PrincipalContext not working in 2008 r2 Domain
-
I used to use PrincipalContext for authenticating my users in my 2003 domain network. My users were restricted to log on to specific stations. After moving our servers to 2008 domain, PrincipalContext is not working and needs unrestricted access to all stations in the network. This puts a big risk on my enterprise network since everyone can log on to all stations. I want to know if there is any another way to authenticate users against 2008 domain. P.S. I used DirectoryEntry and it faces the same problem. Thanks
-
I used to use PrincipalContext for authenticating my users in my 2003 domain network. My users were restricted to log on to specific stations. After moving our servers to 2008 domain, PrincipalContext is not working and needs unrestricted access to all stations in the network. This puts a big risk on my enterprise network since everyone can log on to all stations. I want to know if there is any another way to authenticate users against 2008 domain. P.S. I used DirectoryEntry and it faces the same problem. Thanks
I have used the code below with Server 2008 R2 and didn't have any issues. Are you doing it any different?
Dim context As ContextType = ContextType.Domain
Using p As New PrincipalContext(context, domain)
authenticated = p.ValidateCredentials(username, password, ContextOptions.Negotiate)
End Using -
I have used the code below with Server 2008 R2 and didn't have any issues. Are you doing it any different?
Dim context As ContextType = ContextType.Domain
Using p As New PrincipalContext(context, domain)
authenticated = p.ValidateCredentials(username, password, ContextOptions.Negotiate)
End Using -
I do it the same, but when I set LogOn to for my users ,ValidateCredentials returns false. I want to use this method on my web applications but My users must have right to logon to my web server
Is your web server in a DMZ and unable to connect to the Active Directory server? If the web server is not in a restricted portion of your network and has access to the active directory server that method should still work. Have you verified you are passing the correct domain name value? Just thought I'd ask since you moved from 2003 server to 2008R2 server and wasn't sure if domain name changed.
-
Is your web server in a DMZ and unable to connect to the Active Directory server? If the web server is not in a restricted portion of your network and has access to the active directory server that method should still work. Have you verified you are passing the correct domain name value? Just thought I'd ask since you moved from 2003 server to 2008R2 server and wasn't sure if domain name changed.
The domain name is correct. Webserver is not in the DMZ and it is connected to AD. This method does not work if users are restricted to logon to certain stations. Whats more, I used to query users group using DirectoryEntry and since we promoted our domain from 2003 to 2008 r2, only dmain admins can query users group. We have not changed any policy or any setting in the AD.
-
The domain name is correct. Webserver is not in the DMZ and it is connected to AD. This method does not work if users are restricted to logon to certain stations. Whats more, I used to query users group using DirectoryEntry and since we promoted our domain from 2003 to 2008 r2, only dmain admins can query users group. We have not changed any policy or any setting in the AD.
Ok I have a better understanding now. Just out of curiousity, if the user is allowed to logon to the webserver locally does that have any effect on this method working? Or is it failing when any restriction is in place? Just wondering if server 2008 is not allowing the authentication because that web server is not one of the allowed machines for the user to log onto. (sorry I don't have my 2008 R2 setup for testing this right now)
-
Ok I have a better understanding now. Just out of curiousity, if the user is allowed to logon to the webserver locally does that have any effect on this method working? Or is it failing when any restriction is in place? Just wondering if server 2008 is not allowing the authentication because that web server is not one of the allowed machines for the user to log onto. (sorry I don't have my 2008 R2 setup for testing this right now)