How can I validate if username and password are valid for Azure AD account using PrincipalContext? I have tried:
try
{
using (PrincipalContext context = new PrincipalContext(ContextType.Domain, "mycompany.com", username, password))
{
if (context.ValidateCredentials(username, password))
{
return true;
}
}
}
catch (Exception)
{
}
return false;
But I got error: "The LDAP server is unavailable."
username format is: "AzureAD\\Username"
How should constructor for PrincipalContext looks like so I could connect to Azure and confirm username and password?
Azure AD and Windows Server AD are not the same thing. They both aim to solve the same problems but in different manner. You are trying PrincipalContext which is for Windows Server AD.
Windows Server AD can be synchronized to Azure AD, but only object information - like users, groups, etc. so that information is available in Azure AD. But protocol level stuff, like Kerberos, is not available via Azure AD.
So rather than having a trusted domain-joined server that can use Kerberos to talk to Windows Server AD, Azure AD relies on OAuth and more modern protocols that work over the web and without requiring a trusted server. An OAuth-protected web app or mobile app can work regardless of the hosting server.
Authentication can be done using ADAL library. You can find samples in the Azure GitHub samples here:
The net for these steps is to - Add an application registration to Azure AD - This will give you a Client ID (and optionally, a secret, which you'll need later) that identifies your application uniquely in Azure AD - Add the ADAL NuGet package to your app - Let ADAL redirect users to Azure AD to sign in - Consume the tokens after login and log the users into your app
You can find a complete sample here: https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect