Home/ Questions/Q 6961555
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T15:32:43+00:00

I currently use LogonUser() to authenticate my user’s username and password on my local

  • 0

I currently use LogonUser() to authenticate my user’s username and password on my local domain at the office and it works great for what i need it to do.

Since I developed the app I now need to make it work over my VPN. It seems LogonUser() will not work with REMOTELY validating credentials. Or will it? Is it possible to use LogonUser() to validate a user’s credentials on a REMOTE domain account?

I have read in some places that using LOGON32_LOGON_NEW_CREDENTIALS for the 4th param (login type) and LOGON32_PROVIDER_WINNT50 for the 5th param (provider) would do the trick. But every time I try that I ALWAYS get success… I can supply a bogas user and pass and it will work every time :(.

Ideas?

Edit – Added Notes

Tried to use this function but I kept getting the exception telling me the user/pass was bad.

    public bool Win2kCredentialsIsValid(string domain, string username, string password)
    {
        string adPath = "LDAP://" + domain + "/rootDSE";
        DirectoryEntry adRoot = new DirectoryEntry(adPath, domain + "\\" + username, password, AuthenticationTypes.ReadonlyServer);
        try
        {
            object o = adRoot.Properties["defaultNamingContext"];
        }
        catch
        {
            return false;
        }
        return true;
    }


Edit – Added More Notes

OK so I tried yet another example just to get it to work and started down this path, and there are a few things to note…

  • MyServerHostName is exactly that, my server’s hostname. EX: ‘Server01’.
  • My domain name in this example is ‘MyDomain.local’
  • So that makes my FQN for the server ‘Server01.MyDomain.local’

I tried to make this work and got the following error…

The supplied context type does not match the server contacted. The server type is Domain.

This errored out at : var context = new PrincipalContext(ContextType.ApplicationDirectory, “MyServerHostName:389”, “DC=MyDomain,DC=local”))

    private bool CheckADCredentials()
    {
        bool bResults;
        using (var context = new PrincipalContext(ContextType.ApplicationDirectory,
            "MyServerHostName:389",
            "DC=MyDomain,DC=local"))
        {
            var username = "firstname.lastname";
            var email = "firstname.lastname@MyServerHostName";
            var password = "123456";
            var user = new UserPrincipal(context)
            {
                Name = username,
                EmailAddress = email
            };
            user.SetPassword(password);
            user.Save();
            if (context.ValidateCredentials(username, password, ContextOptions.SimpleBind))
            {
                bResults = true;
            }
            else
            {
                bResults = false;
            }

            user.Dispose();
        }

        return bResults;
    }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I ended up going with a different solution. Instead of trying to validate a user’s account on a domain that my PC was not connected to I ended up caching my domain credentials in the database and just built a salted MD5 type encrypt function so it would make it hard .. er.. for someone to crack it. 😉

    Now I just validate against cached credentials in the database when working remotely… It just required the user to first login on the domain but then the user can use it remotely day and night. 😉

    Thanks!

    • 0