Our workstations are not members of the domain our SQL Server is on. (They're not actually on a domain at all – don't ask).
When we use SSMS or anything to connect to the SQL Server, we use RUNAS /NETONLY with DOMAIN\user. Then we type in the password and it launches the program. (RUNAS /NETONLY does not allow you to include the password in the batch file).
So I've got a .NET WinForms app which needs a SQL connection, and the users have to launch it by running a batch file which has the RUNAS /NETONLY command-line and then it launches the EXE.
If the user accidentally launches the EXE directly, it cannot connect to SQL Server.
Right-clicking on the app and using the "Run As…" option doesn't work (presumably because the workstation doesn't really know about the domain).
I'm looking for a way for the application to do the RUNAS /NETONLY functionality internally before it starts anything significant.
Please see this link for a description of how RUNAS /NETONLY works: http://www.eggheadcafe.com/conversation.aspx?messageid=32443204&threadid=32442982
I'm thinking I'm going to have to use LOGON_NETCREDENTIALS_ONLY
with CreateProcessWithLogonW
Best Answer
I know this is an old thread, but it was very useful. I have the exact same situation as Cade Roux, as I wanted /netonly style functionality.
John Rasch's answer works with one small modification!!!
Add the following constant (around line 102 for consistency):
Then change the call to
LogonUser
to useLOGON32_LOGON_NEW_CREDENTIALS
instead ofLOGON32_LOGON_INTERACTIVE
.That's the only change I had to make to get this to work perfectly!!! Thank you John and Cade!!!
Here's the modified code in full for ease of copy/pasting: