LdapDirectoryAccountStore Class

 

Specifies properties about connecting to, authenticating users against, and generating claims from an LDAP-based account store. As a top level member of the TrustPolicy’s TrustedAccountStores collection, it represents an ADAM account store. As a property of an ActiveDirectoryAccountStore object it specifies LDAP-related configuration for Active Directory.

Namespace:   System.Web.Security.SingleSignOn
Assembly:  System.Web.Security.SingleSignOn (in System.Web.Security.SingleSignOn.dll)


[ComVisibleAttribute(true)]
public sealed class LdapDirectoryAccountStore : AccountStore

NameDescription
System_CAPS_pubmethodLdapDirectoryAccountStore()

Initializes a new instance of the LdapDirectoryAccountStore class.

NameDescription
System_CAPS_pubpropertyDisabled

Gets or sets whether the trust with this realm is currently active. If this is set, no tokens will be accepted from this partner.(Inherited from TrustPolicyEntryBase.)

System_CAPS_pubpropertyLdapBaseDN

Gets or set the distinguished name for the base object from which searches for user objects are conducted. Searches will include all subtrees of the base object.

System_CAPS_pubpropertyLdapBindObjectDN

Gets or sets the distinguished name of an object to which to bind in order to validate user credentials. This property must be null for Active Directory.

System_CAPS_pubpropertyLdapClaimGeneration

Gets or sets a LdapClaimGeneration object, which specifies how to generate claims from user object attributes.

System_CAPS_pubpropertyLdapPort

Gets or sets the port number to use for LDAP network requests. Defaults to 389. This property must be null for Active Directory.

System_CAPS_pubpropertyLdapServerName

Gets or sets the host name to use for LDAP network requests. This property must be null for Active Directory.

System_CAPS_pubpropertyLdapUsernameAttrib

Gets or sets the name of the LDAP attribute which contains the user name of authenticating users.

System_CAPS_pubpropertyTrustEntryDisplayName

Gets or sets the display name for this TrustPolicyEntry.(Inherited from TrustPolicyEntry.)

System_CAPS_pubpropertyTrustPolicyEntryUri

Gets or sets the Uri for this TrustPolicyEntry.(Inherited from TrustPolicyEntry.)

System_CAPS_pubpropertyUseSsl

Sets or gets a Boolean that indicates whether to use a Secure Sockets Layer (SSL) connection. true indicates that SSL will be used, false indicates SSL will not be used.

System_CAPS_pubpropertyuuid

Gets or sets the universal unique identifier (UUID) for this TrustPolicyEntryBase object.(Inherited from TrustPolicyEntryBase.)

NameDescription
System_CAPS_pubmethodEquals(Object)

(Inherited from Object.)

System_CAPS_pubmethodGetHashCode()

(Inherited from Object.)

System_CAPS_pubmethodGetType()

(Inherited from Object.)

System_CAPS_pubmethodToString()

(Inherited from Object.)

The LdapDirectoryAccountStore class is part of the Federation Service’s trust policy configuration.

To authenticate username/password credentials to an ADAM account store, this sequence of events is followed:

  1. The Federation Service establishes an authenticated connection by doing a secure bind to the distinguished name specified by the LdapBaseDN property using the default credentials for the Federation Service application pool.

  2. Using the authenticated connection, the Federation Service finds a user object for the authenticating user by performing a subtree search for an object whose username attribute, specified by the LdapUsernameAttrib property, matches the username in the credentials.

  3. The Federation Service attempts a simple bind with the DN found in step 2 and the password in the credentials to the DN specified by the LdapBindObjectDN property, if specified, or else the LdapBaseDN property.

  4. If step 3 succeeds, the user is authenticated, and attributes are extracted per the LdapClaimGeneration object from the user account found in step 2.

The following properties must be null when the LdapDirectoryAccountStore is part of an ActiveDirectoryAccountStore:

These properties are optional for Active Directory:

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top

Community Additions

ADD
Show: