C# LdapConnection Authentication Issue

Question

We use code similar to the following to setup a secure connection to an LDAP directory:

using (LdapConnection con = new LdapConnection(new LdapDirectoryIdentifier(ConfigReader.ADServer, 636)))
{
    con.SessionOptions.SecureSocketLayer = true;
    con.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(ServerCallback);
    con.Credential = new NetworkCredential(UserDN, UserPwd);
    con.AuthType = AuthType.Basic;
    con.Bind();
}

During testing, we noticed the following expected behavior:

• Valid UserDN and valid UserPwd results in successful Bind()
• Invalid UserDN with a valid UserPwd results in Bind() error (The supplied credential is invalid.)
• Invalid UserDN with a Invalid (non-blank) UserPwd results in Bind() error (The supplied credential is invalid.)

Unfortunately, we also noticed the following unexpected behavior:

• Valid UserDN and blank UserPwd results in successful Bind()
• Invalid UserDN and blank UserPwd results in successful Bind()

Please advise why the LDAP connection is successful with a blank password.
Thanks,

Answer 1

It seems like the connection is bound but is not authenticated till a actual request is sent.

Consider the following to send the request after binding the connection...

 using (LdapConnection con = new LdapConnection(new LdapDirectoryIdentifier(ConfigReader.ADServer, 636)))
{
    con.SessionOptions.SecureSocketLayer = true;
    con.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(ServerCallback);
    con.Credential = new NetworkCredential(UserDN, UserPwd);
    con.AuthType = AuthType.Basic;
    con.Bind();
    **con.SendRequest(new SearchRequest(targetLocation, "(objectClass=*)", System.DirectoryServices.Protocols.SearchScope.Subtree, null));**
}