Verifies that the specified user name and password exist in the Active Directory data store.
Syntax
Parameters
- username
- password
Returns
true if the specified username and password are valid; otherwise, false. If the user specified does not exist in the Active Directory data store, the ActiveDirectoryMembershipProvider.ValidateUser(string, string) method returns false.
Remarks
This method is called by the System.Web.Security.Membership class to validate user credentials against the Active Directory data store.
If the ActiveDirectoryMembershipProvider.EnablePasswordReset property is true and the supplied credentials are valid, the user's tracking counters for bad password answers are reset.
The ActiveDirectoryMembershipProvider.ValidateUser(string, string) method may return false when the correct credentials are supplied, under the following circumstances:
[The 'ordered' type of list has not been implemented in the ECMA stylesheet.]When validating a user, the provider validates the credentials by connecting to the Active Directory data store using the specified user name and password, not the credentials configured in the application configuration file.
However, the System.Web.Security.ActiveDirectoryMembershipProvider instance will connect to the directory using the configured credentials for the following reasons.
To confirm that a user exists within the search scope as determined by the System.Web.Security.ActiveDirectoryMembershipProvider instance's connection string. The provider uses a subtree search starting at the search point specified in the connection string to determine whether a user exists. The user must exist in the specified container. Credentials that are valid outside the connection string's specified container will not be validated. See the System.Web.Security.ActiveDirectoryMembershipProvider class topic for more information about connection strings.
If the ActiveDirectoryMembershipProvider.EnablePasswordReset property is true, the System.Web.Security.ActiveDirectoryMembershipProvider instance will use the configured credentials to load the user instance to check whether the user has been locked out because he or she has made too many failed attempts to change the password answer.
Connecting to an Active Directory domain controller with the "Guest" account enabled is a potential security threat. All validation attempts made on an Active Directory domain controller with the "Guest" account enabled will succeed. To improve security when using an Active Directory domain controller, you should disable the "Guest" account on the domain controller.
The System.Web.Security.ActiveDirectoryMembershipProvider instance will attempt a concurrent bind against Active Directory when one of the following conditions is met:
The ActiveDirectoryMembershipProvider.CurrentConnectionProtection property is set to ActiveDirectoryConnectionProtection.None.
The ActiveDirectoryMembershipProvider.CurrentConnectionProtection property is set to ActiveDirectoryConnectionProtection.SignAndSeal and SSL is chosen by the System.Web.Security.ActiveDirectoryMembershipProvider instance to secure the connection.
In addition, for a concurrent bind to be made, the following conditions must be true:
The directory server must be running on Windows Server 2003.
The operating system of the Web server running the System.Web.Security.ActiveDirectoryMembershipProvider instance must support concurrent binds (for example, Windows Server 2003).
When a concurrent bind is used, the last logon date for the user is not updated in the directory; therefore, the ActiveDirectoryMembershipUser.LastLoginDate property cannot be relied on.
Leading and trailing spaces are trimmed from the username parameter.
Requirements
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 2.0.0.0
Since: .NET 2.0