Last post Aug 29, 2012 03:58 PM by RichardD
Aug 15, 2012 07:12 AM|coolblue|LINK
I have the following code to authenticate users in my system
PrincipalContext pc = new PrincipalContext(ContextType.Domain);
userIsValid = pc.ValidateCredentials("uk\\" + txtUsername.Text, txtPassword.Text);
This has been working fine for 6 months yet the other day it suddenly stopped working. Now no matter what username and password I use it returns false... I know it was working a few days ago as there are entries in the systems database created by users.
Then seemingly over the weekend it all stopped working as on the Monday I was getting calls to tell me that no one could log in. I stepped through the code and ValidateCredentials does indeed return false for every user.
Does anyone know what could cause this or at least where I need to start looking?
The infrastructure team claim that nothing has changed with the AD servers or the web servers and certainly the code has not been altered so we are at a loss as to why it should suddenly stop working.
Aug 16, 2012 05:36 AM|coolblue|LINK
I have had a play around as we still have no idea why this code has stopped working. As far as anyone knows no service packs have been installed, no changes have been made to any servers and there is sertainly no way the code changed.
I have found that if I add the parameter ContextOptions.SimpleBind to the AD call it validates my credentials!
pc.ValidateCredentials("uk\\" + txtUsername.Text, txtPassword.Text,ContextOptions.SimpleBind);
However does using SimpleBind have any drawbacks? Also why would this work when my old code stopped working?
Aug 21, 2012 07:07 AM|coolblue|LINK
The infrastructure team at our company has told me that as far as they know nothing has been changed on the servers, ie no service packs and no windows updates etc and no setting have been changed either. So I am now at a total loss as to why this has happened....
We are now stuck with a system that does not work.
My only option seems to change the code to use SimpleBind. Is this safe?
Aug 29, 2012 03:58 PM|RichardD|LINK
If you don't specify the ContextOptions, the default should be either "ContextOptions.SimpleBind | ContextOptions.SecureSocketLayer" or "ContextOptions.Negotiate | ContextOptions.Signing | ContextOptions.Sealing". Since the code works with just "ContextOptions.SimpleBind",
it sounds like a problem with your Kerberos infrastructure.
Probably the first thing to check would be that the date and time on the AD server(s) and the application server are the same. Beyond that, check the security event logs on the servers for Kerberos related events.