对于空白密码，PrincipalContext.ValidateCredentials返回什么？

Question

We have a login box for our app that asks the user to enter their AD credentials. We take those credentials and then call

    using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain, container, ContextOptions.SimpleBind))
    {
        return pc.ValidateCredentials(domain + @"\" + username, password, ContextOptions.SimpleBind);
    }

to validate that they've entered a valid login/password pair. What we found out though, was that the call to ValidateCredentials will return true with a blank password, and we have no idea why. An invalid password returns false, but blank will return true as long as the username is correct.

Answer 1

From MSDN http://msdn.microsoft.com/en-us/library/bb154889.aspx

The ValidateCredentials method binds to the server specified in the constructor. If the username and password parameters are null, the credentials specified in the constructor are validated. If no credential were specified in the constructor, and the username and password parameters are null, this method validates the default credentials for the current principal.

In the PrincipalContext constructor you could specify the credentials you want to check as well.

using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain, 
                       container, ContextOptions.SimpleBind, username, password))
{
    return pc.ValidateCredentials(domain + @"\" + username, password,
                                   ContextOptions.SimpleBind);
}