Commit df5f4d2e authored by Marvin S. Addison's avatar Marvin S. Addison
Browse files

Add EdConstants class containing common ED constants and use in ED-ID sample.

Improve ED-ID sample for clarity and best practices.


git-svn-id: https://svn.middleware.vt.edu/svn/ed/edsamples@10061 fa4a4108-76f2-0310-9f0d-ba9fffaf4ff6
parent 3ee60641
...@@ -46,6 +46,7 @@ ...@@ -46,6 +46,7 @@
<Reference Include="System.Xml" /> <Reference Include="System.Xml" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<Compile Include="EdConstants.cs" />
<Compile Include="EdHostnameVerifier.cs" /> <Compile Include="EdHostnameVerifier.cs" />
<Compile Include="Properties\AssemblyInfo.cs" /> <Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup> </ItemGroup>
......
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
namespace EdCommon
{
public class EdConstants
{
public const string ED_AUTH = "authn.directory.vt.edu";
public const string ED_ID = "id.directory.vt.edu";
public const string ED_LITE = "directory.vt.edu";
public const string SEARCH_BASE = "ou=People,dc=vt,dc=edu";
}
}
...@@ -8,10 +8,6 @@ namespace EdIdTest ...@@ -8,10 +8,6 @@ namespace EdIdTest
{ {
class Program class Program
{ {
const string LDAP_HOST = "id.directory.vt.edu";
const int LDAP_PORT = 636;
const string LDAP_BASE = "ou=people,dc=vt,dc=edu";
static void Main(string[] args) static void Main(string[] args)
{ {
if (args.Length < 2) if (args.Length < 2)
...@@ -22,52 +18,68 @@ namespace EdIdTest ...@@ -22,52 +18,68 @@ namespace EdIdTest
// The following should be the uusid of your ED-ID service // The following should be the uusid of your ED-ID service
string certCN = args[0]; string certCN = args[0];
string ldapQuery = args[1]; string ldapQuery = args[1];
string ldapHost = EdConstants.ED_ID;
int ldapPort = 389;
Console.WriteLine(string.Format("Querying {0} as service {1} for {2}", LDAP_HOST, certCN, ldapQuery)); Console.WriteLine(string.Format("Querying {0} as service {1} for {2}", ldapHost, certCN, ldapQuery));
// Create connection and attempt to bind and search // Create connection and attempt to bind and search
LdapConnection conn = null; LdapConnection conn = null;
try try
{ {
conn = new LdapConnection( conn = new LdapConnection(
new LdapDirectoryIdentifier(LDAP_HOST, LDAP_PORT), new LdapDirectoryIdentifier(ldapHost, ldapPort),
null, null,
AuthType.External); AuthType.External);
// VT Enterprise Directory requires LDAPv3 // VT Enterprise Directory requires LDAPv3
conn.SessionOptions.ProtocolVersion = 3; conn.SessionOptions.ProtocolVersion = 3;
conn.SessionOptions.SecureSocketLayer = true;
// Must use custom hostname verification strategy due to DNS aliases // Must use custom hostname verification strategy due to DNS aliases
conn.SessionOptions.VerifyServerCertificate += new VerifyServerCertificateCallback( conn.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(
new EdHostnameVerifier(LDAP_HOST).VerifyCertificate); new EdHostnameVerifier(ldapHost).VerifyCertificate);
// Look up client cert in Local Machine store by subject CN // Look up client cert in Local Machine store by subject CN
conn.SessionOptions.QueryClientCertificate = conn.SessionOptions.QueryClientCertificate =
delegate(LdapConnection c, byte[][] trustedCAs) delegate(LdapConnection c, byte[][] trustedCAs)
{ {
X509Store lmStore = new X509Store(StoreName.My, StoreLocation.LocalMachine); X509Store lmStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
lmStore.Open(OpenFlags.ReadOnly); try
// Uncomment the following lines to help diagnose cert problems {
//Console.WriteLine(); lmStore.Open(OpenFlags.ReadOnly);
//Console.WriteLine("Available certificates in Local Machine store:"); // Uncomment the following lines to help diagnose cert problems
//foreach (X509Certificate cert in lmStore.Certificates) //Console.WriteLine();
//{ //Console.WriteLine("Available certificates in Local Machine store:");
// Console.WriteLine(" " + cert.Subject); //foreach (X509Certificate cert in lmStore.Certificates)
//} //{
//Console.WriteLine("Querying Local Machine store for valid cert with subject " + certCN); // Console.WriteLine(" " + cert.Subject);
X509Certificate2Collection clientCerts = lmStore.Certificates.Find( //}
X509FindType.FindBySubjectName, certCN, true); //Console.WriteLine("Querying Local Machine store for valid cert with subject " + certCN);
if (clientCerts.Count == 0) X509Certificate2Collection clientCerts = lmStore.Certificates.Find(
X509FindType.FindBySubjectName, certCN, true);
if (clientCerts.Count == 0)
{
throw new ArgumentException("Cannot find valid certificate with subject " + certCN);
}
return clientCerts[0];
}
finally
{ {
throw new ArgumentException("Cannot find valid certificate with subject " + certCN); lmStore.Close();
} }
return clientCerts[0];
}; };
conn.SessionOptions.StartTransportLayerSecurity(null);
conn.Bind(); conn.Bind();
// The 4th parameter, attributeList, is omitted to indicate all available attributes // 4th parameter, attributeList, is omitted to indicate all available attributes
SearchResponse response = (SearchResponse)conn.SendRequest( SearchResponse response = (SearchResponse)conn.SendRequest(
new SearchRequest(LDAP_BASE, ldapQuery, SearchScope.Subtree)); new SearchRequest(EdConstants.SEARCH_BASE, ldapQuery, SearchScope.Subtree));
// Stopping TLS is demonstrated for completeness.
// Ideally ED-ID connections are pooled and the TLS session is maintained
// for the life of the connection.
conn.SessionOptions.StopTransportLayerSecurity();
// Print attributes of result entries
Console.WriteLine(); Console.WriteLine();
Console.WriteLine(response.Entries.Count + " entries found:"); Console.WriteLine(response.Entries.Count + " entries found:");
foreach (SearchResultEntry entry in response.Entries) foreach (SearchResultEntry entry in response.Entries)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment