• Domain Method
• GetGroup Method
• GetGroups Method
• GetOrganizationalUnits Method
• GetUser Method
• GetUserByGuid Method
• GetUserBySid Method
• GetUsers Method
• TestConnectionString Method
• ValidateCredentials Method

 

ValidateCredentials Method

Syntax

Arguments

userIdCharacter

The user id/name of a user.

passwordCharacter

The password for the userId.

Returns

userLogical

Returns .T. if a user and password are valid. .F. if either are invalid. Check the domain object's CallResult to see if the method succeeds. The CallResult.Code will contain a reason for the invalid credentials if validation fails.

It is best practice to reveal as little as possible to an end user on authentication failure. An attacker knowing a "user doesn't exist" means they will keep on trying until they find a name that doesn't return that error and then they'll know they'll have a valid user name. On the other hand, generic authentication error messages may cause more support calls. Authentication errors should be logged in a secure way so that an authorized person can provide support to the user failing to log in.

WindowsServices::ActiveDirectory::Domain::VALIDATE_CREDENTIALS_USER_DOESNT_EXIST

Value 50004

The user does not exist.

WindowsServices::AcitveDirectory::Domain::VALIDATE_CREDENTIALS_ACCOUNT_LOCKED_OUT

Value 50011

The user is locked out from logging in.

WindowsServices::AcitveDirectory::Domain::VALIDATE_CREDENTIALS_CREDENTIALS_INVALID

Value 50008

The userId or password is invalid.

WindowsServices::AcitveDirectory::Domain::VALIDATE_CREDENTIALS_SYSTEM_ERROR

Value 50012

A system error occurred during credential validation. See the CallResult.Text for a more detailed message.

Description

Validate a user's credentials, userId and password, against and Active Directory domain.

'The follow line assumes that the machine is joined to an Active Directory domain and is allow to query Active Directory.
dim domain as WindowsServices::ActiveDirectory::Domain = new WindowsServices::ActiveDirectory::Domain()
if .not. domain.CallResult.Success then
	?"There was an error connecting to an Active Directory domain: " + domain.CallResult.Text + crlf()
	goto exitTestFunction
end if
	
?"The domain name is " + domain.Name + crlf()

dim userid as c = "JohnDoe"
dim password as c = "secret"

dim loggedIn as label

loggedIn = domain.ValidateCredentials(userid, password)
if .not. domain.CallResult.Success then
	if domain.CallResult.Code = WindowsServices::ActiveDirectory::Domain::VALIDATE_CREDENTIALS_SYSTEM_ERROR then
		?"Validate credentials failed for " + userId + ": " + domain.CallResult.Text + crlf()
	else
		?"Validate credentials failed: " + userId + ": " + domain.CallResult.Code + crlf()
	end if
	goto exitTestFunction
end if

?"The credentials for " + userid + " are valid."
	
exitTestFunction: