ASP.NET Boilerplate Authentication via LDAP over SSL (LDAPS)

Question

I am unable to confirm whether ASP.NET Boilerplate supports authentication using Active Directory's LDAP over SSL protocol. The documentation states that LDAP protocol is supported but there is no mention of remote authentication mechanism using LDAPS or similar procedures.

I assume ASP.NET Boilerplate uses System.DirectoryServices namespace and its components under the hood to process the LDAP authentication and if so, would it be better to try and alter the Boilerplate's code to support LDAPS by doing something similar to this or should I separate the LDAPS implementation into custom class and avoid using Boilerplate's LDAP at all?

Answer 1

To be specific, Abp Zero Ldap uses PrincipalContext from System.DirectoryServices.AccountManagement namespace

By default, it calls principalContext.ValidateCredentials() with ContextOptions.Negotiate to communicate with AD server

See https://github.com/aspnetboilerplate/aspnetboilerplate/blob/14e41c9ce2d902b2661fca63f4074943e9036c5b/src/Abp.Zero.Ldap/Ldap/Authentication/LdapAuthenticationSource.cs#L98

You can try override ValidateCredentials() and pass ContextOptiona.Negotiate | Context options.SecureSocketLayer to principalContext.ValidateCredentials()

See more https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices.accountmanagement.contextoptions

Abp Zero Ldap module will still be recommended for you as it is well integrated with Abp Zero user login flow.

If you still want to use LdapConnection to validate with AD server, you can create your own ldap authentication source by extending from LdapAuthenticationSource<TTenant, TUser>