Calling LogonUSer Against a Remote Domain

[Jeremy A. Marut]

I've seen a nujmber of similar posts with no real answer, for my purposes at
least. We have a number of applications which we lock down using a
applicaiton access table in SQL which is driven by the user's network ID. The
way we ensure it is the actual user, we have them enter their network creds
and call LogonUser utilizing advapi32. Our Internet servers were on the same
domain as our Intranet servers and this method worked just find. However, we
have moved forward with a new protal on a seperate domain (still on our
internal backbone) and I still need users of the internal domain to be able
to authenticate from the new domain. When I call LogonUser passing the the
domain, I get a bad username/password combination. Is there any way to
authenticate a user with LogonUser against a remote domain?

 

[[MSFT]]

Hello Jeremy,

The domain user account specified in LogonUser() should be in a domain that
is trusted by the workstation resource domain. e.g. If a workstation is a
member of Domain A, and if Domain A trusts Domain B, then Domain B users
are valid users in Domain A. If Domain A does not trust domain B,
LogonUser() API will fail with 1326 - unknown user name or bad password
(ERROR_LOGON_FAILURE) for non-trusted domain users.

Hope this help,

Luke