I'm replacing the LDAP for Active Directory - AD and I'm having difficulty in authentication. In LDAP, the password is passed as an MD5 hash. In AD, I have not found anything like this. I'm trying to use SASL with DIGEST-MD5, but Bind is only being possible when the password is passed in plaintext format. I would like to know if is possible to keep passing the password in the MD5 Hash format. If so, how is this done? Below is the code in C#.
The doubt is in line 5: it is possible to pass the string (secureString) into MD5 hash?
1. LdapDirectoryIdentifier identifier = new LdapDirectoryIdentifier("MYSERVER", 636, false, false);
2. LdapConnection ldapConnection = new LdapConnection(identifier);
3. SecureString secureString = new SecureString();
4. "userPassword".ToCharArray().ToList().ForEach(p => secureString.AppendChar(p));
5. var networkCredential = new NetworkCredential("username", secureString, "realm");
6. ldapConnection.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(ServerCallBack);
7. ldapConnection.SessionOptions.SecureSocketLayer = true;
8. ldapConnection.AuthType = AuthType.Digest;
9. ldapConnection.Bind(networkCredential);
No you definitely cannot pass an MD5 hash based of the password to create a new
NetworkCredential. That would defeat the point of a hash. You can pass the plain text password or aSecureStringcontaining the password only.