LogonUser () does not authenticate the user for an invalid domain when the computer is not in the domain

Question

LogonUser () does not authenticate the user for an invalid domain when the computer is not in the domain

I am having problems with the LogonUser () API function in C ++. The computer on which I am testing this is not part of the domain. The account I am testing exists on the computer, but when I supply an invalid domain, it authenticates the login.

This does not seem right to me.

HANDLE token; if (!LogonUser("LocalUser", "InvalidDomain", "Password", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &token)) { unsigned long error = GetLastError(); }

Is this the right behavior?

+6

c ++ login winapi testing

williamtroup Jan 30 '14 at 8:39

source share

2 answers

According to this site you should use ".". (or "", but this is not documented) as the domain for using only the local database. I believe that undocumented behavior "" explains your login. If he cannot identify the user in the domain, he will try to identify him locally.

I based my answer on this page: http://msdn.microsoft.com/en-us/library/windows/desktop/aa378184(v=vs.85).aspx

+1

mavalan Feb 05 '14 at 12:19

source share

arx · Accepted Answer · 2014-02-08T14:45:56+0000

I believe that members of the workgroup do not support logging on to the domain, so the domain setting is ignored. This explains what you see.

You can confirm this. Try authentication using a real domain user (make sure there is no local account with the same name). Login failed.

There is an exception. If you use the LOGON32_LOGON_NEW_CREDENTIALS flag (which modifies an existing login rather than creating a new one), then domain registration will always be successful because it does not authenticate until you try to access the remote resource.

LogonUser () does not authenticate the user for an invalid domain when the computer is not in the domain

More articles: