PrincipalContext.ValidateCredentials 失败 "The server cannot handle directory requests."

PrincipalContext.ValidateCredentials fails with "The server cannot handle directory requests."

我有一个应用程序,其中用户根据我们的 Active Directory 进行身份验证:

private bool Authenticate()
{
     using (var context = new PrincipalContext(ContextType.Domain, Environment.UserDomainName)) 
     {
         return context.ValidateCredentials(this.Username.Text.Trim(), this.Password.Text.Trim());
     }
}

它工作了好几年。现在,我们的 Windows 7 台机器被 Windows 10 台机器取代,一些用户收到此错误:

The server cannot handle directory requests.

at System.DirectoryServices.Protocols.ErrorChecking.CheckAndSetLdapError(Int32 error)
at System.DirectoryServices.Protocols.LdapSessionOptions.FastConcurrentBind()
at System.DirectoryServices.AccountManagement.CredentialValidator.BindLdap(NetworkCredential creds, ContextOptions contextOptions)
at System.DirectoryServices.AccountManagement.CredentialValidator.Validate(String userName, String password)
at System.DirectoryServices.AccountManagement.PrincipalContext.ValidateCredentials(String userName, String password)
at DPI.FormLogin.Authenticate() in c:\Developing\Source\DPI\Client\DPI\FormLogin.cs:line 280

该错误仅对某些用户出现,并非始终如此。可能是跟win 10的安全设置比之前的win 7严格多了有关。

知道如何解决吗?如何查询当前连接的 LDAP 服务器?也许我们的服务器配置略有不同,问题仅限于可能配置错误的单个服务器。

是的,添加ContextOptions.Negotiate解决了问题:

private bool Authenticate()
{
     using (var context = new PrincipalContext(ContextType.Domain, Environment.UserDomainName)) 
     {
         return context.ValidateCredentials(this.Username.Text, this.Password.Text, ContextOptions.Negotiate);
     }
}