Reputation: 3130
PrincipalContext::ValidateCredentials throws LdapException with invalid password
I have a windows application, which is trying to validate a user / password on Active Directory with the following code.
PrincipalContext^ pc = gcnew PrincipalContext(ContextType::Domain);
// validate the credentials
bool isValid = pc->ValidateCredentials(userName, password);
if(!isValid)
{
throw gcnew SecurityTokenValidationException("Invalid user ID / password");
}
UserPrincipal^ upUser = UserPrincipal::FindByIdentity(pc, userName);
if(upUser && !upUser->IsMemberOf(pc, IdentityType::SamAccountName, ADGroup))
{
String^ msg = "User " + userName + " is not a member of the " + ADGroup + " group.";
throw gcnew SecurityTokenValidationException(msg);
}
When running this code under a Visual Studio 2008 / .NET 3.5 / 32 bit build, if I give a valid user but invalid passwordd, ValidateCredentials() returns false.
Using a Visual Studio 2013 / .NET 4.0 / 64 bit build, the exact same code throws an LdapException:
System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
at System.DirectoryServices.Protocols.LdapConnection.Connect()
at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
at System.DirectoryServices.AccountManagement.CredentialValidator.lockedLdapBind(LdapConnection current, NetworkCredential creds, ContextOptions contextOptions)
at System.DirectoryServices.AccountManagement.CredentialValidator.BindLdap(NetworkCredential creds, ContextOptions contextOptions)
at System.DirectoryServices.AccountManagement.CredentialValidator.Validate(String userName, String password)
at System.DirectoryServices.AccountManagement.PrincipalContext.ValidateCredentials(String userName, String password)
at soapcon.ADUserNameValidator.Validate(String userName, String password)
If I disconnect my PC from the network, I get a PrincipalServerDownException exception, so I'm pretty sure that I am actually talking to our AD server.
Is this a problem with my code, an issue with .NET or possibly due to our exceedingly old Active Directory Service setup (Windows 2000)?
Upvotes: 0
Views: 1041
Answers (1)
Reputation: 3541
I wonder if different frameworks would use different default authentication options, could you try the .ValidateCredentials (String, String, ContextOptions) overload in both cases?
As per comment, try this ContextOptions flags in the overload:
ContextOptions::Negotiate | ContextOptions::Signing | ContextOptions::Sealing
Upvotes: 1
Related Questions
- Windows Service LdapException: The LDAP server is unavailable
- The user name or password is incorrect-8009030C: LdapErr: DSID-0C090579, comment: AcceptSecurityContext error, data 52e, v3839
- C# Active Directory PrincipalContext / UserPrincipal.IsMemberOf error
- PrincipalContext.ValidateCredentials fails for some users?
- PrincipalContext.ValidateCredentials fails with "The server cannot handle directory requests."
- The LDAP Server is Unavailable using PrincipalContext and ADLDS
- PrincipalContext.ValidateCredentials always returns FALSE
- .NET Active Directory PrincipalContext setup
- Consistently receive PrincipalServerDownException when calling ValidateCredentials() method
- Keep getting exceptions using PrincipalContext from the System.DirectoryServices.AccountManagement assembly