I am developing a custom credential provider and need to pre-check domain or local user credentials before a MFA operation against Active directory or cached credentials. I am now using LogonUser method to check. It works well in all my situations but i have a small problem, if there is Network available but DC is not available, LogonUser method takes very long time (~45 seconds). Does anyone have idea how can i pass this? Or should i change my validation method?
I think i come up with a solution with help of Alexander's comment. I am using
LogonUser(userName, domain, password, (int)LogonTypes.Network, (int)LogonProviders.WinNT40, ref refToken)
Using LogonTypes.Network and LogonProvider.WinNT40 is faster then I used to try. It takes 12 seconds to authenticate user if DC is unavailable.
Here is my older code
LogonUser(userName, domain, password, (int)LogonTypes.Interactive, (int)LogonProviders.Default, ref refToken)
this was taking 45 seconds to authenticate user if DC unavailable.