStandard2_0 package to authenticate users from Active Directory and it works fine for most of users.
using (var cn = new LdapConnection())
cn.Connect(ldapOptions.Host, ldapOptions.Port);
var userDn = username.IndexOf('@') < 0 ? username + $"@ldapOptions.Domain" : username;
cn.Bind(userDn, password);
if (cn.Bound)
result.Result = AuthResult.Succeed;
result.Message = "Login Successful using LDAP: 0.";
return result;
The problem is when we need to authenticate users that are restricted to logon to only certain computers in our domain (Active Directory).
I added the computer that host my application (IIS & Win Server 2016) to the list but it still fails and restricted users cannot be authenticated yet.
How can I solve this issue? should I change my code? or Active Directory/IIS settings?
asp.net-mvc active-directory .net-core ldap windows-server
asked Nov 12 at 8:07
Baratali Qadamalizada
335
1
Do you have access to the domain controller logs? You could check to see which server the login is coming from and make sure it's the same computer you put in the list.
– Gabriel Luci
Nov 13 at 14:25
So, I have to check it with sys admin guys. Do you have any idea which log should I check?
– Baratali Qadamalizada
Nov 14 at 10:41
1
I'm not sure exactly. I just know that when I ask our admins to see where a login is coming from, they can tell me :)
– Gabriel Luci
Nov 14 at 13:12
As I checked, the users can logon interactively but they cannot login through the network (like Remote Desktop and the LDAP-enabled web application)
– Baratali Qadamalizada
Dec 10 at 7:04
add a comment |
I use Novell.Directory.Ldap.NETStandard2_0 package to authenticate users from Active Directory and it works fine for most of users.
using (var cn = new LdapConnection())
cn.Connect(ldapOptions.Host, ldapOptions.Port);
var userDn = username.IndexOf('@') < 0 ? username + $"@ldapOptions.Domain" : username;
cn.Bind(userDn, password);
if (cn.Bound)
result.Result = AuthResult.Succeed;
result.Message = "Login Successful using LDAP: 0.";
return result;
The problem is when we need to authenticate users that are restricted to logon to only certain computers in our domain (Active Directory).
I added the computer that host my application (IIS & Win Server 2016) to the list but it still fails and restricted users cannot be authenticated yet.
How can I solve this issue? should I change my code? or Active Directory/IIS settings?
asp.net-mvc active-directory .net-core ldap windows-server
asked Nov 12 at 8:07
Baratali Qadamalizada
335
I use Novell.Directory.Ldap.NETStandard2_0 package to authenticate users from Active Directory and it works fine for most of users.
using (var cn = new LdapConnection())
cn.Connect(ldapOptions.Host, ldapOptions.Port);
var userDn = username.IndexOf('@') < 0 ? username + $"@ldapOptions.Domain" : username;
cn.Bind(userDn, password);
if (cn.Bound)
result.Result = AuthResult.Succeed;
result.Message = "Login Successful using LDAP: 0.";
return result;
The problem is when we need to authenticate users that are restricted to logon to only certain computers in our domain (Active Directory).
I added the computer that host my application (IIS & Win Server 2016) to the list but it still fails and restricted users cannot be authenticated yet.
How can I solve this issue? should I change my code? or Active Directory/IIS settings?
asp.net-mvc active-directory .net-core ldap windows-server
asp.net-mvc active-directory .net-core ldap windows-server
asked Nov 12 at 8:07
Baratali Qadamalizada
335
asked Nov 12 at 8:07
Baratali Qadamalizada
335
asked Nov 12 at 8:07
Baratali Qadamalizada
335
asked Nov 12 at 8:07
Baratali Qadamalizada
335
asked Nov 12 at 8:07
Baratali Qadamalizada
335
335
1
Do you have access to the domain controller logs? You could check to see which server the login is coming from and make sure it's the same computer you put in the list.
– Gabriel Luci
Nov 13 at 14:25
So, I have to check it with sys admin guys. Do you have any idea which log should I check?
– Baratali Qadamalizada
Nov 14 at 10:41
1
I'm not sure exactly. I just know that when I ask our admins to see where a login is coming from, they can tell me :)
– Gabriel Luci
Nov 14 at 13:12
As I checked, the users can logon interactively but they cannot login through the network (like Remote Desktop and the LDAP-enabled web application)
– Baratali Qadamalizada
Dec 10 at 7:04
add a comment |
1
Do you have access to the domain controller logs? You could check to see which server the login is coming from and make sure it's the same computer you put in the list.
– Gabriel Luci
Nov 13 at 14:25
So, I have to check it with sys admin guys. Do you have any idea which log should I check?
– Baratali Qadamalizada
Nov 14 at 10:41
1
I'm not sure exactly. I just know that when I ask our admins to see where a login is coming from, they can tell me :)
– Gabriel Luci
Nov 14 at 13:12
As I checked, the users can logon interactively but they cannot login through the network (like Remote Desktop and the LDAP-enabled web application)
– Baratali Qadamalizada
Dec 10 at 7:04
1
1
Do you have access to the domain controller logs? You could check to see which server the login is coming from and make sure it's the same computer you put in the list.
– Gabriel Luci
Nov 13 at 14:25
Do you have access to the domain controller logs? You could check to see which server the login is coming from and make sure it's the same computer you put in the list.
