473,390 Members | 1,300 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,390 software developers and data experts.

Authenticating against network server using non-domain account

I need to access the scheduler service on a network computer in order to manipulate it remotely from .NET; I have all of the necessary code to perform the manipulation and it works - great - but I am having problems with authentication.

I have tried using LogonUser and this works fine with a domain account, however it is not possible to use this with an account that is defined only on the remote computer - it only works with local or domain accounts.

Any suggestions as to how I can authenticate my connection to the remote PC using a logon and password local to that machine?
Dec 16 '05 #1
10 8260
Martin,

Have you tried using the machine name in the domain parameter?
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:e9**************@TK2MSFTNGP14.phx.gbl...
I need to access the scheduler service on a network computer in order to manipulate it remotely from .NET; I have all of the necessary code to perform the manipulation and it works - great - but I am having problems with authentication.

I have tried using LogonUser and this works fine with a domain account, however it is not possible to use this with an account that is defined only on the remote computer - it only works with local or domain accounts.

Any suggestions as to how I can authenticate my connection to the remote PC using a logon and password local to that machine?
Dec 16 '05 #2
I have; it is not accepted.

LogonUser will only work when specifying the local machine name or a domain name that is valid for the local machine as you are effectively logging a new user onto that machine (and of course a local user on another machine would not be able to log onto the local machine).

Cheers.

"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in message news:uf**************@TK2MSFTNGP15.phx.gbl...
Martin,

Have you tried using the machine name in the domain parameter?
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:e9**************@TK2MSFTNGP14.phx.gbl...
I need to access the scheduler service on a network computer in order to manipulate it remotely from .NET; I have all of the necessary code to perform the manipulation and it works - great - but I am having problems with authentication.

I have tried using LogonUser and this works fine with a domain account, however it is not possible to use this with an account that is defined only on the remote computer - it only works with local or domain accounts.

Any suggestions as to how I can authenticate my connection to the remote PC using a logon and password local to that machine?
Dec 16 '05 #3
P.S. I've looked at
WebConfigurationManager.GetWebApplication("system. net/mailSettings");

But I can never get that to return anything and the only example I can find
with it being used is with ConnectionStrings.

I would have thought this would have worked.

SmtpSection smtpSec =
WebConfigurationManager.GetWebApplicationSection(" mailSettings") as
SmtpSection;

Debug.WriteLine(smtpSect.Network.UserName);

But smtpSec is always null

Dec 16 '05 #4
Not accepted is a little vague isn't it? What is the return code of the LogonUser call? Some code would help also.
LogonUser doesn't "log on", it retuns an access token that can be used to access the remote server, so when you specify the credentials, as valid on a remote server, this server 'security system' returns a token that can be used to access the remote server when "impersonating".

Willy.

"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:e7**************@TK2MSFTNGP10.phx.gbl...
I have; it is not accepted.

LogonUser will only work when specifying the local machine name or a domain name that is valid for the local machine as you are effectively logging a new user onto that machine (and of course a local user on another machine would not be able to log onto the local machine).

Cheers.

"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in message news:uf**************@TK2MSFTNGP15.phx.gbl...
Martin,

Have you tried using the machine name in the domain parameter?
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:e9**************@TK2MSFTNGP14.phx.gbl...
I need to access the scheduler service on a network computer in order to manipulate it remotely from .NET; I have all of the necessary code to perform the manipulation and it works - great - but I am having problems with authentication.

I have tried using LogonUser and this works fine with a domain account, however it is not possible to use this with an account that is defined only on the remote computer - it only works with local or domain accounts.

Any suggestions as to how I can authenticate my connection to the remote PC using a logon and password local to that machine?
Dec 16 '05 #5
IntPtr tokenHandle = new IntPtr(0), duplicateTokenHandle = new IntPtr(0);

bool result = advapi32.LogonUser(userName, domain, password, advapi32.LogonType.Interactive, advapi32.LogonProvider.Default, ref tokenHandle);

LogonType.Interactive = 2, LogonProvider.Default = 0
Sorry; error code is 1326 - "Logon failure: unknown user name or bad password" even though the details are correct (I created the account specifically).
"Willy Denoyette [MVP]" <wi*************@telenet.be> wrote in message news:Ox**************@TK2MSFTNGP15.phx.gbl...
Not accepted is a little vague isn't it? What is the return code of the LogonUser call? Some code would help also.
LogonUser doesn't "log on", it retuns an access token that can be used to access the remote server, so when you specify the credentials, as valid on a remote server, this server 'security system' returns a token that can be used to access the remote server when "impersonating".

