In our project we have to use AD for authentication but we must also provide a logout mechanism. At the moment we are using Windows Authentication but there doesn't seem to be a way to logout.
My idea is to use Identity and to authenticate users like the following:
using (PrincipalContext context = new PrincipalContext(ContextType.Machine))
{
var principal = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, userModel.Username);
if (principal != null)
{
if (context.ValidateCredentials(userModel.Username, userModel.Password))
{
claims = AssignClaims(principal);
}
}
}
Basically, the user will be provided a login screen. Then he will enter his windows credentials and the code above will validate whether the user should have access.
One thing I've been having problems with is that the ValidateCredentials every now and then decides to stop working and even though I enter the proper credentials and the FindByIdentity finds the user ValidateCredentails returns false. Any idea what it could be? Is there a better method to use?
Does that look like a legit way of implementing it or are there issues with it?
