 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / January 2008Trouble with PrincipalContext.ValidateCredentials on XP
I created a small program that should be able to validate a user's credentials with the new 3.5 framework. It seems to work on my laptop that is joined to a domain, but does not work on my desktop at home that is in a workgroup. Does anyone know if that is a limitation? Is there something I am doing wrong? Thanks Here's the code: using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.DirectoryServices.AccountManagement; namespace TryAccount { class Program { static PrincipalContext m_principalContext; static UserPrincipal m_userPrincipal; public static bool AuthenticateUser(string username, string password) { bool isAuthentic = false; try { if (username.Contains("\\") || username.Contains("@")) //Assuming domain\user for AD, TODO: add support for user@domain format { //string[] holdName = username.Split(new char[] { '\\' }); m_principalContext = new PrincipalContext(ContextType.Domain); isAuthentic = m_principalContext.ValidateCredentials(username, password, ContextOptions.Negotiate); } else { m_principalContext = new PrincipalContext(ContextType.Machine); isAuthentic = m_principalContext.ValidateCredentials(username, password, ContextOptions.Negotiate); } if (isAuthentic) { m_userPrincipal = UserPrincipal.FindByIdentity(m_principalContext, username); Console.WriteLine("User " + m_userPrincipal.Name + " gave a valid password.\n"); Console.WriteLine("Last logged on " + m_userPrincipal.LastLogon + "\n"); Console.WriteLine("Last bad password given " + m_userPrincipal.LastBadPasswordAttempt + "\n"); } return isAuthentic; } catch (Exception ex) { Console.WriteLine(ex.ToString() + "\n"); return isAuthentic; } } static void Main(string[] args) { string user = ""; string pass = ""; bool good = false; while (true) { Console.WriteLine("Please enter a username:"); user = Console.ReadLine(); Console.WriteLine("Please enter " + user + "'s password:"); pass = Console.ReadLine(); good = Program.AuthenticateUser(user, pass); Console.ReadLine(); } } } } You can't use the PrincipalContext constructor that takes only one parameter to access a domain when your machine has no way to know what domain you mean. A workgroup computer is not domain joined, so it has no natural domain affinity. At the very least, you need to use the two parameter constructor and supply the DNS domain name of your AD domain. You may need to supply an explicit domain controller name, depending on how DC locator works in the network environment of your workgroup machine. Also, if you plan to use this function in a web app for authenticating multiple people, you should consider making the PrincipalContext static and creating some type of singleton pattern to initialize it as that is how this new feature actually provides improved scalability. If this is just intended to authenticate a single user, then it doesn't really matter too much. HTH, Joe K.  SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- >I created a small program that should be able to validate a user's > credentials with the new 3.5 framework. It seems to work on my laptop [quoted text clipped - 82 lines] > } > } On Jan 15, 5:57 pm, "Joe Kaplan" <joseph.e.kap...@removethis.accenture.com> wrote: > You can't use the PrincipalContext constructor that takes only one parameter > to access a domain when your machine has no way to know what domain you [quoted text clipped - 107 lines] > > } > > } First off, thanks for the advice about making it some type of a singleton pattern. I'll have to do some different design. I changed it up to include two arguments as follows: m_principalContext = new PrincipalContext(ContextType.Machine, Environment.MachineName); Still, when I try to validate the local user's credentials, they validate every time. It doesn't matter if it is a valid password or not. It aslo doesn't matter if the user is an actual user on the local machine or not. No matter what I type in, ValidateCredentials returns true. Is this a bug? Is this not intended for the local machine? Thanks again for your time. I have no idea why the local machine stuff is behaving that way. I haven't really messed with it. What you are reporting definitely sounds like a bug. I will say that the sweet spot for this feature is authentication against AD and ADAM, not local machine, but it should at least work. I'll see if I can find some more info on what might be going on. Joe K. SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > > First off, thanks for the advice about making it some type of a [quoted text clipped - 8 lines] > returns true. Is this a bug? Is this not intended for the local > machine? Thanks again for your time. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.