LDAP authentication problem in ASP.NET Core for restricted users (logon workstations) using Novell.Directory.Ldap.NETStandard2_0
I use Novell.Directory.Ldap.NETStandard2_0 package to authenticate users from Active Directory and it works fine for most of users.
using (var cn = new LdapConnection())
cn.Connect(ldapOptions.Host, ldapOptions.Port);
var userDn = username.IndexOf('@') < 0 ? username + $"@ldapOptions.Domain" : username;
cn.Bind(userDn, password);
if (cn.Bound)
result.Result = AuthResult.Succeed;
result.Message = "Login Successful using LDAP: 0.";
return result;
The problem is when we need to authenticate users that are restricted to logon to only certain computers in our domain (Active Directory).
I added the computer that host my application (IIS & Win Server 2016) to the list but it still fails and restricted users cannot be authenticated yet.
How can I solve this issue? should I change my code? or Active Directory/IIS settings?
asp.net-mvc active-directory .net-core ldap windows-server
asked Nov 12 '18 at 8:07
Baratali QadamalizadaBaratali Qadamalizada
335
add a comment |
I use Novell.Directory.Ldap.NETStandard2_0 package to authenticate users from Active Directory and it works fine for most of users.
using (var cn = new LdapConnection())
cn.Connect(ldapOptions.Host, ldapOptions.Port);
var userDn = username.IndexOf('@') < 0 ? username + $"@ldapOptions.Domain" : username;
cn.Bind(userDn, password);
if (cn.Bound)
result.Result = AuthResult.Succeed;
result.Message = "Login Successful using LDAP: 0.";
return result;
The problem is when we need to authenticate users that are restricted to logon to only certain computers in our domain (Active Directory).
I added the computer that host my application (IIS & Win Server 2016) to the list but it still fails and restricted users cannot be authenticated yet.
How can I solve this issue? should I change my code? or Active Directory/IIS settings?
asp.net-mvc active-directory .net-core ldap windows-server
asked Nov 12 '18 at 8:07
Baratali QadamalizadaBaratali Qadamalizada
335
1
Do you have access to the domain controller logs? You could check to see which server the login is coming from and make sure it's the same computer you put in the list.
– Gabriel Luci
Nov 13 '18 at 14:25
So, I have to check it with sys admin guys. Do you have any idea which log should I check?
– Baratali Qadamalizada
Nov 14 '18 at 10:41
1
I'm not sure exactly. I just know that when I ask our admins to see where a login is coming from, they can tell me :)
– Gabriel Luci
Nov 14 '18 at 13:12
As I checked, the users can logon interactively but they cannot login through the network (like Remote Desktop and the LDAP-enabled web application)
– Baratali Qadamalizada
Dec 10 '18 at 7:04
add a comment |
I use Novell.Directory.Ldap.NETStandard2_0 package to authenticate users from Active Directory and it works fine for most of users.
using (var cn = new LdapConnection())
cn.Connect(ldapOptions.Host, ldapOptions.Port);
var userDn = username.IndexOf('@') < 0 ? username + $"@ldapOptions.Domain" : username;
cn.Bind(userDn, password);
if (cn.Bound)
result.Result = AuthResult.Succeed;
result.Message = "Login Successful using LDAP: 0.";
return result;
The problem is when we need to authenticate users that are restricted to logon to only certain computers in our domain (Active Directory).
I added the computer that host my application (IIS & Win Server 2016) to the list but it still fails and restricted users cannot be authenticated yet.
How can I solve this issue? should I change my code? or Active Directory/IIS settings?
asp.net-mvc active-directory .net-core ldap windows-server
asked Nov 12 '18 at 8:07
Baratali QadamalizadaBaratali Qadamalizada
335
I use Novell.Directory.Ldap.NETStandard2_0 package to authenticate users from Active Directory and it works fine for most of users.
using (var cn = new LdapConnection())
cn.Connect(ldapOptions.Host, ldapOptions.Port);
var userDn = username.IndexOf('@') < 0 ? username + $"@ldapOptions.Domain" : username;
cn.Bind(userDn, password);
if (cn.Bound)
result.Result = AuthResult.Succeed;
result.Message = "Login Successful using LDAP: 0.";
return result;
The problem is when we need to authenticate users that are restricted to logon to only certain computers in our domain (Active Directory).
