I have found the answer. I record it here in case it helps someone in the future.
While avoiding AD, if you simply want to check if an account exists either locally or in the default domain do this: uint sidSize = 0; uint domainSize = 0; int accountType = 0; bool b1 = LookupAccountName <https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-lookupaccountnamew>(null, user, null, ref sidSize, null, ref domainSize, ref accountType); int err2 = Marshal.GetLastWin32Error(); if (err2 == 0x007a) { *the account exists (insufficient buffer)* } else if (err2 == 0x0534) { *account not found (no mapping)* } else { *some bad error code* } If you want to authenicate an account credentials then call LoginUser <https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-logonuserw>, there are lots of examples. *Greg* On Fri, 24 May 2024 at 09:06, Greg Keogh <gfke...@gmail.com> wrote: > TGIF! > > I just spiced-up an ASP.NET app so that it uses DirectorySearch.FindOne > <https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices.directorysearcher.findone?view=netframework-4.8> > to either verify a login user account exists or to authenticate. It runs > perfectly on my work PC, but when I installed the app in IIS on my test > server it died with *The specified domain either does not exist or could > not be contacted*. I discovered that because my app was running as > NETWORK SERVICE, which isn't a domain user, it can't see the Active > Directory. > > A trap...only domain user accounts can *see* AD. Asking the customer (a > hospital) to create a special account, assign it to the pool and set ACLs > is impractical. My lovely new login feature has hit a roadblock and I'm not > sure of a workaround or alternative. It's a specialist topic, but I thought > I'd ask in here just in case some boffin has suggestions. > > *Greg Keogh* > > P.S. I just remembered that about 15 years ago I used a Win32 Interop to > call LoginUser > <https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-logonusera> > for a similar purpose, but it was for local accounts and I'll need to > research if it works for domain accounts. >
-- ozdotnet mailing list To manage your subscription, access archives: https://codify.mailman3.com/
