All geek questions in one place

Why does LogonUser (...) not work for domain accounts?

I am trying to use LogonUser(...) to get an access token for a user account, as in this sample MSDN .

 // Call LogonUser to obtain a handle to an access token. bool returnValue = LogonUser(userName, domainName, Console.ReadLine(), LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, out safeTokenHandle);

When I run the sample (with administrator privileges), it works great when providing a domain . and the local user account name and password, but no matter what I do, I get error code 1326 (login failure: unknown user name or incorrect password) if I try to use a domain account. I get the same result if I inject garbage to a domain, which makes me wonder if it really communicates with DC at all.

What can interfere with work?

+6
source share
3 answers

In my case, it was a fact that although I was registered on my computer as a domain user, my computer itself was not part of the domain. After adding to the domain, the sample began to work.

+1
source

In my case, a problem similar to the question was that the account I was trying to authenticate was in a domain to which my current machine did not belong. Unlike the original poster, my car should not and cannot be part of this other domain. I wanted the login to perform an action on a resource in this domain.

The answer was as follows

 bool success = LogonUser( userName, domain, password, (int)LOGON32_LOGON_NEW_CREDENTIALS, //9 (int)LOGON32_PROVIDER_DEFAULT, //0 out userToken);

with the following constants:

 public const int LOGON32_LOGON_NEW_CREDENTIALS = 9; public const int LOGON32_PROVIDER_DEFAULT = 0;

Hope this helps others lost in a similar situation.

+1
source

Use DOMAIN\LOGIN with an empty domain name for this case ...

0
source

Source: https://habr.com/ru/post/897698/

More articles:


All Articles