1

I am using AD authentication in my application:

 bool _isValid;
 using (var pc = new PrincipalContext(ContextType.Domain, DomainPath))
 {
     isValid = pc.ValidateCredentials(username, password, ContextOptions.Negotiate);
 }

Is there any way to find out if I am getting isValid set to false because of an invalid username or an invalid password?

Penman
  • 163
  • 3
  • 14

1 Answers1

0

You can't be sure directly which one is invalid. But you can try to retrieve the user from active directory to determine which one is wrong after false validation like this;

    bool _isValid;
    using (var pc = new PrincipalContext(ContextType.Domain, DomainPath))
    {
        isValid = pc.ValidateCredentials(username, password, ContextOptions.Negotiate);
        if (!isValid)
        {
            var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, username);
            if (user == null)
            {
                //User doesn't exist
            }
            else
            {
                //Password is invalid
            }
        }
    }
lucky
  • 12,734
  • 4
  • 24
  • 46
  • My question does not concern _why_ my username is invalid. I want to know _which_ of them is invalid. I mean, I know it while testing - I want to know if there is any way to find that _by code_. – Penman Nov 23 '17 at 05:57
  • The `user == null` is true for valid username and invalid password. – Penman Nov 24 '17 at 04:05
  • I don't know that what's going on your active directory. But you should try to pull the user from AD to check it. This is the only way that figure out the username or password invalid. – lucky Nov 24 '17 at 04:41