Using LogonUser () for credential verification only

We are developing an application with an internal user account system, but would like to be able to use credentials from Active Directory and / or Windows accounts. To this end, we store the user ID in a field in the user table of the application. Our login mechanism operates as follows:

• User request for domain, login, password
• Call LogonUser (login, domain, password, logon_type, logon_provider and htoken)
• If successful, get the user SID from hToken
• Close hToken
• Search our application database for the user with this SID; if found, we are considered registered in this account.

The problem that arose is this: we used LOGON32_LOGON_NETWORK for logon_type, but now we are faced with some security configurations where "Access to this computer from the network" is denied, which means that the type of network entry is denied.

My question is: what type of input should be used for this situation? Interactive? In fact, we do not use the Logon token for anything else but to extract the user's SID. Our application has its own internal groups and permissions; we don’t use Windows groups or permissions at all. From the point of view of Windows and the domain controller, all we do is log on and quickly log off.

Or are we considering this completely wrong, and should we use some other login method completely?

thank