I executed the code as below to modify an attribute value in Active Directory via ldaps.It worked properly.In addition, I found the packets were encrypted when I analyzed the packets captured by tcpdump via WireShark.
using (DirectoryEntry entry = new DirectoryEntry("LDAP://192.168.109.4:636/OU=People,DC=dev,DC=com", "dev\\user", "password"))
{
entry.Properties["description"].Value = "a new description";
entry.CommitChanges();
entry.Close();
}
However, I have one question.I guess that the statement below is requried to encrypt packets via ldaps.
entry.AuthenticationType = AuthenticationTypes.SecureSocketsLayer;
In this case, it worked well without the statement as above.
Does anyone know the reason?
Did you see the SSL handshake when the connection opened? Usually SSL won't even work when you're accessing it with an IP address. It can also encrypt using Kerberos, which will work on port 389 using an IP address, although you usually have to specify AuthenticationTypes.Sealing for that.
However, it does know that port 636 is the LDAPS port, so if you specify port 636, it will automatically do the SSL handshake.
You can also exclude the port and specify AuthenticationTypes.SecureSocketsLayer, and it will automatically connect via port 636:
new DirectoryEntry(
"LDAP://dev.com/OU=People,DC=dev,DC=com",
"dev\\user", "password",
AuthenticationTypes.Secure | AuthenticationTypes.SecureSocketsLayer
)
AuthenticationType is Secure by default.
SSL is a server-side configuration so the LDAP Server Admin must have enabled SSL.
Related
This is the issue.
I have an https request. The request is is being sent as an SSL / TLS request (Not the CONNECT .... that comes from a browser with the proxy setup).
I need to write a proxy in c# that blocks a specific https://foo.com/foo.htm request but lets through https://foo.com/anything_else.htm.
I can do this fine creating a MITM attack with a new certificate etc etc.
But Im now wondering if there is an easy way to do this Im missing without using a MITM attack as I have no need to decrypt the data. I only need to know the URI/file.
I can easily just transfer streams but I want to know if there is a simple way to transfer the streams after I have read the URI and file.
I can write some fancy code to pull apart the tcp request and thats what I may have to do.
Anybody any ideas before I go down this path. Remember there is no CONNECT request. Just direct SSL / TLS.
The main reason for this is it just makes things simpler not creating self signed certificates etc.
Maybe its even possible to use the real certificate somehow from the server end as I dont need to decrypt any of the no header data.
I find the networking side of c# is not very well documented and a little all over the place.
Just for reference i can get the URI from the TcpClient using:
IPEndPoint ipEndPoint = (IPEndPoint)clientTcpClient.Client.RemoteEndPoint;
IPAddress ipAddress = ipEndPoint.Address;
// Get the hostname.
IPHostEntry ipHostEntry = Dns.GetHostEntry(ipAddress);
String hostName = ipHostEntry.HostName;
// Get the port.
Int32 port = ipEndPoint.Port;
But not the requested page.
While the target hostname might be visible in the TLS handshake as SNI extension or by analyzing the certificate returned by the server the path component of the URL is only contained in the HTTP request. Since this HTTP request is only done after TLS handshake and the request is thus already encrypted you cannot get to the full path without decrypting the request. This means that blocking access to a specific path is not possible without SSL man in the middle and thus requires a certificate for the target site owned by the man in the middle and trusted by the client.
Not that this is true for CONNECT requests too since these requests only contain the target hostname but the path component is again only contained in the encrypted HTTP request sent inside the tunnel created by CONNECT.
I've looked at 3 or 4 questions here so far and they haven't helped yet.
I have set up SmarterMail 14.x on a client's machine. I know very little about setting up mail servers (I don't know why he thinks I do) but I have it installed, a domain set up pointing to the MX record, the port open (9998) and I am able to send email just fine from the web interface.
