Credential validation on AD

Question

User-1912981283 posted

Hi,

i have a slight problem with checking if a given username/password is correct.

My current Code is as follows:

IntPtr pPwd = System.Runtime.InteropServices.Marshal.SecureStringToBSTR(pwd);
            
try
{
    using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain))
    {
        auth = pc.ValidateCredentials(Username, System.Runtime.InteropServices.Marshal.PtrToStringBSTR(pPwd));
    }
}
catch (Exception ex)
{
    auth = false;
}

Everything works as expected with one exception.

Let's assume i have the following domainuser:

Username: hans@domain.com

Password: 123

------

If i provide the following Credentials to ValidateCredentials:

Username: häns@domain.com

Password: 345

ValidateCredentials returns false as expected due to the wrong password.

------

But if i provide the following:

Username: häns@domain.com

Password: 123

ValidateCredentials returns true.

--------

Have i made a mistake in the usage of ValidateCredentials?

Thanks in advance.

~Matthias

Answer 1

User1508394307 posted

Hi Matthias, 

Quote:

If your user name in the Active Directory directory service contains one or more characters that have accents or other diacritical marks, you may find that you do not have to use the diacritical mark as you type your user name to log on to Windows. You can log on by using the simple form of the character or characters.

Mehr dazu http://social.technet.microsoft.com/Forums/de-DE/79c40abd-efa7-41ce-af81-80145e74821e/distinguishedname-und-umlaute 

Answer 2

User-1912981283 posted

Danke für die Info, das habe ich in der Tat nicht gefunden .

Kann ich dieses Verhalten innerhalb meiner Anwendung irgendwie verhindern ?

-------

Thanks for the Information, haven't read this so far .

Can i prevent this behaviour from my application?

Answer 3

User1508394307 posted

I don't know if it makes sense as it's a standard behavior. You can try to replace string.replace("ä","a") or use regular expressions to avoid entering umlauts but it probably depends on your requirements.

To remove "diacritics" (ä -> a, etc) try

public static String RemoveDiacritics(String s)
{
  String normalizedString = s.Normalize(NormalizationForm.FormD);
  StringBuilder stringBuilder = new StringBuilder();

  for (int i = 0; i < normalizedString.Length; i++)
  {
    Char c = normalizedString[i];
    if (CharUnicodeInfo.GetUnicodeCategory(c) != UnicodeCategory.NonSpacingMark)
      stringBuilder.Append(c);
  }

  return stringBuilder.ToString();
}

http://weblogs.asp.net/fmarguerie/archive/2006/10/30/removing-diacritics-accents-from-strings.aspx 

To replace ä -> ae, etc use

var map = new Dictionary<char, string>() {
  { 'ä', "ae" },
  { 'ö', "oe" },
  { 'ü', "ue" },
  { 'Ä', "Ae" },
  { 'Ö', "Oe" },
  { 'Ü', "Ue" },
  { 'ß', "ss" }
};

var res = germanText.Aggregate(
              new StringBuilder(),
              (sb,c) =>
              {
                string r;
                if(map.TryGetValue(c, out r))
                  return sb.Append(r);
                else
                  return sb.Append(c);
              }).ToString();

http://stackoverflow.com/questions/1271567/how-do-i-replace-accents-german-in-net 

Gruß