I added the computer that host my application (IIS & Win Server 2016) to the list but it still fails and restricted users cannot be authenticated yet.
How can I solve this issue? should I change my code? or Active Directory/IIS settings?
asp.net-mvc active-directory .net-core ldap windows-server
asp.net-mvc active-directory .net-core ldap windows-server
asked Nov 12 '18 at 8:07
Baratali QadamalizadaBaratali Qadamalizada
335
asked Nov 12 '18 at 8:07
Baratali QadamalizadaBaratali Qadamalizada
335
asked Nov 12 '18 at 8:07
Baratali QadamalizadaBaratali Qadamalizada
335
asked Nov 12 '18 at 8:07
Baratali QadamalizadaBaratali Qadamalizada
335
asked Nov 12 '18 at 8:07
Baratali QadamalizadaBaratali Qadamalizada
335
335
1
Do you have access to the domain controller logs? You could check to see which server the login is coming from and make sure it's the same computer you put in the list.
– Gabriel Luci
Nov 13 '18 at 14:25
So, I have to check it with sys admin guys. Do you have any idea which log should I check?
– Baratali Qadamalizada
Nov 14 '18 at 10:41
1
I'm not sure exactly. I just know that when I ask our admins to see where a login is coming from, they can tell me :)
– Gabriel Luci
Nov 14 '18 at 13:12
As I checked, the users can logon interactively but they cannot login through the network (like Remote Desktop and the LDAP-enabled web application)
– Baratali Qadamalizada
Dec 10 '18 at 7:04
add a comment |
1
Do you have access to the domain controller logs? You could check to see which server the login is coming from and make sure it's the same computer you put in the list.
– Gabriel Luci
Nov 13 '18 at 14:25
So, I have to check it with sys admin guys. Do you have any idea which log should I check?
– Baratali Qadamalizada
Nov 14 '18 at 10:41
1
I'm not sure exactly. I just know that when I ask our admins to see where a login is coming from, they can tell me :)
– Gabriel Luci
Nov 14 '18 at 13:12
As I checked, the users can logon interactively but they cannot login through the network (like Remote Desktop and the LDAP-enabled web application)
– Baratali Qadamalizada
Dec 10 '18 at 7:04
1
1
Do you have access to the domain controller logs? You could check to see which server the login is coming from and make sure it's the same computer you put in the list.
– Gabriel Luci
Nov 13 '18 at 14:25
Do you have access to the domain controller logs? You could check to see which server the login is coming from and make sure it's the same computer you put in the list.
– Gabriel Luci
Nov 13 '18 at 14:25
So, I have to check it with sys admin guys. Do you have any idea which log should I check?
– Baratali Qadamalizada
Nov 14 '18 at 10:41
So, I have to check it with sys admin guys. Do you have any idea which log should I check?
– Baratali Qadamalizada
Nov 14 '18 at 10:41
1
1
I'm not sure exactly. I just know that when I ask our admins to see where a login is coming from, they can tell me :)
– Gabriel Luci
Nov 14 '18 at 13:12
I'm not sure exactly. I just know that when I ask our admins to see where a login is coming from, they can tell me :)
– Gabriel Luci
Nov 14 '18 at 13:12
As I checked, the users can logon interactively but they cannot login through the network (like Remote Desktop and the LDAP-enabled web application)
– Baratali Qadamalizada
Dec 10 '18 at 7:04
As I checked, the users can logon interactively but they cannot login through the network (like Remote Desktop and the LDAP-enabled web application)
– Baratali Qadamalizada
Dec 10 '18 at 7:04
add a comment |
1 Answer
1
active
oldest
votes
LDAP authentication is generally sourced from the domain controller(s), so the domain controller(s) configured as the LDAP host need to be present in the logon workstations (userWorkstations) list.
answered Dec 4 '18 at 16:21
LisaJLisaJ
740213
Thanks for your answer. It worked. We also have an exchange server that has OWA (outlook web access) enabled. I noticed that Our limited users could login into OWA without any problem while we only added mail (host name) in the logon workstations. Do you have any idea about how OWA do LDAP authentication?
