bool bRet=LogonUser(strUserName, L"", strPassword, LOGON32_LOGON_TYPE_NEW_CREDENTIALS, LOGON32_PROVIDER_WINNT50, &phToken)     
bRet always returns true even if I enter a wrong password when there is no domain. Is there any work around like if I enter a valid password it returns true and false for a wrong password when there is no domain.
I assume that by LOGON32_LOGON_TYPE_NEW_CREDENTIALS you actually mean LOGON32_LOGON_NEW_CREDENTIALS. In which case the behaviour is exactly as would be expected. The documentation for that flag says:
This logon type allows the caller to clone its current token and specify new credentials for outbound connections. The new logon session has the same local identifier but uses different credentials for other network connections.
For local connections, the token that is returned is a clone of the current token. The credentials that you provided are only used for outbound connections. When you attempt such connections, the credentials will be checked at that point and you can expect failure then.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With