Active Directory PrincipalContext.ValidateCredentials domain disambiguation

c# active-directory multiple-domains
16,725

Solution 1

The ValidateCredentials works with userPrincipalName you perhaps can try to build the first parameter (username) combining the login and the domain to create the username [email protected] versus [email protected].

Solution 2

You can always retrieve the full DN of the user who has logged in using 

UserPrincipal up = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, userName);
up.UserPrincipalName // shows [email protected]
up.DistinguishedName // shows CN=Surname,OU=group,DC=domain,DC=com
up.SamAccountName    // shows login name

Use the up.SamAccountName to subsequent calls to ValidateCredentials including the domain name - you can't have 2 users who log in using the same sAMAccountName after all!

The DistinguishedName will definitely show you which JohnSmith logged in.

Solution 3

Based on JPBlanc's answer, I've re-written my code. I've also added a try/catch in case a bogus domain is passed in.

    static public bool CheckCredentials(
        string userName, string password, string domain)
    {
        string userPrincipalName = userName + "@" + domain + ".com";

        try
        {
            using (var context = new PrincipalContext(ContextType.Domain, domain))
            {
                return context.ValidateCredentials(userPrincipalName, password);
            }
        }
        catch // a bogus domain causes an LDAP error
        {
            return false;
        }
    }
Share:
16,725

Related videos on Youtube

Garfield
Author by

Garfield

Updated on June 30, 2022

Comments

  • Garfield
    Garfield almost 2 years

    I'm dealing with two domains - one is a trusted domain. There may be a JohnSmith on one domain and another JohnSmith on the other. Both of these people need to log into my application.

    My problem: it doesn't matter which domain I pass in - this code returns true! How do I know which JohnSmith is logging in?

        static public bool CheckCredentials(
        string userName, string password, string domain)
    {
        using (var context = new PrincipalContext(ContextType.Domain, domain))
        {
            return context.ValidateCredentials(userName, password);
        }
    }

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

C# get groups that a user is a member of in Active Directory
How to retrieve DirectoryEntry from a DirectoryEntry and a DN
I want to set "Password Must Change at Next Login" flag
Office 365 REST API calls from a .net console application
Retrieving User Account Expiration from ActiveDirectory
C# / ASP.NET / AD - "The specified directory service attribute or value does not exist."
How to retrieve login name of a user from Active Directory?
Query Active directory to get the email property of a distinguished name directly?
C# PrincipalSearcher, returning AD groups for specific OU
DirectoryEntry to change password: Different behavior between Vista/Server2008