AntiLdapInjection 1.1.4

.NET Standard 1.6
Install-Package AntiLdapInjection -Version 1.1.4
dotnet add package AntiLdapInjection --version 1.1.4
<PackageReference Include="AntiLdapInjection" Version="1.1.4" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add AntiLdapInjection --version 1.1.4
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: AntiLdapInjection, 1.1.4"
#r directive can be used in F# Interactive, C# scripting and .NET Interactive. Copy this into the interactive tool or source code of the script to reference the package.
// Install AntiLdapInjection as a Cake Addin
#addin nuget:?package=AntiLdapInjection&version=1.1.4

// Install AntiLdapInjection as a Cake Tool
#tool nuget:?package=AntiLdapInjection&version=1.1.4
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Anti-LDAP Injection

NuGet package CI build status CD release status CodeQL Analysis Total alerts

A .NET library that provides protections against LDAP Injection.

Most of the of the code was extracted from Microsoft's AntiXss library LDAP Encoder, which is no longer maintained.

Installation

The latest AntiLdapInjection package is available for installation on NuGet.

Using dotnet CLI

dotnet add package AntiLdapInjection

Using NuGet Package Manager

Install-Package AntiLdapInjection

See NuGet page for additional installation options.

Usage

FilterEncode

FilterEncode encodes input according to RFC 4515, where unsafe values are converted to \XX (XX is the representation of the unsafe character).

LdapEncoder.FilterEncode(string filterToEncode)
FilterEncode encoding chart
Character Encoded
( \28
) \29
\ \5c
* \2a
/ \2f
NUL \0
FilterEncode examples
Opening and closing parenthesis
string filter = "Parens R Us (for all your parenthetical needs)";
string encoded = LdapEncoder.FilterEncode(filter);

Console.WriteLine(encoded); // "Parens R Us \28for all your parenthetical needs\29"
Asterisk in search filter
string filter = "*";
string encoded = LdapEncoder.FilterEncode(filter);

Console.WriteLine(encoded); // "\2A"
Backslash in search filter
string filter = @"C:\MyFile";
string encoded = LdapEncoder.FilterEncode(filter);

Console.WriteLine(encoded); // "C:\5CMyFile"
Accents in search filter
string filter = "Lučić";
string encoded = LdapEncoder.FilterEncode(filter);

Console.WriteLine(encoded); // "Lu\C4\8Di\C4\87"

DistinguishedNameEncode

DistinguishedNameEncode encodes input according to RFC 2253, where unsafe characters are converted to #XX where XX is the representation of the unsafe character and the comma, plus, quote, slash, less than and great than signs are escaped using slash notation (\X). In addition to this, a space or octothorpe (#) at the beginning of the input string is escaped (\), as is a space at the end of a string.

LdapEncoder.DistinguishedNameEncode(string distinguishedNameToEncode)

You have the option to turn off initial or final character escaping rules. For example, if you are concatenating a escaped distinguished name fragment into the midst of a complete distinguished name.

LdapEncoder.DistinguishedNameEncode(
    string distinguishedNameToEncode,
    bool useInitialCharacterRules,
    bool useFinalCharacterRule
)
DistinguishedNameEncode encoding chart
Character Encoded
& \&
! \!
\| \\|
= \=
< \<
> \>
, \,
+ \+
- \-
" \"
' \'
; \;
DistinguishedNameEncode examples
Distinguished name slash notation
string dn = @", + \ "" \ < >";
string encoded = LdapEncoder.DistinguishedNameEncode(dn);

Console.WriteLine(encoded); // "\, \+ \" \\ \< \>"
Leading space in distinguished name
string dn = " Hello";
string encoded = LdapEncoder.DistinguishedNameEncode(dn);

Console.WriteLine(encoded); // "\ Hello"
Trailing space in distinguished name
string dn = "Hello ";
string encoded = LdapEncoder.DistinguishedNameEncode(dn);

Console.WriteLine(encoded); // "Hello\ "
Octothorpe character in distinguished name
string dn = "#Hello";
string encoded = LdapEncoder.DistinguishedNameEncode(dn);

Console.WriteLine(encoded); // "\#Hello"
Accents in distinguished name
string dn = "Lučić";
string encoded = LdapEncoder.DistinguishedNameEncode(dn);

Console.WriteLine(encoded); // "Lu#C4#8Di#C4#87"

LDAP injection resources

Similar libraries

Similar libraries providing protections against LDAP injection, not necessarily in .NET.

Node.js

ldap-escape

ldap-escape is an npm package that provides template literal tag functions for LDAP filters and distinguished names to prevent LDAP injection attacks.

Other noteworthy .NET LDAP-related libraries

  • LdapForNet: Cross platform port of OpenLdap Client library and Windows LDAP to .NET Core
  • Linq2Ldap: Wrapper around System.DirectoryServices using LINQ Expressions as LDAP filters
Product Versions
.NET net5.0 net5.0-windows net6.0 net6.0-android net6.0-ios net6.0-maccatalyst net6.0-macos net6.0-tvos net6.0-windows
.NET Core netcoreapp1.0 netcoreapp1.1 netcoreapp2.0 netcoreapp2.1 netcoreapp2.2 netcoreapp3.0 netcoreapp3.1
.NET Standard netstandard1.6 netstandard2.0 netstandard2.1
.NET Framework net461 net462 net463 net47 net471 net472 net48
MonoAndroid monoandroid
MonoMac monomac
MonoTouch monotouch
Tizen tizen30 tizen40 tizen60
Xamarin.iOS xamarinios
Xamarin.Mac xamarinmac
Xamarin.TVOS xamarintvos
Xamarin.WatchOS xamarinwatchos
Compatible target framework(s)
Additional computed target framework(s)
Learn more about Target Frameworks and .NET Standard.
  • .NETStandard 1.6

  • .NETStandard 2.0

    • No dependencies.
  • .NETStandard 2.1

    • No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.1.4 81 5/20/2022
1.1.3 52 5/20/2022
1.1.2 68 5/18/2022
1.1.1 59 5/18/2022
1.1.0 139 1/6/2022
1.0.9 1,778 6/13/2021
1.0.8 173 2/26/2021
1.0.7 342 2/8/2021
1.0.6 179 2/5/2021
1.0.5 174 2/5/2021
1.0.4 177 2/5/2021
1.0.3 165 2/4/2021
1.0.2 158 2/3/2021
1.0.1 163 2/3/2021
1.0.0 167 2/3/2021
1.0.0-pre 154 2/1/2021