28

I have a small C# solution used to check users credentials. It works fine for two of my teammates, but on my PC I get an exception.

The relevant code:

PrincipalContext context = new PrincipalContext(ContextType.Domain);
if (context.ValidateCredentials(System.Environment.UserDomainName + "\\" + usr, pwd))
     return true;
else
     return false;

And the exception is:

DirectoryOperationException, "The server cannot handle directory requests.".

I tried creating context with the explicit server name and the 636 port number, but this didn't help as well.

Any ideas?

Kiquenet
  • 14,494
  • 35
  • 148
  • 243
Noich
  • 14,631
  • 15
  • 62
  • 90
  • If nothing else here helped you, perhaps see my last comment: http://stackoverflow.com/questions/3694919/nets-directory-services-throws-a-strange-exception#comment4025606_3694964 – Noich Jul 22 '13 at 13:44

4 Answers4

75

I had this problem too using IIS Express and VS 2010. What fixed it for me was a comment on another thread.

Validate a username and password against Active Directory?

but i'll save you the click and search... :) Just add ContextOpations.Negotiate to you Validate Credentials call like below.

bool valid = context.ValidateCredentials(user, pass, ***ContextOptions.Negotiate***);
Community
  • 1
  • 1
pwDev
  • 945
  • 8
  • 13
  • 7
    This should be marked as resolution. I experienced this exception on a simple test application (actually a small WPF program) which threw the exception only when connected to the destination domain through VPN. Whenever experiencing authentication problems using a VPN give ContextOptions.Negotiate a try. – Pilsator Sep 16 '15 at 11:08
  • Why ***reason*** using `ContextOptions.Negotiate`? – Kiquenet Dec 19 '16 at 09:39
  • 3
    @Kiquenet As Brett Veenstra explains: ...".NET uses the following technologies by default: LDAP+SSL, Kerberos, then RPC. I suspect RPC is off in your network (good!) and Kerberos doesn't actually get used by .NET unless you explicitly tell it using ContextOptions.Negotiate"... – pwDev Jan 06 '17 at 17:11
  • In **the same server**, I get the ***error*** `The server cannot handle directory requests` in a IIS website, but it's ***OK*** in another IIS website. _The source code is the same_ (it's a `TestAD.aspx` page). – Kiquenet Jan 11 '17 at 09:23
  • This answer extends more than to just VS 2010, same issue with AspNet Core and Kestrel. I ported previously working code into a core project and the above resolved the issue for me. – Bronumski Jan 30 '18 at 00:28
  • code was working fine. then today I just started getting this error. Passing Negotiate did the trick. – Mike Nov 13 '18 at 19:27
  • I changed the identity of the app pool to use network service over local system. The code has been working fine for years and then this issue started to occur. See this link for more details https://social.msdn.microsoft.com/Forums/sqlserver/en-US/2794fd06-42c7-4b7a-9e44-eafccebbb42b/the-server-cannot-handle-directory-requests-while-using-principalcontextvalidatecrendentials?forum=netfxbcl – dparker Dec 14 '18 at 13:58
9

I had this issue: things were working on my dev machine but didn't work on the server. Turned out that IIS on the server was set up to run as LocalMachine. I changed it to NetworkService (the default) and things started working.

So basically check the user of the app pool if this is running on IIS.

fredw
  • 1,409
  • 12
  • 23
2

I had to just create a new app pool and assign it .NET 2.0, then assign the new app pool to our web app, and it started working. We had .NET 3.5 SP2, so the hotfix wasn't ideal for us. Since the WWW service is usually Local System, I questioned that too. But since it was .NET and security related, I gave a shot at the app pool first and it worked.

Steve Bardocz
  • 21
  • 2
1

Perhaps you need the hotfix?

And you are an Admin or the id that your service is running under is an Admin on your PC right?

I take it you already looked into this:

"You may receive a less than helpful DirectoryOperationException(“The server cannot handle directory requests.”) what isn’t quite so amusing about this is that it didn’t even try to communicate with the server. The solution was to add the port number to the server. So instead of passing “Server” to open the LdapConnection, I passed “server:636”. By the way, LDAPS is port 636 – rather than the 389 port used by LDAP."

Good point, I wouldn't expect that Win7/.NET 3.5 would need that patch. How about the info provided in this question:

Community
  • 1
  • 1
JohnB
  • 18,046
  • 16
  • 98
  • 110
  • Maybe I got something wrong here, but the hotfix is for .Net2, and as I use 3.5, I don't have the .Net2 SP1 installed, which made the hotfix angry :) About the quote - I saw it, but thanks a lot anyway! – Noich Sep 12 '10 at 13:58
  • Ok, so it seems like the hotfix is not meant for win7 - SP1 can't be installed. – Noich Sep 13 '10 at 07:53
  • The problem was that this code was getting a server dynamically, and so received a server that wasn't running Windows 2008. When getting a specific server that did run Win2008, everything started working again. Hurray! – Noich Sep 26 '10 at 12:34
  • 1
    So, using that Hotfix, or using Windows Server 2008 is the solution to that exception. – JohnB Sep 30 '10 at 21:53