However, I can't send email from Sql or from C#. I created a quick and dirty app to allow me to enter the server, port, credentials, and to/from and I get this response every time:
[Inner Exception]
Unable to connect to the remote server
[Details]
System.Net.Mail.SmtpException: Failure sending mail. ---> > System.Net.WebException: Unable to connect to the remote server ---> > System.Net.Sockets.SocketException: No connection could be made because the > target machine actively refused it 204.12.49.188:25
I've tried multiple logins. I've also confirmed that SMTP is turned on and IMAP/POP3 is turned off. I'd post images of it but unfortunately I can't yet.
The code to send is below and it is about as simple as it gets:
SmtpClient client = new SmtpClient(ServerTextBox.Text, Convert.ToInt32(PortTextBox.Text));
NetworkCredential login = new NetworkCredential(UsernameTextBox.Text, PasswordTextBox.Text);
client.Credentials = login;
MailMessage message = new MailMessage(FromTextBox.Text, ToTextBox.Text, "Wine and Spirits Jobs Alerts", "Below are this week's job alerts: There are no job alerts at this time");
client.SendCompleted += HandleSendCompleted;
client.SendAsync(message, null);
I've also tried it locally on their VPS and on my machine. I've turned on and off the firewall and I've got a specific rule allowing outgoing traffic on 9998 (and you can log into the web interface remotely) so this isn't a matter of being able to contact it.
I'm at a loss of what to do. If someone can help??
EDIT: It's clear I was using the wrong port - 9998 instead of 25. Using port 25 now tells me either time out or that it was actively refused. The firewall does have specific rules for port 25 that allow all traffic, so it shouldn't be stopped.
EDIT 2: I've re-created the MX record on the domain and ensured it is pointing to the correct IP address. I've also re-created the domain in Smartermail and made sure SMTP is turned on, authentication is required, SSL is not, POP and IMAP are turned off, and that my login is correct. I've also tried turning on and off the firewall. No dice.
I finally solved the issue.
It had nothing to do with firewalls or the MX record or using/not using an IP address and everything to do with the fact that while port 25 was indeed assigned to SMTP and SMTP was indeed turned on, the IP address of the domain itself was NOT assigned to the SMTP configuration so SmarterMail wasn't actually monitoring the port.
Problem solved - email sends. Fun stuff! Thank you for everyone's responses!
Try setting SMTP mail server IP address in your mail sending code.
SmtpMail.SmtpServer = "your mail server name or IP address goes here";
SmtpMail.Send(Message);
Your can set this property at global level or in any Initialization code.
Reference : https://msdn.microsoft.com/en-us/library/system.web.mail.smtpmail%28v=vs.110%29.aspx
I recently created a FTP Server locally with FileZilla Server. With the admin port 14147 by default. Then with the FileZilla Client I got connected with no problems.
When I try to connect by chrome or ie with
ftp://(ip)
or
ftp://(full machine name)
or
ftp://(user:password)#(machine).
Everything is ok.
My admin interface setting port is 14147.
My listing port by default is 21
No problems at all with Internet browsers even with telnet.
Now I created an application in C# and when I use the Uri class
Uri target = new Uri(strUri);
I got an exception error: Invalid Uri: invalid port specified
I saved the ftp address in a database like this and I tried many variations but nothing happens:
ftp://user:password#FullMachineNameWithDomain
ftp://user:password#FullMachineNameWithDomain:21
ftp://user:password#FullMachineNameWithDomain:14147
What am I doing wrong?
AFAIK Username and password are not supposed to be part of the URL.
You should pass them separately as credentials when you're using something like FtpWebRequest class. E.g.
request.Credentials = new NetworkCredential(username, password);
I know that this question looks like duplicate of dozens other questions while its not.
When ever i try to send an email on my local machine through my web application an SMTPException is thrown and the exceptions is :
//on this line : SmtpServer.Send(mail);
Unable to read data from the transport connection: net_io_connectionclosed.
