locked
Credential validation on AD RRS feed

  • Question

  • User-1912981283 posted

    Hi,

    i have a slight problem with checking if a given username/password is correct.

    My current Code is as follows:

    IntPtr pPwd = System.Runtime.InteropServices.Marshal.SecureStringToBSTR(pwd);
                
    try
    {
        using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain))
        {
            auth = pc.ValidateCredentials(Username, System.Runtime.InteropServices.Marshal.PtrToStringBSTR(pPwd));
        }
    }
    catch (Exception ex)
    {
        auth = false;
    }

    Everything works as expected with one exception.

    Let's assume i have the following domainuser:

    Username: hans@domain.com

    Password: 123

    ------

    If i provide the following Credentials to ValidateCredentials:

    Username: häns@domain.com

    Password: 345

    ValidateCredentials returns false as expected due to the wrong password.

    ------

    But if i provide the following:

    Username: häns@domain.com

    Password: 123

    ValidateCredentials returns true.

    --------

    Have i made a mistake in the usage of ValidateCredentials?

    Thanks in advance.

    ~Matthias

    Thursday, May 8, 2014 6:21 AM

Answers

All replies

  • User1508394307 posted

    Hi Matthias, 

    Quote:

    If your user name in the Active Directory directory service contains one or more characters that have accents or other diacritical marks, you may find that you do not have to use the diacritical mark as you type your user name to log on to Windows. You can log on by using the simple form of the character or characters.

    Mehr dazu http://social.technet.microsoft.com/Forums/de-DE/79c40abd-efa7-41ce-af81-80145e74821e/distinguishedname-und-umlaute 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, May 8, 2014 6:40 AM
  • User-1912981283 posted

    Danke für die Info, das habe ich in der Tat nicht gefunden Embarassed.

    Kann ich dieses Verhalten innerhalb meiner Anwendung irgendwie verhindern ?

    -------

    Thanks for the Information, haven't read this so far Embarassed.

    Can i prevent this behaviour from my application?

    Thursday, May 8, 2014 6:50 AM
  • User1508394307 posted

    I don't know if it makes sense as it's a standard behavior. You can try to replace string.replace("ä","a") or use regular expressions to avoid entering umlauts but it probably depends on your requirements.

    To remove "diacritics" (ä -> a, etc) try

    public static String RemoveDiacritics(String s)
    {
      String normalizedString = s.Normalize(NormalizationForm.FormD);
      StringBuilder stringBuilder = new StringBuilder();
    
      for (int i = 0; i < normalizedString.Length; i++)
      {
        Char c = normalizedString[i];
        if (CharUnicodeInfo.GetUnicodeCategory(c) != UnicodeCategory.NonSpacingMark)
          stringBuilder.Append(c);
      }
    
      return stringBuilder.ToString();
    }

    http://weblogs.asp.net/fmarguerie/archive/2006/10/30/removing-diacritics-accents-from-strings.aspx 

    To replace ä -> ae, etc use

    var map = new Dictionary<char, string>() {
      { 'ä', "ae" },
      { 'ö', "oe" },
      { 'ü', "ue" },
      { 'Ä', "Ae" },
      { 'Ö', "Oe" },
      { 'Ü', "Ue" },
      { 'ß', "ss" }
    };
    
    var res = germanText.Aggregate(
                  new StringBuilder(),
                  (sb,c) =>
                  {
                    string r;
                    if(map.TryGetValue(c, out r))
                      return sb.Append(r);
                    else
                      return sb.Append(c);
                  }).ToString();

    http://stackoverflow.com/questions/1271567/how-do-i-replace-accents-german-in-net 

    Gruß

    Thursday, May 8, 2014 7:42 AM