Willy.

"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:e7**************@TK2MSFTNGP10.phx.gbl...
I have; it is not accepted.

LogonUser will only work when specifying the local machine name or a domain name that is valid for the local machine as you are effectively logging a new user onto that machine (and of course a local user on another machine would not be able to log onto the local machine).

Cheers.

"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in message news:uf**************@TK2MSFTNGP15.phx.gbl...
Martin,

Have you tried using the machine name in the domain parameter?
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:e9**************@TK2MSFTNGP14.phx.gbl...
I need to access the scheduler service on a network computer in order to manipulate it remotely from .NET; I have all of the necessary code to perform the manipulation and it works - great - but I am having problems with authentication.

I have tried using LogonUser and this works fine with a domain account, however it is not possible to use this with an account that is defined only on the remote computer - it only works with local or domain accounts.

Any suggestions as to how I can authenticate my connection to the remote PC using a logon and password local to that machine?
Dec 16 '05 #6
Have you tried logging in with an account local to the server that has the same username and password as the user on the remote machine and impersonating that instead? My understanding is that this "trick" will work with NTLM in a situation where you can't use domain accounts/Kerberos.

Joe K.

"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:ey**************@TK2MSFTNGP10.phx.gbl...
IntPtr tokenHandle = new IntPtr(0), duplicateTokenHandle = new IntPtr(0);

bool result = advapi32.LogonUser(userName, domain, password, advapi32.LogonType.Interactive, advapi32.LogonProvider.Default, ref tokenHandle);

LogonType.Interactive = 2, LogonProvider.Default = 0
Sorry; error code is 1326 - "Logon failure: unknown user name or bad password" even though the details are correct (I created the account specifically).
"Willy Denoyette [MVP]" <wi*************@telenet.be> wrote in message news:Ox**************@TK2MSFTNGP15.phx.gbl...
Not accepted is a little vague isn't it? What is the return code of the LogonUser call? Some code would help also.
LogonUser doesn't "log on", it retuns an access token that can be used to access the remote server, so when you specify the credentials, as valid on a remote server, this server 'security system' returns a token that can be used to access the remote server when "impersonating".

Willy.

"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:e7**************@TK2MSFTNGP10.phx.gbl...
I have; it is not accepted.

LogonUser will only work when specifying the local machine name or a domain name that is valid for the local machine as you are effectively logging a new user onto that machine (and of course a local user on another machine would not be able to log onto the local machine).

Cheers.

"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in message news:uf**************@TK2MSFTNGP15.phx.gbl...
Martin,

Have you tried using the machine name in the domain parameter?
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:e9**************@TK2MSFTNGP14.phx.gbl...
I need to access the scheduler service on a network computer in order to manipulate it remotely from .NET; I have all of the necessary code to perform the manipulation and it works - great - but I am having problems with authentication.

I have tried using LogonUser and this works fine with a domain account, however it is not possible to use this with an account that is defined only on the remote computer - it only works with local or domain accounts.

Any suggestions as to how I can authenticate my connection to the remote PC using a logon and password local to that machine?
Dec 16 '05 #7
No, interactive will not work. you need to call LogonUser with LOGON32_LOGON_NEW_CREDENTIALS, this logon type returns an access token that will get used to access the network resource while cloning the access token of the current logon user and use this one to access local resources.
Note that this requires W2K or higher.

Willy.

"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:ey**************@TK2MSFTNGP10.phx.gbl...
IntPtr tokenHandle = new IntPtr(0), duplicateTokenHandle = new IntPtr(0);

bool result = advapi32.LogonUser(userName, domain, password, advapi32.LogonType.Interactive, advapi32.LogonProvider.Default, ref tokenHandle);

LogonType.Interactive = 2, LogonProvider.Default = 0
Sorry; error code is 1326 - "Logon failure: unknown user name or bad password" even though the details are correct (I created the account specifically).
"Willy Denoyette [MVP]" <wi*************@telenet.be> wrote in message news:Ox**************@TK2MSFTNGP15.phx.gbl...
Not accepted is a little vague isn't it? What is the return code of the LogonUser call? Some code would help also.
LogonUser doesn't "log on", it retuns an access token that can be used to access the remote server, so when you specify the credentials, as valid on a remote server, this server 'security system' returns a token that can be used to access the remote server when "impersonating".