– Baratali Qadamalizada
Dec 10 '18 at 7:29
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53258020%2fldap-authentication-problem-in-asp-net-core-for-restricted-users-logon-workstat%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
LDAP authentication is generally sourced from the domain controller(s), so the domain controller(s) configured as the LDAP host need to be present in the logon workstations (userWorkstations) list.
answered Dec 4 '18 at 16:21
LisaJLisaJ
740213
Thanks for your answer. It worked. We also have an exchange server that has OWA (outlook web access) enabled. I noticed that Our limited users could login into OWA without any problem while we only added mail (host name) in the logon workstations. Do you have any idea about how OWA do LDAP authentication?
– Baratali Qadamalizada
Dec 10 '18 at 7:29
add a comment |
LDAP authentication is generally sourced from the domain controller(s), so the domain controller(s) configured as the LDAP host need to be present in the logon workstations (userWorkstations) list.
answered Dec 4 '18 at 16:21
LisaJLisaJ
740213
Thanks for your answer. It worked. We also have an exchange server that has OWA (outlook web access) enabled. I noticed that Our limited users could login into OWA without any problem while we only added mail (host name) in the logon workstations. Do you have any idea about how OWA do LDAP authentication?
– Baratali Qadamalizada
Dec 10 '18 at 7:29
add a comment |
LDAP authentication is generally sourced from the domain controller(s), so the domain controller(s) configured as the LDAP host need to be present in the logon workstations (userWorkstations) list.
answered Dec 4 '18 at 16:21
LisaJLisaJ
740213
LDAP authentication is generally sourced from the domain controller(s), so the domain controller(s) configured as the LDAP host need to be present in the logon workstations (userWorkstations) list.
answered Dec 4 '18 at 16:21
LisaJLisaJ
740213
answered Dec 4 '18 at 16:21
LisaJLisaJ
740213
answered Dec 4 '18 at 16:21
LisaJLisaJ
740213
answered Dec 4 '18 at 16:21
LisaJLisaJ
740213
740213
Thanks for your answer. It worked. We also have an exchange server that has OWA (outlook web access) enabled. I noticed that Our limited users could login into OWA without any problem while we only added mail (host name) in the logon workstations. Do you have any idea about how OWA do LDAP authentication?
– Baratali Qadamalizada
Dec 10 '18 at 7:29
add a comment |
Thanks for your answer. It worked. We also have an exchange server that has OWA (outlook web access) enabled. I noticed that Our limited users could login into OWA without any problem while we only added mail (host name) in the logon workstations. Do you have any idea about how OWA do LDAP authentication?
– Baratali Qadamalizada
Dec 10 '18 at 7:29
Thanks for your answer. It worked. We also have an exchange server that has OWA (outlook web access) enabled. I noticed that Our limited users could login into OWA without any problem while we only added mail (host name) in the logon workstations. Do you have any idea about how OWA do LDAP authentication?
– Baratali Qadamalizada
Dec 10 '18 at 7:29
Thanks for your answer. It worked. We also have an exchange server that has OWA (outlook web access) enabled. I noticed that Our limited users could login into OWA without any problem while we only added mail (host name) in the logon workstations. Do you have any idea about how OWA do LDAP authentication?
– Baratali Qadamalizada
Dec 10 '18 at 7:29
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53258020%2fldap-authentication-problem-in-asp-net-core-for-restricted-users-logon-workstat%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Do you have access to the domain controller logs? You could check to see which server the login is coming from and make sure it's the same computer you put in the list.
– Gabriel Luci
Nov 13 '18 at 14:25
So, I have to check it with sys admin guys. Do you have any idea which log should I check?
– Baratali Qadamalizada
Nov 14 '18 at 10:41
1
I'm not sure exactly. I just know that when I ask our admins to see where a login is coming from, they can tell me :)
– Gabriel Luci
Nov 14 '18 at 13:12
As I checked, the users can logon interactively but they cannot login through the network (like Remote Desktop and the LDAP-enabled web application)
– Baratali Qadamalizada
Dec 10 '18 at 7:04