Re: Authenticating against network server using non-domain account



Hello Joe,

if you use

LOGON32_LOGON_NEW_CREDENTIALS = 9,

in LogonUser - the credentials will only get verified if you use a network resource -

this is the same as runas /netonly

this could do what you want.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Have you tried logging in with an account local to the server that has
the same username and password as the user on the remote machine and
impersonating that instead?  My understanding is that this "trick"
will work with NTLM in a situation where you can't use domain
accounts/Kerberos.

Joe K.

"Martin Robins" <martin dot robins at technicaldirect dot co dot uk>
wrote in message news:eysELimAGHA.3184@xxxxxxxxxxxxxxxxxxxxxxx
IntPtr tokenHandle = new IntPtr(0), duplicateTokenHandle = new
IntPtr(0);
bool result = advapi32.LogonUser(userName, domain, password,
advapi32.LogonType.Interactive, advapi32.LogonProvider.Default, ref
tokenHandle);

LogonType.Interactive = 2, LogonProvider.Default = 0

Sorry; error code is 1326 - "Logon failure: unknown user name or bad
password" even though the details are correct (I created the account
specifically).

"Willy Denoyette [MVP]" <willy.denoyette@xxxxxxxxxx> wrote in
message news:OxcgIbmAGHA.4004@xxxxxxxxxxxxxxxxxxxxxxx
Not accepted is a little vague isn't it? What is the return code
of
the LogonUser call? Some code would help also.
LogonUser doesn't "log on", it retuns an access token that can be
used to access the remote server, so when you specify the credentials,
as valid on a remote server,  this server 'security system' returns a
token that can be used to access the remote server when
"impersonating".

Willy.

"Martin Robins" <martin dot robins at technicaldirect dot co dot

uk>> wrote in message news:e7dADQmAGHA.3352@xxxxxxxxxxxxxxxxxxxxxxx
uk>>
I have; it is not accepted.
LogonUser will only work when specifying the local machine name
or a domain name that is valid for the local machine as you are
effectively logging a new user onto that machine (and of course a
local user on another machine would not be able to log onto the local
machine).

Cheers.

"Nicholas Paldino [.NET/C# MVP]"
<mvp@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ufuP8IlAGHA.2704@xxxxxxxxxxxxxxxxxxxxxxx
Martin,
Have you tried using the machine name in the domain
parameter?

--
- Nicholas Paldino [.NET/C# MVP]
- mvp@xxxxxxxxxxxxxxxxxxxxxxxxxxx
"Martin Robins" <martin dot robins at technicaldirect dot co
dot uk> wrote in message news:e9Ma45kAGHA.2788@xxxxxxxxxxxxxxxxxxxxxxx
I need to access the scheduler service on a network computer
in order to manipulate it remotely from .NET; I have all of the
necessary code to perform the manipulation and it works - great - but
I am having problems with authentication.

I have tried using LogonUser and this works fine with a
domain account, however it is not possible to use this with an account
that is defined only on the remote computer - it only works with local
or domain accounts.

Any suggestions as to how I can authenticate my connection
to the remote PC using a logon and password local to that machine?



.



Relevant Pages

  • Re: Impersonate and LogonUser()
    ... So I have to check something in the network or on the remote computer ... Alice & Bob as computers, and "UserBob" as local account on Bob with ... When you need to access Bob from Alice, you need to call LogonUser ... | username password variant, that I'm not shure if it works really. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Copy files in network with authentication ??
    ... >> The purpose of LogonUser is to obtain an access token specifying the ... >> credentials of a valid local or domain (remote) account. ...
    (microsoft.public.dotnet.languages.vc)
  • Re: Problem establishing SSL connection in code-behind
    ... credentials and create a logon token for them that can be used to start ... Therefore, to authenticate AD users on the web server, the ... I don't understand why you need to log on to a remote machine. ... The Win32 LogonUser API is completely new to me. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: FileCopy to a shared folder
    ... Why then would LogonUser not recognise the password? ... >> handle logins to remote computers, ... if LogonUser succeeds you will get a token back that can be ... > used to impersonate the account when accessing the remote folder. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: FileIO Netwk Permissions!
    ... When you need to access a resource on a remote server, ... Only problem with LogonUser is that you need TCB privileges (part of OS ... > "The LogonUser function attempts to log a user on to the local computer. ...
    (microsoft.public.dotnet.languages.csharp)