Commit df5f4d2e authored by Marvin S. Addison's avatar Marvin S. Addison
Browse files

Add EdConstants class containing common ED constants and use in ED-ID sample.

Improve ED-ID sample for clarity and best practices.


git-svn-id: https://svn.middleware.vt.edu/svn/ed/edsamples@10061 fa4a4108-76f2-0310-9f0d-ba9fffaf4ff6
parent 3ee60641
......@@ -46,6 +46,7 @@
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="EdConstants.cs" />
<Compile Include="EdHostnameVerifier.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
......
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
namespace EdCommon
{
public class EdConstants
{
public const string ED_AUTH = "authn.directory.vt.edu";
public const string ED_ID = "id.directory.vt.edu";
public const string ED_LITE = "directory.vt.edu";
public const string SEARCH_BASE = "ou=People,dc=vt,dc=edu";
}
}
......@@ -8,10 +8,6 @@ namespace EdIdTest
{
class Program
{
const string LDAP_HOST = "id.directory.vt.edu";
const int LDAP_PORT = 636;
const string LDAP_BASE = "ou=people,dc=vt,dc=edu";
static void Main(string[] args)
{
if (args.Length < 2)
......@@ -22,52 +18,68 @@ namespace EdIdTest
// The following should be the uusid of your ED-ID service
string certCN = args[0];
string ldapQuery = args[1];
string ldapHost = EdConstants.ED_ID;
int ldapPort = 389;
Console.WriteLine(string.Format("Querying {0} as service {1} for {2}", LDAP_HOST, certCN, ldapQuery));
Console.WriteLine(string.Format("Querying {0} as service {1} for {2}", ldapHost, certCN, ldapQuery));
// Create connection and attempt to bind and search
LdapConnection conn = null;
try
{
conn = new LdapConnection(
new LdapDirectoryIdentifier(LDAP_HOST, LDAP_PORT),
new LdapDirectoryIdentifier(ldapHost, ldapPort),
null,
AuthType.External);
// VT Enterprise Directory requires LDAPv3
conn.SessionOptions.ProtocolVersion = 3;
conn.SessionOptions.SecureSocketLayer = true;
// Must use custom hostname verification strategy due to DNS aliases
conn.SessionOptions.VerifyServerCertificate += new VerifyServerCertificateCallback(
new EdHostnameVerifier(LDAP_HOST).VerifyCertificate);
conn.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(
new EdHostnameVerifier(ldapHost).VerifyCertificate);
// Look up client cert in Local Machine store by subject CN
conn.SessionOptions.QueryClientCertificate =
delegate(LdapConnection c, byte[][] trustedCAs)
{
X509Store lmStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
lmStore.Open(OpenFlags.ReadOnly);
// Uncomment the following lines to help diagnose cert problems
//Console.WriteLine();
//Console.WriteLine("Available certificates in Local Machine store:");
//foreach (X509Certificate cert in lmStore.Certificates)
//{
// Console.WriteLine(" " + cert.Subject);
//}
//Console.WriteLine("Querying Local Machine store for valid cert with subject " + certCN);
X509Certificate2Collection clientCerts = lmStore.Certificates.Find(
X509FindType.FindBySubjectName, certCN, true);
if (clientCerts.Count == 0)
try
{
lmStore.Open(OpenFlags.ReadOnly);
// Uncomment the following lines to help diagnose cert problems
//Console.WriteLine();
//Console.WriteLine("Available certificates in Local Machine store:");
//foreach (X509Certificate cert in lmStore.Certificates)
//{
// Console.WriteLine(" " + cert.Subject);
//}
//Console.WriteLine("Querying Local Machine store for valid cert with subject " + certCN);
X509Certificate2Collection clientCerts = lmStore.Certificates.Find(
X509FindType.FindBySubjectName, certCN, true);
if (clientCerts.Count == 0)
{
throw new ArgumentException("Cannot find valid certificate with subject " + certCN);
}
return clientCerts[0];
}
finally
{
throw new ArgumentException("Cannot find valid certificate with subject " + certCN);
lmStore.Close();
}
return clientCerts[0];
};
conn.SessionOptions.StartTransportLayerSecurity(null);
conn.Bind();
// The 4th parameter, attributeList, is omitted to indicate all available attributes
// 4th parameter, attributeList, is omitted to indicate all available attributes
SearchResponse response = (SearchResponse)conn.SendRequest(
new SearchRequest(LDAP_BASE, ldapQuery, SearchScope.Subtree));
new SearchRequest(EdConstants.SEARCH_BASE, ldapQuery, SearchScope.Subtree));
// Stopping TLS is demonstrated for completeness.
// Ideally ED-ID connections are pooled and the TLS session is maintained
// for the life of the connection.
conn.SessionOptions.StopTransportLayerSecurity();
// Print attributes of result entries
Console.WriteLine();
Console.WriteLine(response.Entries.Count + " entries found:");
foreach (SearchResultEntry entry in response.Entries)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment