Add NtlmHelper for NTLM credential validation via LogonUser

Introduced the NtlmHelper static class in the FakeNTLMServer.Common namespace. This class provides a ValidateCredentials method that uses P/Invoke to call the Windows LogonUser API, allowing validation of NTLM credentials and returning a SafeAccessTokenHandle on success. Constants for logon type and provider are included, and token validity is checked.
2026-03-13 10:35:59 +01:00
parent d8c87f25d8
commit ee9f4abc95
1 changed files with 33 additions and 0 deletions
--- a/Common/NtlmHelper.cs
+++ b/Common/NtlmHelper.cs
@@ -0,0 +1,33 @@
+using Microsoft.Win32.SafeHandles;
+using System.Runtime.InteropServices;
+
+namespace FakeNTLMServer.Common
+{
+    public static class NtlmHelper
+    {
+        [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
+        private static extern bool LogonUser(
+            string lpszUsername,
+            string lpszDomain,
+            string lpszPassword,
+            int dwLogonType,
+            int dwLogonProvider,
+            out SafeAccessTokenHandle phToken);
+
+        private const int LOGON32_LOGON_NETWORK = 3;
+        private const int LOGON32_PROVIDER_DEFAULT = 0;
+
+        public static bool ValidateCredentials(string username, string domain, string password, out SafeAccessTokenHandle token)
+        {
+            var success = LogonUser(
+                username,
+                domain,
+                password,
+                LOGON32_LOGON_NETWORK,
+                LOGON32_PROVIDER_DEFAULT,
+                out token);
+
+            return success && token is not null && !token.IsInvalid;
+        }
+    }
+}