PrincipalContext.ValidateCredentials不会为用户设置lastLogon日期

Question

I'm validating users in an Active Directory store as follows:

// using System.DirectoryServices.AccountManagement;
// located in System.DirectoryServices.AccountManagement.dll

using (var context = new PrincipalContext(ContextType.Domain, server, container, 
    ContextOptions.Negotiate, validateUsername, validatePassword))
{
    var valid = context.ValidateCredentials(validateUsername, validatePassword);
    if (valid)
    {
        Console.WriteLine("SUCCESS!");
        using (var userContext = UserPrincipal.FindByIdentity(context,
               IdentityType.SamAccountName, validateUsername))
        {
            Console.WriteLine("LastLogon = " + userContext.LastLogon);
        }
    }
    else
        Console.WriteLine("FAILED!");
}

The validation is successful, but the lastLogon value is never changed. It's essential that this value is changed when we authenticate a user in code due to other software using this value. I know ActiveDirectoryMembershipProvider authentication changes this property, so I'm wondering if there's a way I can use PrincipalContext (to reuse AD connections) but perform this validation to change the lastLogon value.

Answer 1

Use lastLogonTimestamp . This is the field that gets updated in AD when you're attempting to connect via a PrincipalContext object.