LogonUser using LOGON32_LOGON_NEW_CREDENTIALS works against remote untrusted domain machine

Posted by Jiho Han on Stack Overflow See other posts from Stack Overflow or by Jiho Han
Published on 2010-05-26T20:06:03Z Indexed on 2010/05/26 20:11 UTC
Read the original article Hit count: 637

Filed under:
|

So between the two machines, there is no trust - they are in different domains.

I've successfully connected to the remote machine using LogonUser API using logon type, *LOGON32_LOGON_NEW_CREDENTIALS*. I am able to retrieve the content of a directory using the UNC share, and create a file stream to "download" the file. So far so good.

The only issue is that it seems, LogonUser fails unless there is an already open session. Let me clarify that.

I found that the ASP.NET MVC page was not working this morning, specifically the page that retrieves the file list from this remote machine using LogonUser. I look at the log and I see in the stacktrace, *System.IO.__Error.WinIOError* above Directory.GetFiles call. I then remoted into the web server and tried to open the remote folder in the explorer using the same login/password used by the web site. It went through and I could see the files. I opened up the command prompt, type in net use, and I see that there is an open connection to the remote machine. Then I went back to the page and suddenly the page is working again.

So, at this point, I am not exactly sure if the LogonUser is working as expected or not. If the call requires that a network connection opened first by other means, then this is certainly not satisfactory.

Does anyone know what may be happening or suggest a workaround?

© Stack Overflow or respective owner

Related posts about win32

Related posts about impersonation