I'm having some problems with the LogonUser() API function in C++. The computer I'm testing this on is not on a domain. The account I'm testing with exists on the computer, but when i supply an invalid domain, it authenticates the login.
This does not seem right to me.
HANDLE token;
if (!LogonUser("LocalUser", "InvalidDomain", "Password",
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &token))
{
unsigned long error = GetLastError();
}
Is this the right behavior?
I believe that workgroup members don't support domain logons so the domain parameter is ignored. This explains what you are seeing.
You can confirm this. Try to authenticate using a real domain user (ensuring there isn't a local account with the same name). The logon should fail.
There is an exception. If you use the LOGON32_LOGON_NEW_CREDENTIALS
flag (which amends the existing logon rather than creating a new one) then a domain logon will always succeed because it isn't authenticated until you attempt to access a remote resource.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With