I understand

Thanks for the info. After a brief look, I think this goes into the "look at this later" category. I'm just going to use SF security for now.

Yes.  If you are going to do this, then you are going to have to program this manually.  As a side note, one thing to keep in mind is that you still need to have SF users to which permissions can be associated. 

We have done this several times, and I will tell you that it is somewhat of a pain to support at times.  But the first thing to look at is the Windows API.  There is a method called LogonUser:

I think this is more of just a generic .NET question, but as it pertains to security, I'm thinking this might be a better place for it.



I'd like to authenticate users using Active Directory (domain authentication), just to ease maintenance (a winforms app). However, almost none of the users will be logged onto the domain or a trusted domain where the Active Directory resides. Most will be logged into there machines, not connected to any domain (they are consultants, on the road, in hotels, etc.) They will use VPN initially to connect to network to access data. I can't use anything that would just pass there authentication certificate (or whatever it is called) for the current user from the OS, because they aren't authenticated on a domain (or it's the wrong domain). So, is there any way to authenticate against a specific domain via .NET?