LogonUser fails across different domains
From: Prasanna Padmanabhan (prasannap_at_citrix.nospam.com.)
Date: 01/29/04
- Previous message: Rhett Gong [MSFT]: "RE: CAPICOM is Truly Multithreaded?"
- Next in thread: Drew Cooper [MSFT]: "Re: LogonUser fails across different domains"
- Reply: Drew Cooper [MSFT]: "Re: LogonUser fails across different domains"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Jan 2004 22:37:21 -0500
LogonUser() fails if the user (specified as parameter) is in a domain
different from that with which the executing process is running as.
For example, if the process that is executing LogonUser is running as
DomainA\UserA and if I want to LogonUser as DomainB\UserA it fails (unless
DomainA and DomainB have some sort of trust relationship).
My question is this:-
---------------------
Can one of you gurus please tell me what is the workaround for this is? That
is how can I get a user's token from LogonUser if the domains are different.
My intention is to get the user's token from the LogonUser call and make my
executing process run as that user (impersonation), and then use that
"impersonated user" to access remote file shares (that are on a different
domain).
I did several google searches and all of them agree that LogonUser does not
work across different untrusted domains, but they don't offer a solution.
Thanks a lot!
Prasanna
- Previous message: Rhett Gong [MSFT]: "RE: CAPICOM is Truly Multithreaded?"
- Next in thread: Drew Cooper [MSFT]: "Re: LogonUser fails across different domains"
- Reply: Drew Cooper [MSFT]: "Re: LogonUser fails across different domains"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
