locked
How to translate or query SAM account name of cached domain user using UPN name from local cache in credential provider when domain is offline? RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    I am writing a credential provider in Windows and I am trying to add UPN name login support to it and doing so I used TranslateNameW which gives me SAM account name when provided with UPN name and vice versa and this works only when domain is online and won't work when domain is offline. 
    TranslateNameW(UPName, NameUserPrincipal, NameSamCompatible, buffer, &size);
    which gives me SAM account name when provided with UPN name and vice versa and this works only when domain is online and won't work when domain is offline.

    The problem here is when the domain user is cached and when domain is offline I am not able to convert that UPN to SAM name and then windows is throwing me an error saying "We can't sign you in with this credential because your domain isn't available. Make sure your device is connected to your organisation's network and try again if you previously signed on this device with another credential you can sign in with that credential." Windows password credential works just fine in this scenario it is able to translate UPN to SAM even when the domain is offline.

    I can't parse the UPN name and convert it into SAM name cause it is not guaranteed that UPN name always matches with SAM name i.e if UPN is `johndoe@example.com` SAM Name need not necessarily be `johndoe` it can be `jdoe` or anything.

    So, my question is how can I access SAM account name of that cached domain user when domain is offline, Is there any function in VC++ that returns SAM name when provided with UPN when the domain is offline? How can I handle this scenario?


    Sunday, July 12, 2020 7:11 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello InterGalaticAvenger,

    Thanks for posting here.

    Can you reproduce this issue in a general application instead of a credential provider?

    And could you show a mini, reproducible sample including a working "Windows password credential"?

    Make sure keep your private information unexposed. 

    Best regards,

    Rita


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, July 13, 2020 7:13 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    1. I didn't try with the general application and how can I do it? Like, create a normal C++ application that can use LogonUser() and pass credentials to it and see if it is working?

    2. Sorry it is a typing mistake by windows credential I've meant Generic Windows Password credential provider. 

    3. I tried to log in to a cached domain user with UPN format and the user SAM account name and UPN name are different i.e UPN: johndoe.example.com and SAM: jdoe, FlatName: Example\jdoe and while trying to log in, the domain is offline. In this case windows CP worked and logged in user but my CP throws an error message that is mentioned in the question, And when I use flat name instead of UPN from my CP that works. So my question is how can I exchange the UPN for the flat name of the user when the domain is offline?

    Saturday, July 25, 2020 1:40 PM