Hi,
I am using PrincipalContext.ValidateCredentials(string, string) to validate user credentials. I am encountering behaviour that I am unable to explain and have, so far, been unable to clarify through usual searches and forum visits. Here is the behaviour, the credentials can be assumed to be correct on each call. The non-SSL behaviour is what I would expect. The SSL behaviour is not as expectedin my understanding of the method.
Not using SSL/TLS
- User is enabled and NOT expired - method returns TRUE
- User is disabled and NOT expired - method returns FALSE
- User is enabled and EXPIRED - method returns FALSE
- User is disabled and EXPIRED - Method returns FALSE
Using SSL/TLS
- User is enabled and NOT expired - method returns TRUE
- User is disabled and NOT expired - method returns FALSE
- User is enabled and EXPIRED - method returns TRUE
- User is disabled and EXPIRED - Method returns FALSE
To summarise - when both machines in the negotiation (app server and domain controller) have the required certs installed, they will use SSL (port 636). In these circumstances the method returns TRUE for Expired accounts but when not using SSL (port 389) (for example the app server does not have the cert installed) the method is returning FALSE for Expired accounts.
I would expect the return value to be the same for expired accounts in both scenarios, but it's possible I'm not considering something.
Thanks
