I am trying to validate user credentials for a user across untrusted
domains. My application (runs as an NT service (multithreaded)) has to
run on XP / 2K/ 2K3.
Code sample provided on MS site
( http://www.yqcomputer.com/ ) *DOES NOT WORK* (I can pass
in invalid password, function says validated successfully)
I tried using ADSI and the code seems to work (pasted below). But there
is a nagging line on MSDN in the help section for ADsOpenObject
"This function should not be used just to validate user credentials.
For more information about validating user credentials, see Microsoft
Knowledge Base article 180548..."
(points to the sample that does not work)
Any clue/speculation why MS would say this?
hr = ADsOpenObject(strADSPath, strUserName, strPassword,
ADS_USE_DELEGATION , __uuidof(IADs),
hr = pADs->get_ADsPath(&bstrName);