0

When looking for a way to implement server certificate validation when accessing AD using LDAP with SSL, I have come across the following answer to one of the questions here on Stack Overflow - https://stackoverflow.com/a/41013779/6179181.

In the answer it is stated that:

You should not write validation yourself. Certificate validation is tricky business, and it's already done for you. Use the built-in stuff...

Is my understanding correct that there is a default algorithm for validating server SSL certificates? For example, will the following code perform implicit validation of the server's SSL certificate? If so, where I could read more about it (I did not find much information on MSDN)?

LdapConnection _connection = new LdapConnection(new LdapDirectoryIdentifier(m_DomainName, m_PortNo));
_connection.AuthType = AuthType.Basic;
_connection.Credential = new NetworkCredential(m_UserName, m_Password);
_connection.SessionOptions.SecureSocketLayer = true;
_connection.Bind();

EDIT:

Is the root CA that issued the certificate to the server validated against trusted root CAs in the local certificates store implicitly in the code above?

spektro37
  • 187
  • 1
  • 3
  • 12
  • Not exactly. The algorithms are checking the signed sections of a certificate. But you have to add a little overhead to get the correct sections of the certificate. And use the correct encryption classes. Most people are using TLS instead of SSL. – jdweng Feb 25 '20 at 16:08
  • @jdweng, could you please provide a bit more details and some examples? And thanks for the tip about TLS, I will look into it. – spektro37 Feb 25 '20 at 16:23
  • 1
    There are lots of SOAP and SMART Card Validation examples on the WEB which uses certificates. I usually for SOAP referrer back to a posting I solved a few years ago : https://stackoverflow.com/questions/46722997/saml-assertion-in-a-xml-using-c-sharp/46724392 – jdweng Feb 25 '20 at 17:02
  • @jdweng, thank you for the link, it is an interesting example, but I am not sure how it can be useful in my case, maybe I do not understand it well enough. Do you happen to know where I can find more information about the default server certificate validation that is built into LdapConnection? – spektro37 Feb 25 '20 at 17:40
  • The certification is an xml file which is text. Open the file to get a better idea. – jdweng Feb 25 '20 at 17:51

0 Answers0