none
LogonUser() works when Domain is not specified RRS feed

  • Question

  • On a Windows 2008 server I can only get the LogonUser() function to work (return 'true') if the domain is not passed to it as per the code below. When I pass the domain then the LogonUser() method returns false and the error code returned by Marshal.GetLastWin32Error() is '0'.

    On my Windows 10 machine the LogonUser() function returns 'true' regardless of the domain being specified or not.

    In all instances the userName is set to only the samAccountName and has never been set to domain\userName or userName@domain

    Am I missing something as this does not make sense?

    [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Auto)]
    [return: MarshalAs(UnmanagedType.Bool)]
    public static extern bool LogonUser(
        [MarshalAs(UnmanagedType.LPWStr)] string username,
        [MarshalAs(UnmanagedType.LPWStr)] string domain,
        [MarshalAs(UnmanagedType.LPWStr)] string password,
        int logonType,
        int logonProvider,
        ref IntPtr token);
    
    
    
    
    [PermissionSet(SecurityAction.Demand, Name = "FullTrust")]
    public bool Authenticate(string userName, string domain, string password)
    {
        IntPtr tokenHandle = IntPtr.Zero;
    
        bool authenticated = OSCalls.LogonUser(userName, null /*domain*/, password, 3, 0, ref tokenHandle);
        if (!authenticated)
        {
            int errorCode = Marshal.GetLastWin32Error();
            throw new System.ComponentModel.Win32Exception(errorCode);
        }
    
        return authenticated;
    }




    • Edited by PaulSk1 Tuesday, May 29, 2018 1:56 PM
    Friday, May 25, 2018 1:23 PM

Answers

  • Thanks for your help in this. It wasn't the fact that I didn't know how to obtain the Domain but more to do with the LogonUser() function still returning true when no Domain was specified either via the Domain paramater or as part of the UserName. This contradicted the documentation for the LogonUser() method.

    FYI, if no Domain is specified the local account database is used to authenticate.

    Paul ~~~~ Microsoft MVP (Visual Basic)

    • Marked as answer by PaulSk1 Wednesday, May 30, 2018 3:05 PM
    Wednesday, May 30, 2018 2:27 PM

All replies

  • Hi Paul,

    Sorry for the late reply.

    For your problem, what is the second parameter? I mean what is the name of the domain you are passing?

    I'm afraid the function named LogonUser has nothing to do with win10 and win8 server, so the only reason is the name of the domain you are passing.

    About the second parameter, MSDN said:

    lpszDomain [in, optional]

    A pointer to a null-terminated string that specifies the name of the domain or server whose account database contains the lpszUsername account. If this parameter is NULL, the user name must be specified in UPN format. If this parameter is ".", the function validates the account by using only the local account database.

    Please check your domain name passed on win10 and win8server.

    And refer to the following document for more details about LogonUser function:LogonUser function

    Regards,

    Frankie


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, May 29, 2018 2:14 AM
  • That's what is confusing me as the username is not UPN formatted (no domain just the samAccountName) and the domain parameter is null. Yet it was still authenticating okay on my Windows 10 - which I was not expecting.

    Is the domain being obtained another way or is this within AD itself?

    • Edited by PaulSk1 Tuesday, May 29, 2018 1:50 PM
    Tuesday, May 29, 2018 8:08 AM
  • Hi,

    Follow these steps to find the domain name:
     
    a. Click the Start menu button, and click Control Panel.
    b. In the Control Panel, click Performance and Maintenance, and click the System icon.
    c. In the System Properties window, select the Computer Name tab.
    d. The name of your computer will be listed as the Full computer name.
    e. The domain your computer belongs to will be listed as the Domain. If, instead of Domain, you see Workgroup, your computer is not a member of any domain.
     

    For any issues related to domain network, please post your query in Technet Forums.

    Refer: How do i find my DOMAIN name

    Regards,

    Frankie


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, May 30, 2018 7:17 AM
  • Thanks for your help in this. It wasn't the fact that I didn't know how to obtain the Domain but more to do with the LogonUser() function still returning true when no Domain was specified either via the Domain paramater or as part of the UserName. This contradicted the documentation for the LogonUser() method.
    Wednesday, May 30, 2018 8:30 AM
  • The LogonUser API function call returns a non-zero value if it succeeds. Can you tell us what the value of the "authenticated" variable is?

    Paul ~~~~ Microsoft MVP (Visual Basic)


    Wednesday, May 30, 2018 1:31 PM
  • Thanks for your help in this. It wasn't the fact that I didn't know how to obtain the Domain but more to do with the LogonUser() function still returning true when no Domain was specified either via the Domain paramater or as part of the UserName. This contradicted the documentation for the LogonUser() method.

    FYI, if no Domain is specified the local account database is used to authenticate.

    Paul ~~~~ Microsoft MVP (Visual Basic)

    • Marked as answer by PaulSk1 Wednesday, May 30, 2018 3:05 PM
    Wednesday, May 30, 2018 2:27 PM
  • That must be it then. I just wanted to understand what was going on. Thanks for your help.
    Wednesday, May 30, 2018 3:05 PM