Willy.

"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:e7**************@TK2MSFTNGP10.phx.gbl...
I have; it is not accepted.

LogonUser will only work when specifying the local machine name or a domain name that is valid for the local machine as you are effectively logging a new user onto that machine (and of course a local user on another machine would not be able to log onto the local machine).

Cheers.

"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in message news:uf**************@TK2MSFTNGP15.phx.gbl...
Martin,

Have you tried using the machine name in the domain parameter?
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:e9**************@TK2MSFTNGP14.phx.gbl...
I need to access the scheduler service on a network computer in order to manipulate it remotely from .NET; I have all of the necessary code to perform the manipulation and it works - great - but I am having problems with authentication.

I have tried using LogonUser and this works fine with a domain account, however it is not possible to use this with an account that is defined only on the remote computer - it only works with local or domain accounts.

Any suggestions as to how I can authenticate my connection to the remote PC using a logon and password local to that machine?
Dec 16 '05 #8
Joe,

This should do as well, but is not needed on W2K or higher (needs the kerberos provider). Much better is to use "split token identity", as provided by using LOGON32_LOGON_NEW_CREDENTIALS as logontype.

Willy.

"Joe Kaplan (MVP - ADSI)" <jo*************@removethis.accenture.com> wrote in message news:%2****************@tk2msftngp13.phx.gbl...
Have you tried logging in with an account local to the server that has the same username and password as the user on the remote machine and impersonating that instead? My understanding is that this "trick" will work with NTLM in a situation where you can't use domain accounts/Kerberos.

Joe K.

"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:ey**************@TK2MSFTNGP10.phx.gbl...
IntPtr tokenHandle = new IntPtr(0), duplicateTokenHandle = new IntPtr(0);

bool result = advapi32.LogonUser(userName, domain, password, advapi32.LogonType.Interactive, advapi32.LogonProvider.Default, ref tokenHandle);

LogonType.Interactive = 2, LogonProvider.Default = 0
Sorry; error code is 1326 - "Logon failure: unknown user name or bad password" even though the details are correct (I created the account specifically).
"Willy Denoyette [MVP]" <wi*************@telenet.be> wrote in message news:Ox**************@TK2MSFTNGP15.phx.gbl...
Not accepted is a little vague isn't it? What is the return code of the LogonUser call? Some code would help also.
LogonUser doesn't "log on", it retuns an access token that can be used to access the remote server, so when you specify the credentials, as valid on a remote server, this server 'security system' returns a token that can be used to access the remote server when "impersonating".

Willy.

"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:e7**************@TK2MSFTNGP10.phx.gbl...
I have; it is not accepted.

LogonUser will only work when specifying the local machine name or a domain name that is valid for the local machine as you are effectively logging a new user onto that machine (and of course a local user on another machine would not be able to log onto the local machine).

Cheers.

"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in message news:uf**************@TK2MSFTNGP15.phx.gbl...
Martin,

Have you tried using the machine name in the domain parameter?
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:e9**************@TK2MSFTNGP14.phx.gbl...
I need to access the scheduler service on a network computer in order to manipulate it remotely from .NET; I have all of the necessary code to perform the manipulation and it works - great - but I am having problems with authentication.

I have tried using LogonUser and this works fine with a domain account, however it is not possible to use this with an account that is defined only on the remote computer - it only works with local or domain accounts.

Any suggestions as to how I can authenticate my connection to the remote PC using a logon and password local to that machine?
Dec 16 '05 #9
Neato, thanks.

I'm still learning what all those flags do.

Joe K.

"Willy Denoyette [MVP]" <wi*************@telenet.be> wrote in message news:O%******************@TK2MSFTNGP15.phx.gbl...
Joe,

This should do as well, but is not needed on W2K or higher (needs the kerberos provider). Much better is to use "split token identity", as provided by using LOGON32_LOGON_NEW_CREDENTIALS as logontype.

