PrincipalContext.ValidateCredentials() C# Method failing in Docker container

General Discussions
1

I’m trying to validate the user credentials in a C# application using a DOT NET API - System.DirectoryServices.AccountManagement.PrincipalContext.ValidateCredentials() -

ValidateCredentials() creates the connection to the server and validates the specified credentials if the connection is successful.

This method works perfectly fine in a normal windows machine. When I try this in a Docker container I’m getting below error –

    *System.DirectoryServices.AccountManagement.PrincipalOperationException: The network location cannot be reached. For information about network troubleshooting, see Windows Help.*
*     ---> System.Runtime.InteropServices.COMException: The network location cannot be reached. For information about network troubleshooting, see Windows Help.*

*       at System.DirectoryServices.AccountManagement.UnsafeNativeMethods.IADs.Get(String bstrName)*
*       at System.DirectoryServices.AccountManagement.CredentialValidator.BindSam(String target, String userName, String password)*
*       --- End of inner exception stack trace ---*
*       at System.DirectoryServices.AccountManagement.CredentialValidator.BindSam(String target, String userName, String password)*
*       at System.DirectoryServices.AccountManagement.CredentialValidator.Validate(String userName, String password)*
*       at System.DirectoryServices.AccountManagement.PrincipalContext.ValidateCredentials(String userName, String password)*

Steps to Reproduce –

Here is my C# console application -

using System;
using System.DirectoryServices.AccountManagement;
using System.Net;

namespace TestPC
{
    class Program
    {
        static void Main(string[] args)
        {
            ContextType contextType = ContextType.Machine;
            string domain = args[0];
            string user = args[1];
            string password = args[2];

            try
            {
                if (domain == "." || (string.Compare(domain, System.Net.Dns.GetHostName(), true) == 0))
                {
                    // if not "." or host name
                    domain = Dns.GetHostName();
                }
                else
                {
                    contextType = ContextType.Domain;
                }

                Console.WriteLine("contectType ={0}, domain = {1}", contextType, domain);
                PrincipalContext pc = new PrincipalContext(contextType, domain);
                bool isValid = pc.ValidateCredentials(user, password);
            }
            catch (Exception ex)
            {
                Console.WriteLine("Message = {0}", ex.Message);
                Console.WriteLine("Stack Trace = {0}", ex.StackTrace);
                Console.WriteLine("Inner Exception = {0}", ex.InnerException);
            }
            
        }
    }
}

It takes 3 arguments -

  1. Domain - You can either pass ‘localhost’ or ‘.’ - Internally docker maps this to Container Id
  2. User - It can be any user in the container
  3. Password - Password for the user

This console application should be run as admin.

If I try to run this in container I’ll get he above ‘network location not found’ error. But it goes fine in the windows server host machine.

HOST OS Version - Windows Server 2019 Datacenter, OS Build - 17763.914
Container Base OS - mcr.microsoft.com/windows/servercore:10.0.17763.914
Docker version 19.03.12, build 4306744