While the code on production is working perfectly, the same code, the same connections, the same credentials, i'm using IP instead of alias, i tried to turn off the firewall on my local machine, and nothing helped me to fix this issue.
While on my local machine is used to work previously, can anyone give just a hint what could be the problem that raising this issue?
If you are on a residential internet connection, quite often your ISP will block outgoing email sends by blocking all outbound connections to port 25. This is quite common here in the US. Try connecting to a local email server over TCP/IP, or to one on your own internal network.
This thread contains some.
For instance: it looks like assigning a static IP might solve the problem.
What this error means is that System.net.mail was unable to find the
smtp server.
The answer will vary depending on whether you have a fixed IP or a
dynamic IP but, basically, you need to assign a valid IP to your smtp
server.
With fixed IP's this is relatively straightforward. With dynamic IP's
it takes a bit of tweaking.
Open the IIS Manager and check the properties for the smtp server.
In the Default SMTP Virtual Server's properties, in the "Access" tab,
in the Connection Control and Relay dialogs, make sure that your local
IP is assigned. ( In my case, it's 10.0.0.2... )
You may also need to modify your hosts file, to point 127.0.0.1 to
your machine name. ( \WINDOWS\system32\drivers\etc\hosts )
Then, in your code, assign your machine name to the smtp client :
Dim client As New SmtpClient("yourmachinename") client.Send(mail)
Alternatively another guy in the same thread seems to have found a workaround for the SMTP connection not being correctly closed.
Set SmtpClient.ServicePoint.MaxIdleTime = 1 according to a supported
work-around:
http://connect.microsoft.com/VisualStudio/feedback/Workaround.aspx?FeedbackID=146711
which makes all smtp work properly.
Here's a complete sample:
MailMessage msgMail = new MailMessage();
msgMail.To.Add(new MailAddress("info#somedomain.se"));
msgMail.Subject = "Message from web";
msgMail.IsBodyHtml = true;
msgMail.Body = "Test message";
SmtpClient Client = new SmtpClient(); /* uses settings form web.config */
Client.ServicePoint.MaxIdleTime = 1; /* without this the connection is idle too long and not terminated, times out at the server and gives sequencing errors */
Client.Send(msgMail);
msgMail.Dispose();
System.Net.NetworkCredential(user, password); ///Wrong
System.Net.NetworkCredential(email, password); ///right
because some email server is shability
In my case, I had to leave out the Domain property from Network Credentials when setting username and password
The Gmail account you are using has limit for number of emails being sent out per day/month and if you exceed that limit, it will reject any further outgoing emails.
I am able to validate a user against Active Directory using following code and it works fine:
bool authentic = false;
PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain);
// validate the credentials against domain
authentic = pc.ValidateCredentials(userName, password);
However the username and password are being sent to network in plain text. I was told to use ContextOptions.SecureSocketLayer with ValidateCredentials but it throws exception
The server cannot handle directory requests.
Can anyone please help me with this so that I can authenticate with LDAP server in a secure way.
Thanks
I need to know this too. I think (but haven't tested) that ContextOptions.Negotiate will use SSL. You may need to force the port to 636 e.g.
PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain + ":636", ContextOptions.Negotiate);
or
PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain + ":636", ContextOptions.Negotiate | ContextOptions.Signing | ContextOptions.Sealing);
EDIT
I have this working now (as above). The only problem I had was I was trying to connect with IP address. This didn't work but I didn't know why until I looked in windows Event Viewer (on client) and there were errors about the certificate. When I changed to servername that matched the certificate, it worked.
LDAP clients should always use SSL or a non-secure connection promoted to a secure connection with the StartTLS extended operation - modern, professional-quality servers have the capability to reject operations on non-secure connections, though legacy servers often lack this feature. LDAP is encoded, not encrypted, for transmission.
Check with the directory server administrator to ensure that SSL (or StartTLS) is supported by the server, check that the certificates involved are valid. Consider using openssl s_client -connect host:port to validate the connection.