Active Directory PrincipalContext.ValidateCredentials domain disambiguation
Solution 1
The ValidateCredentials
works with userPrincipalName
you perhaps can try to build the first parameter (username) combining the login and the domain to create the username [email protected]
versus [email protected]
.
Solution 2
You can always retrieve the full DN of the user who has logged in using
UserPrincipal up = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, userName);
up.UserPrincipalName // shows [email protected]
up.DistinguishedName // shows CN=Surname,OU=group,DC=domain,DC=com
up.SamAccountName // shows login name
Use the up.SamAccountName to subsequent calls to ValidateCredentials including the domain name - you can't have 2 users who log in using the same sAMAccountName after all!
The DistinguishedName will definitely show you which JohnSmith logged in.
Solution 3
Based on JPBlanc's answer, I've re-written my code. I've also added a try/catch in case a bogus domain is passed in.
static public bool CheckCredentials(
string userName, string password, string domain)
{
string userPrincipalName = userName + "@" + domain + ".com";
try
{
using (var context = new PrincipalContext(ContextType.Domain, domain))
{
return context.ValidateCredentials(userPrincipalName, password);
}
}
catch // a bogus domain causes an LDAP error
{
return false;
}
}
Related videos on Youtube
![Garfield](https://i.stack.imgur.com/q23aS.png?s=256&g=1)
Garfield
Updated on June 30, 2022Comments
-
Garfield almost 2 years
I'm dealing with two domains - one is a trusted domain. There may be a JohnSmith on one domain and another JohnSmith on the other. Both of these people need to log into my application.
My problem: it doesn't matter which domain I pass in - this code returns true! How do I know which JohnSmith is logging in?
static public bool CheckCredentials( string userName, string password, string domain) { using (var context = new PrincipalContext(ContextType.Domain, domain)) { return context.ValidateCredentials(userName, password); } }