I've found a problem when using the ValidateCredentials method of PrincipalContext. We can successfully validate locally or against a domain controller but ONLY when we have an active network connection. Clearly this is a requirement for domain authentication but shouldn't be required for a local check. This appears to be a requirement for ValidateCredentials even though the network is not used for a local check. The code we are using is:
try
{
var context = domain == Environment.MachineName ? new PrincipalContext(ContextType.Machine) : new PrincipalContext(ContextType.Domain, domain);
var witnessGroup = WitnessAdminGroup(context, createGroup);
if (witnessGroup != null)
if (context.ValidateCredentials(userName, password))
{
var user = UserPrincipal.FindByIdentity(context, userName);
if (user.IsMemberOf(witnessGroup))
//Successful logon
return;
e.Result = new Exception("User is not a Witness Administrator.");
}
else
e.Result = new Exception("User name or password is incorrect");
else
e.Result = new ObjectNotFoundException(String.Format("The \"{0}\" group does not exists.", App.WitnessGroupName));
}
catch (Exception ex)
{
e.Result = ex;
}
The idea is that the authentication process can check for a given user in a domain group (if the workstation is a domain member) or locally if it's stand alone. This code works very well although only when we have a live network socket (i.e. cable in a LAN socket or a wireless connection). The exception raised occurs during the ValidateCredentials call, the message is "network path not found".
Any ideas how we can get the local authentication to work on a PC which is offline? Do we need to use the DirectoryEntry class instead?