Willy.
Dec 16 '05 #10
Thanks very much; that does exactly what I wanted.
"Willy Denoyette [MVP]" <wi*************@telenet.be> wrote in message news:%2***************@tk2msftngp13.phx.gbl...
No, interactive will not work. you need to call LogonUser with LOGON32_LOGON_NEW_CREDENTIALS, this logon type returns an access token that will get used to access the network resource while cloning the access token of the current logon user and use this one to access local resources.
Note that this requires W2K or higher.

Willy.

"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:ey**************@TK2MSFTNGP10.phx.gbl...
IntPtr tokenHandle = new IntPtr(0), duplicateTokenHandle = new IntPtr(0);

bool result = advapi32.LogonUser(userName, domain, password, advapi32.LogonType.Interactive, advapi32.LogonProvider.Default, ref tokenHandle);

LogonType.Interactive = 2, LogonProvider.Default = 0
Sorry; error code is 1326 - "Logon failure: unknown user name or bad password" even though the details are correct (I created the account specifically).
"Willy Denoyette [MVP]" <wi*************@telenet.be> wrote in message news:Ox**************@TK2MSFTNGP15.phx.gbl...
Not accepted is a little vague isn't it? What is the return code of the LogonUser call? Some code would help also.
LogonUser doesn't "log on", it retuns an access token that can be used to access the remote server, so when you specify the credentials, as valid on a remote server, this server 'security system' returns a token that can be used to access the remote server when "impersonating".

Willy.

"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:e7**************@TK2MSFTNGP10.phx.gbl...
I have; it is not accepted.

LogonUser will only work when specifying the local machine name or a domain name that is valid for the local machine as you are effectively logging a new user onto that machine (and of course a local user on another machine would not be able to log onto the local machine).

Cheers.

"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in message news:uf**************@TK2MSFTNGP15.phx.gbl...
Martin,

Have you tried using the machine name in the domain parameter?
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:e9**************@TK2MSFTNGP14.phx.gbl...
I need to access the scheduler service on a network computer in order to manipulate it remotely from .NET; I have all of the necessary code to perform the manipulation and it works - great - but I am having problems with authentication.

I have tried using LogonUser and this works fine with a domain account, however it is not possible to use this with an account that is defined only on the remote computer - it only works with local or domain accounts.

Any suggestions as to how I can authenticate my connection to the remote PC using a logon and password local to that machine?
Dec 19 '05 #11

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Smitro | last post by:
Hi, I'm looking for a Tutorial about Authenticating using PHP and Linux User Accounts. Can some one point me in the right direction? Smitro
3
by: Zeno Lee | last post by:
I'm trying to authenticate a user against a windows network. I want it to work across any kind of windows network from NT 4.0 up to Windows 2003 ADS. So far I've been using DirectoryEntry and...
7
by: Nick Gilbert | last post by:
Hi, As part of a website (ASP.NET) we're creating, we need the ability to store documents with pretty much 'mission critical' security. ie, if the server is completely compromised (eg a...
1
by: mirlisa | last post by:
We have an odd problem. Sometime this morning our classic asp web application stopped authenticating against active directory. This is our only "classic" asp app that authenticates against ad....
1
by: spelunka | last post by:
Hello, does anyone know why one would lose their styles after successfully authenticating against forms auth? I'm using asp.net 2.0 and the page that is being redirected to after authenticating is...
3
by: Ryan Liu | last post by:
Hi, I use Server: Use an endless thread to lisiten to clients requests: while(true) { TcpClient client = myListener.AcceptTcpClient();
1
by: JohnH | last post by:
Hi, In my application which has two or more threads calling web service or just HttpWebRequest I am seeing some HTTP 400 errors retrun in the response. All the calls are going through the same ISA...
2
by: Salad | last post by:
If I work on my app on my standalone, things are always fast. If I have an non-split app on the network it runs fast. If I split the app and have both the front end and backend on the network...
10
by: gary0gilbert | last post by:
An unusual spin to this recurring disk or network error in a Terminal Server environment. Access 2000, Terminal Server 2000, file server is windows 2000. All users have a separate copy of the...
1
by: Ryan Liu | last post by:
Hi, I have a 100 clients/ one server application, use ugly one thread pre client approach. And both side user sync I/O. I frequently see the error on server side(client side code is same, but...
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
0
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
0
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
0
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
0
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
0
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.