Why is PrincipalContext.ValidateCredentials validating against old credentials?

Question

We have a WCF service that validates the user's credentials against the local windows accounts on the machine, however whenever a new user is created or a password is changed, users cannot login until I restart the entire machine.

What can I do to tell it to check the credentials against the current user settings, and to not use old ones?

using (var pContext = new PrincipalContext(ContextType.Machine))
{ 
    if (pContext.ValidateCredentials(username, password))
    {
        using (var context = new LHREntities(Connections.GetConnectionString()))
        {
            // Do work
        }
    }
}

I am using .Net framework 4.0 and Windows Server 2003. If I run everything in Visual Studio on my machine, everything works fine and credentials are correctly checked against the current settings, however once I deploy this to IIS on our production machine, it appears to validate against cached credentials.

Answer 1

I do not know what the problem is exactly, but I did find the solution that fixes the issue.

The AppPool that was running both the WCF service and the Silverlight application was using NETWORK SERVICE as the login identity. I switched that to an administrative login, and it is now correctly validating the login against the current user accounts, and new users accounts and password changes take effect immediately.

If someone can explain why this is in their own answer, I'd be happy to accept it.

Answer 2

This code started as local system user creates same exception

using (var p = new PrincipalContext(firstUser))
{
    p.ValidateCredentials(secondUser);
}

Msdn says: "The ValidateCredentials method binds to the server specified in the constructor"

I think problem in local system credential. In this case next code works fine:

using (var p = new PrincipalContext(secondUser))
{
    p.ValidateCredentials(null, null);
}

(Sorry for my English)