– Gabriel Luci
Nov 13 at 14:25
So, I have to check it with sys admin guys. Do you have any idea which log should I check?
– Baratali Qadamalizada
Nov 14 at 10:41
So, I have to check it with sys admin guys. Do you have any idea which log should I check?
– Baratali Qadamalizada
Nov 14 at 10:41
1
1
I'm not sure exactly. I just know that when I ask our admins to see where a login is coming from, they can tell me :)
– Gabriel Luci
Nov 14 at 13:12
I'm not sure exactly. I just know that when I ask our admins to see where a login is coming from, they can tell me :)
– Gabriel Luci
Nov 14 at 13:12
As I checked, the users can logon interactively but they cannot login through the network (like Remote Desktop and the LDAP-enabled web application)
– Baratali Qadamalizada
Dec 10 at 7:04
As I checked, the users can logon interactively but they cannot login through the network (like Remote Desktop and the LDAP-enabled web application)
– Baratali Qadamalizada
Dec 10 at 7:04
add a comment |
1 Answer
1
active
oldest
votes
LDAP authentication is generally sourced from the domain controller(s), so the domain controller(s) configured as the LDAP host need to be present in the logon workstations (userWorkstations) list.
answered Dec 4 at 16:21
LisaJ
630113
Thanks for your answer. It worked. We also have an exchange server that has OWA (outlook web access) enabled. I noticed that Our limited users could login into OWA without any problem while we only added mail (host name) in the logon workstations. Do you have any idea about how OWA do LDAP authentication?
– Baratali Qadamalizada
Dec 10 at 7:29
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53258020%2fldap-authentication-problem-in-asp-net-core-for-restricted-users-logon-workstat%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
LDAP authentication is generally sourced from the domain controller(s), so the domain controller(s) configured as the LDAP host need to be present in the logon workstations (userWorkstations) list.
answered Dec 4 at 16:21
LisaJ
630113
Thanks for your answer. It worked. We also have an exchange server that has OWA (outlook web access) enabled. I noticed that Our limited users could login into OWA without any problem while we only added mail (host name) in the logon workstations. Do you have any idea about how OWA do LDAP authentication?
– Baratali Qadamalizada
Dec 10 at 7:29
add a comment |
LDAP authentication is generally sourced from the domain controller(s), so the domain controller(s) configured as the LDAP host need to be present in the logon workstations (userWorkstations) list.
answered Dec 4 at 16:21
LisaJ
630113
Thanks for your answer. It worked. We also have an exchange server that has OWA (outlook web access) enabled. I noticed that Our limited users could login into OWA without any problem while we only added mail (host name) in the logon workstations. Do you have any idea about how OWA do LDAP authentication?
– Baratali Qadamalizada
Dec 10 at 7:29
add a comment |
LDAP authentication is generally sourced from the domain controller(s), so the domain controller(s) configured as the LDAP host need to be present in the logon workstations (userWorkstations) list.
answered Dec 4 at 16:21
LisaJ
630113
LDAP authentication is generally sourced from the domain controller(s), so the domain controller(s) configured as the LDAP host need to be present in the logon workstations (userWorkstations) list.
answered Dec 4 at 16:21
LisaJ
630113
answered Dec 4 at 16:21
LisaJ
630113
answered Dec 4 at 16:21
LisaJ
630113
answered Dec 4 at 16:21
LisaJ
630113
630113
Thanks for your answer. It worked. We also have an exchange server that has OWA (outlook web access) enabled. I noticed that Our limited users could login into OWA without any problem while we only added mail (host name) in the logon workstations. Do you have any idea about how OWA do LDAP authentication?
– Baratali Qadamalizada
Dec 10 at 7:29
add a comment |
Thanks for your answer. It worked. We also have an exchange server that has OWA (outlook web access) enabled. I noticed that Our limited users could login into OWA without any problem while we only added mail (host name) in the logon workstations. Do you have any idea about how OWA do LDAP authentication?
– Baratali Qadamalizada
Dec 10 at 7:29
Thanks for your answer. It worked. We also have an exchange server that has OWA (outlook web access) enabled. I noticed that Our limited users could login into OWA without any problem while we only added mail (host name) in the logon workstations. Do you have any idea about how OWA do LDAP authentication?
– Baratali Qadamalizada
Dec 10 at 7:29
Thanks for your answer. It worked. We also have an exchange server that has OWA (outlook web access) enabled. I noticed that Our limited users could login into OWA without any problem while we only added mail (host name) in the logon workstations. Do you have any idea about how OWA do LDAP authentication?
– Baratali Qadamalizada
Dec 10 at 7:29
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53258020%2fldap-authentication-problem-in-asp-net-core-for-restricted-users-logon-workstat%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Do you have access to the domain controller logs? You could check to see which server the login is coming from and make sure it's the same computer you put in the list.
– Gabriel Luci
Nov 13 at 14:25
So, I have to check it with sys admin guys. Do you have any idea which log should I check?
– Baratali Qadamalizada
Nov 14 at 10:41
1
I'm not sure exactly. I just know that when I ask our admins to see where a login is coming from, they can tell me :)
– Gabriel Luci
Nov 14 at 13:12
As I checked, the users can logon interactively but they cannot login through the network (like Remote Desktop and the LDAP-enabled web application)
– Baratali Qadamalizada
Dec 10 at 7:04