search

dotnet / dotnet-api-docs

.NET API reference documentation (.NET 5+, .NET Core, .NET Framework)
https://docs.microsoft.com/dotnet/api/
Other
725 stars 1.56k forks source link

Account Management API - ValidateCredentials with default context options #10442

Open alexslav opened 1 month ago

alexslav commented 1 month ago

Type of issue

Other (describe below)

Description

Using ValidateCredentials method without providing context options, it rises an exception: Exception calling "ValidateCredentials" with "2" argument(s): "The server cannot handle directory requests."

Аре the default values of the context options are changed or this is a kind of bug?

Test Snippet:

#Validate a username and password against Active Directory
Add-Type -AssemblyName System.DirectoryServices.AccountManagement

$ContextType = [System.DirectoryServices.AccountManagement.ContextOptions]::Negotiate -bor # Negotiate  1
               [System.DirectoryServices.AccountManagement.ContextOptions]::Signing -bor   # Signing    8
               [System.DirectoryServices.AccountManagement.ContextOptions]::Sealing        # Sealing    16

Write-Output "$($ContextType.ToString())" #Negotiate, Signing, Sealing

[string]$SamAccountName    = $UserCredential.UserName # ADS_NAME_TYPE_NT4
[string]$PlainTextPassword = $UserCredential.GetNetworkCredential().Password

$dsCT = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$dsPC = [System.DirectoryServices.AccountManagement.PrincipalContext]::new($dsCT,$DomainName)

# When the context options are not specified this rises an exception:
# "ValidateCredentials" with "2" argument(s): "The server cannot handle directory requests."
$dsPC.ValidateCredentials($SamAccountName,$PlainTextPassword) 

$dsPC.ValidateCredentials($SamAccountName,$PlainTextPassword,$ContextType) # OK - True
$dsPC.ValidateCredentials($SamAccountName,$PlainTextPassword,[System.DirectoryServices.AccountManagement.ContextOptions]::Negotiate) # OK - True
$dsPC.ValidateCredentials($SamAccountName,$PlainTextPassword,[System.DirectoryServices.AccountManagement.ContextOptions]::Signing)   # OK - True
$dsPC.ValidateCredentials($SamAccountName,$PlainTextPassword,[System.DirectoryServices.AccountManagement.ContextOptions]::Sealing)   # OK - True

Used environment: OS Name Microsoft Windows Server 2019 Standard Version 10.0.17763 Build 17763 .NET Framework Version: 4.8

Page URL

https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices.accountmanagement.contextoptions?view=netframework-4.8

Content source URL

https://github.com/dotnet/dotnet-api-docs/blob/main/xml/System.DirectoryServices.AccountManagement/ContextOptions.xml

Document Version Independent Id

c890e787-0f5d-5f78-b439-843636bc08fb

Article author

@dotnet-bot