Method returning 'true' when it should be returning 'false'

Question

I'm working with the Active Directory DirectoryServices.AccountManagement API, and am attempting to connect to the server using the following code:

PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, (server + ":" + port), loginUsername, loginPassword);

The first thing I would like to do is check that the loginUsername and loginPassword are valid and have enough permissions in the Active Directory instance. To achieve this, I call the following:

bool x = principalContext.ValidateCredentials(null, null);

According to the documentation , this validates the credentials specified in the constructor since null is passed. In the debugger, the following errors are thrown, indicating that the credentials are false:

However, the actual result to the ValidateCredentials check is strangely enough returning true and the code thus continues to execute.

How can this be solved?

EDIT:

Here is another screenshot elaborating on the errors. As shown in the screenshot, I am calling the ValidateCredentials method, and passing null values for the username and password, which according to the documentation will attempt to validate the credentials passed in the PrincipalContext class' constructor.

The screenshot also shows how the username and passwords passed are both "test", which are invalid and do not exist in the Active Directory. The method is returning true, even though there are a number of errors displayed.

Answer 1

You simply need to stop looking up null values...

if (string.IsNullOrEmpty(password) || string.IsNullOrEmpty(username)) return false;

I ran some tests

    using (var pc = new PrincipalContext(ContextType.Domain, "mydomain.lan")){

    var isOk1 = pc.ValidateCredentials(null,null); //Always true
    var isOk2 = pc.ValidateCredentials("notexists","wrong"); //false
    var isOk2 = pc.ValidateCredentials("existing","correct"); //true
    }

and

    using (var pc = new PrincipalContext(ContextType.Domain, "mydomain.lan", "notright","wrong")){
        var isOk1 = pc.ValidateCredentials(null,null); //Always true
        var isOk2 = pc.ValidateCredentials("notexists","wrong"); //false
        var isOk2 = pc.ValidateCredentials("existing","correct"); //true
}

So the ValidateCredentials does not really need a user in the context... If you provide a false one a following lookup for say, users groups, will fail however

Yes, documentation reads:

The ValidateCredentials method binds to the server specified in the constructor. If the username and password parameters are null, the credentials specified in the constructor are validated. If no credential were specified in the constructor, and the username and password parameters are null, this method validates the default credentials for the current principal.
( http://msdn.microsoft.com/en-us/library/bb154889%28v=vs.100%29.aspx )

But I can't verify, that the creds in the constructor is in play

EDIT: You have already accepted, but maybe you can use this method for your problem?

 using (var pc = new PrincipalContext(ContextType.Domain, "domain.lan", username, password))
            {
                if (pc.ValidateCredentials(username, password))
                {
                    try
                    {
                        using (var searcher = new PrincipalSearcher(new UserPrincipal(pc)))
                        {
                            searcher.QueryFilter.SamAccountName = username;
                            Principal u = searcher.FindOne();
                        }
                    }
                    catch (Exception)
                    {
                        return "no rights to work on ad";
                    }
                }
                else
                {
                    return "user cannot login";
                }
            }