I am trying to authenticate a local user based on the username and password provided. I came across this thread: Validate a username and password against Active Directory?
Here is how I validate the user:
PrincipalContext pc = new PrincipalContext(ContextType.Machine);
bool isValid = pc.ValidateCredentials(user, pass);
It works as long as I am on a network, but if I disconnect my computer it gives me:
The network path was not found.
All I am trying to do is validate on the local machine which may or may not be a part of a network.
EDIT: UserPrincipal.FindByIdentity seems to still work with no AD, it's the pc.ValidateCredentials that is giving me trouble.
If you want to grant a user account the ability to log on locally to a domain controller, you must make that user a member of a group that already has the Allowed logon locally system right or grant the right to that user account.
The Authenticated Users group includes all users whose identities were authenticated when they logged on. This includes local user accounts as well as all domain user accounts from trusted domains.
You should probably look into this link: How to validate domain credentials?
It seems that using the LogonUser Win32 API function is the only option if you have to be able to accomplish your validation even when AD is not online. However, not without serious drawbacks (as indicated in the thread). You need to pimp the account executing your app with a lot of privileges.
As you've noted, the System.DirectoryServices
namespace is not very useful in a disconnected context -- you need to talk to the LSA, not its Active Directory parent.
I don't know of an official .Net API that corresponds to advapi32.LogonUser
, but you can call it to validate against a locally cached logon. If the machine has network access but can't see a domain controller, though, it may take a while to return.
The function has a declaration on pinvoke.net
if you want to call it via P/Invoke. (I haven't reviewed it, though; I've found that the quality of signatures on pinvoke.net
varies wildly.)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With