Msv1_0SubAuthenticationRoutineEx function (subauth.h)

Performs Remote Access Service authentication when subauthentication is requested by calling the LogonUser function.

The security principal's credentials and information from the Security Accounts Manager (SAM) database are passed to this function for authentication.

This function is implemented by custom subauthentication package DLLs for use with the MSV1_0 authentication package.

This function is called only for a noninteractive authentication, only on the authenticating server where the account resides, and only if a subauthentication DLL is registered under the correct key in the registry.


NTSTATUS Msv1_0SubAuthenticationRoutineEx(
  [in]      NETLOGON_LOGON_INFO_CLASS LogonLevel,
  [in]      PVOID                     LogonInformation,
  [in]      ULONG                     Flags,
  [in]      PUSER_ALL_INFORMATION     UserAll,
  [in]      SAM_HANDLE                UserHandle,
  [in, out] PMSV1_0_VALIDATION_INFO   ValidationInfo,
  [out]     PULONG                    ActionsPerformed


[in] LogonLevel

Specifies the level of information given in the LogonInformation parameter. This parameter is normally set to NetlogonInteractiveInformation.

[in] LogonInformation

A pointer to a NETLOGON_LOGON_IDENTITY_INFO structure. Members of this structure contain information about the user who is logging on. The LogonDomainName member of this structure is ignored.

[in] Flags

Optional. Contains flags that describe the circumstances of the logon. This parameter can be one of the following values.

Value Meaning
Pass-through authentication. The user is not connecting to this computer.
This is a retry of the logon using the GUEST user account.

[in] UserAll

A pointer to a USER_ALL_INFORMATION structure that contains the description of the user as returned from the SAM database.

[in] UserHandle

A handle to the user account.

[in, out] ValidationInfo

A pointer to a MSV1_0_VALIDATION_INFO structure.

[out] ActionsPerformed

The list of actions performed.

Return value

This function must return one of the following values.

Return code Description
There was no error.
The account is disabled.
The account has expired.
The account is locked out.
LogonLevel is not valid.
The user is not authorized to log on to the specified workstation.
The specified user has no account.
The password is expired.
The account is marked to indicate that the password must be changed on the next logon.
The password was not valid.


Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header subauth.h