What does PrincipalContext.ValidateCredentials return true for blank passwords?
Question
We have a login box for our app that asks the user to enter their AD credentials. We take those credentials and then call
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain, container, ContextOptions.SimpleBind))
{
return pc.ValidateCredentials(domain + @"\" + username, password, ContextOptions.SimpleBind);
}
to validate that they've entered a valid login/password pair. What we found out though, was that the call to ValidateCredentials will return true with a blank password, and we have no idea why. An invalid password returns false, but blank will return true as long as the username is correct.
1 answers
solution1
4 2013-07-22 19:02:04
From MSDN http://msdn.microsoft.com/en-us/library/bb154889.aspx
The ValidateCredentials method binds to the server specified in the constructor. If the username and password parameters are null, the credentials specified in the constructor are validated. If no credential were specified in the constructor, and the username and password parameters are null, this method validates the default credentials for the current principal.
In the PrincipalContext constructor you could specify the credentials you want to check as well.
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain,
container, ContextOptions.SimpleBind, username, password))
{
return pc.ValidateCredentials(domain + @"\" + username, password,
ContextOptions.SimpleBind);
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.