ValidateCredentials Method
Syntax
ValidateCredentials as L (userId as C, password as C)
Arguments
- userIdCharacter
The user id/name of a user.
- passwordCharacter
The password for the userId.
Returns
- userLogical
Returns .T. if a user and password are valid. .F. if either are invalid. Check the domain object's CallResult to see if the method succeeds. The CallResult.Code will contain a reason for the invalid credentials if validation fails.
It is best practice to reveal as little as possible to an end user on authentication failure. An attacker knowing a "user doesn't exist" means they will keep on trying until they find a name that doesn't return that error and then they'll know they'll have a valid user name. On the other hand, generic authentication error messages may cause more support calls. Authentication errors should be logged in a secure way so that an authorized person can provide support to the user failing to log in.
- WindowsServices::ActiveDirectory::Domain::VALIDATE_CREDENTIALS_USER_DOESNT_EXIST
Value 50004
The user does not exist.
- WindowsServices::AcitveDirectory::Domain::VALIDATE_CREDENTIALS_ACCOUNT_LOCKED_OUT
Value 50011
The user is locked out from logging in.
- WindowsServices::AcitveDirectory::Domain::VALIDATE_CREDENTIALS_CREDENTIALS_INVALID
Value 50008
The userId or password is invalid.
- WindowsServices::AcitveDirectory::Domain::VALIDATE_CREDENTIALS_SYSTEM_ERROR
Value 50012
A system error occurred during credential validation. See the CallResult.Text for a more detailed message.
Description
Validate a user's credentials, userId and password, against and Active Directory domain.
'The follow line assumes that the machine is joined to an Active Directory domain and is allow to query Active Directory. dim domain as WindowsServices::ActiveDirectory::Domain = new WindowsServices::ActiveDirectory::Domain() if .not. domain.CallResult.Success then ?"There was an error connecting to an Active Directory domain: " + domain.CallResult.Text + crlf() goto exitTestFunction end if ?"The domain name is " + domain.Name + crlf() dim userid as c = "JohnDoe" dim password as c = "secret" dim loggedIn as label loggedIn = domain.ValidateCredentials(userid, password) if .not. domain.CallResult.Success then if domain.CallResult.Code = WindowsServices::ActiveDirectory::Domain::VALIDATE_CREDENTIALS_SYSTEM_ERROR then ?"Validate credentials failed for " + userId + ": " + domain.CallResult.Text + crlf() else ?"Validate credentials failed: " + userId + ": " + domain.CallResult.Code + crlf() end if goto exitTestFunction end if ?"The credentials for " + userid + " are valid." exitTestFunction: