Commit c1673fa3 authored by Marvin S. Addison's avatar Marvin S. Addison
Browse files

Provide custom hostname verification strategy that is suitable for ED in

a separate EdCommon library that could be used by other parties at VT.
Demonstate usage in EdIdTest console program.


git-svn-id: https://svn.middleware.vt.edu/svn/ed/edsamples@10056 fa4a4108-76f2-0310-9f0d-ba9fffaf4ff6
parent 21fa225d
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="3.5" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProductVersion>9.0.30729</ProductVersion>
<SchemaVersion>2.0</SchemaVersion>
<ProjectGuid>{88836A16-D3D0-4453-95C8-4ACC8DA91D18}</ProjectGuid>
<OutputType>Library</OutputType>
<AppDesignerFolder>Properties</AppDesignerFolder>
<RootNamespace>EdCommon</RootNamespace>
<AssemblyName>EdCommon</AssemblyName>
<TargetFrameworkVersion>v3.5</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Core">
<RequiredTargetFramework>3.5</RequiredTargetFramework>
</Reference>
<Reference Include="System.DirectoryServices.Protocols" />
<Reference Include="System.Xml.Linq">
<RequiredTargetFramework>3.5</RequiredTargetFramework>
</Reference>
<Reference Include="System.Data.DataSetExtensions">
<RequiredTargetFramework>3.5</RequiredTargetFramework>
</Reference>
<Reference Include="System.Data" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="EdHostnameVerifier.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<!-- To modify your build process, add your task inside one of the targets below and uncomment it.
Other similar extension points exist, see Microsoft.Common.targets.
<Target Name="BeforeBuild">
</Target>
<Target Name="AfterBuild">
</Target>
-->
</Project>
\ No newline at end of file
using System;
using System.Diagnostics;
using System.DirectoryServices.Protocols;
using System.Security.Cryptography.X509Certificates;
namespace EdCommon
{
public class EdHostnameVerifier
{
public const string SUBJECT_ALT_NAME_OID = "2.5.29.17";
public EdHostnameVerifier(string hostName)
{
if (hostName == null)
{
throw new ArgumentNullException("hostName");
}
HostName = hostName;
}
public string HostName
{
get;
protected set;
}
public bool VerifyCertificate(LdapConnection connection, X509Certificate certificate)
{
Trace.WriteLine("Verifying certificate for host " + connection.SessionOptions.HostName);
X509Certificate2 extendedCert = new X509Certificate2(certificate);
X509Extension subjectAltNames = extendedCert.Extensions[SUBJECT_ALT_NAME_OID];
if (subjectAltNames != null)
{
foreach (string altName in subjectAltNames.Format(true).Split('\n'))
{
Trace.WriteLine("Evaluating alt name " + altName);
if (altName.Trim().EndsWith(HostName))
{
return true;
}
}
}
return false;
}
}
}
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("EdCommon")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("EdCommon")]
[assembly: AssemblyCopyright("Copyright © 2010")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
// Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]
// The following GUID is for the ID of the typelib if this project is exposed to COM
[assembly: Guid("e82cc41f-6c37-4557-9334-becdb11a74f6")]
// Version information for an assembly consists of the following four values:
//
// Major Version
// Minor Version
// Build Number
// Revision
//
// You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]
......@@ -49,6 +49,12 @@
<Compile Include="Program.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\EdCommon\EdCommon.csproj">
<Project>{88836A16-D3D0-4453-95C8-4ACC8DA91D18}</Project>
<Name>EdCommon</Name>
</ProjectReference>
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<!-- To modify your build process, add your task inside one of the targets below and uncomment it.
Other similar extension points exist, see Microsoft.Common.targets.
......
......@@ -2,11 +2,13 @@
using System.Security.Cryptography.X509Certificates;
using System.DirectoryServices.Protocols;
using EdCommon;
namespace EdIdTest
{
class Program
{
const string LDAP_HOST = "ed.middleware.vt.edu";
const string LDAP_HOST = "id.directory.vt.edu";
const int LDAP_PORT = 636;
const string LDAP_BASE = "ou=people,dc=vt,dc=edu";
......@@ -34,6 +36,8 @@ namespace EdIdTest
// VT Enterprise Directory requires LDAPv3
conn.SessionOptions.ProtocolVersion = 3;
conn.SessionOptions.SecureSocketLayer = true;
conn.SessionOptions.VerifyServerCertificate += new VerifyServerCertificateCallback(
new EdHostnameVerifier(LDAP_HOST).VerifyCertificate);
// Look up client cert in Local Machine store by subject CN
conn.SessionOptions.QueryClientCertificate =
......
......@@ -3,6 +3,8 @@ Microsoft Visual Studio Solution File, Format Version 10.00
# Visual Studio 2008
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EdIdTest", "EdIdTest\EdIdTest.csproj", "{2899C510-962B-47C3-B972-F9FB7871FE27}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EdCommon", "EdCommon\EdCommon.csproj", "{88836A16-D3D0-4453-95C8-4ACC8DA91D18}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
......@@ -13,6 +15,10 @@ Global
{2899C510-962B-47C3-B972-F9FB7871FE27}.Debug|Any CPU.Build.0 = Debug|Any CPU
{2899C510-962B-47C3-B972-F9FB7871FE27}.Release|Any CPU.ActiveCfg = Release|Any CPU
{2899C510-962B-47C3-B972-F9FB7871FE27}.Release|Any CPU.Build.0 = Release|Any CPU
{88836A16-D3D0-4453-95C8-4ACC8DA91D18}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{88836A16-D3D0-4453-95C8-4ACC8DA91D18}.Debug|Any CPU.Build.0 = Debug|Any CPU
{88836A16-D3D0-4453-95C8-4ACC8DA91D18}.Release|Any CPU.ActiveCfg = Release|Any CPU
{88836A16-D3D0-4453-95C8-4ACC8DA91D18}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment