From ee9f4abc9502eab96974d21b97a94d35aaf10b37 Mon Sep 17 00:00:00 2001
From: TekH <h.tek@digitaldata.works>
Date: Fri, 13 Mar 2026 10:35:59 +0100
Subject: [PATCH] Add NtlmHelper for NTLM credential validation via LogonUser

Introduced the NtlmHelper static class in the FakeNTLMServer.Common namespace. This class provides a ValidateCredentials method that uses P/Invoke to call the Windows LogonUser API, allowing validation of NTLM credentials and returning a SafeAccessTokenHandle on success. Constants for logon type and provider are included, and token validity is checked.
---
 Common/NtlmHelper.cs | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 Common/NtlmHelper.cs

diff --git a/Common/NtlmHelper.cs b/Common/NtlmHelper.cs
new file mode 100644
index 0000000..9372034
--- /dev/null
+++ b/Common/NtlmHelper.cs
@@ -0,0 +1,33 @@
+using Microsoft.Win32.SafeHandles;
+using System.Runtime.InteropServices;
+
+namespace FakeNTLMServer.Common
+{
+    public static class NtlmHelper
+    {
+        [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
+        private static extern bool LogonUser(
+            string lpszUsername,
+            string lpszDomain,
+            string lpszPassword,
+            int dwLogonType,
+            int dwLogonProvider,
+            out SafeAccessTokenHandle phToken);
+
+        private const int LOGON32_LOGON_NETWORK = 3;
+        private const int LOGON32_PROVIDER_DEFAULT = 0;
+
+        public static bool ValidateCredentials(string username, string domain, string password, out SafeAccessTokenHandle token)
+        {
+            var success = LogonUser(
+                username,
+                domain,
+                password,
+                LOGON32_LOGON_NETWORK,
+                LOGON32_PROVIDER_DEFAULT,
+                out token);
+
+            return success && token is not null && !token.IsInvalid;
+        }
+    }
+}