LogonUser using LOGON32_LOGON_NEW_CREDENTIALS works against remote untrusted domain machine
Posted
by Jiho Han
on Stack Overflow
See other posts from Stack Overflow
or by Jiho Han
Published on 2010-05-26T20:06:03Z
Indexed on
2010/05/26
20:11 UTC
Read the original article
Hit count: 637
win32
|impersonation
So between the two machines, there is no trust - they are in different domains.
I've successfully connected to the remote machine using LogonUser API using logon type, *LOGON32_LOGON_NEW_CREDENTIALS*. I am able to retrieve the content of a directory using the UNC share, and create a file stream to "download" the file. So far so good.
The only issue is that it seems, LogonUser fails unless there is an already open session. Let me clarify that.
I found that the ASP.NET MVC page was not working this morning, specifically the page that retrieves the file list from this remote machine using LogonUser. I look at the log and I see in the stacktrace, *System.IO.__Error.WinIOError* above Directory.GetFiles call. I then remoted into the web server and tried to open the remote folder in the explorer using the same login/password used by the web site. It went through and I could see the files. I opened up the command prompt, type in net use, and I see that there is an open connection to the remote machine. Then I went back to the page and suddenly the page is working again.
So, at this point, I am not exactly sure if the LogonUser is working as expected or not. If the call requires that a network connection opened first by other means, then this is certainly not satisfactory.
Does anyone know what may be happening or suggest a workaround?
© Stack Overflow or respective owner