I am having a problem using LogonUser from vb.net to authenticate a user. I am using the LogonType of "LOGON32_LOGON_NETWORK" (3). The documentation specifies to use this option for simple authentication and that it does not cache credentials.
The problem I am having is if a user has just changed their password, they can login using either the old password or the new password.
What LogonType is correct for doing a simple authentication?
Here is the code I am currently using:
Public Shared Function login(ByVal domain As String, ByVal userid As String, ByVal pwd As String, ByVal logonType As Integer, ByRef errorMessage As String) As Boolean
'The Windows NT user token.
Dim token As IntPtr = IntPtr.Zero
Dim LOGON32_PROVIDER_DEFAULT As Integer = 0
'Get the user token for the specified user, machine, and password using the unmanaged LogonUser method.
If LogonUserA(userid, domain, pwd, logonType, LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If Not token.Equals(IntPtr.Zero) Then
CloseHandle(token)
End If
Return True
End If
'Call GetLastError to try to determine why logon failed if it did not succeed.
Dim ret As Integer = GetLastError()
Select Case ret
Case 1326
errorMessage = "Logon failure: unknown user name or bad password."
Case 1331
errorMessage = "Logon failure: account currently disabled."
Case 1330
errorMessage = "Logon failure: the specified account password has expired."
Case 1907
errorMessage = "The user's password must be changed before logging on the first time."
Case 1909
errorMessage = "The referenced account is currently locked out and may not be logged on to."
Case Else
errorMessage = "Logon failure: unknown code = " & ret
End Select
If Not token.Equals(IntPtr.Zero) Then
CloseHandle(token)
End If
Return False
End Function