Can somebody tell me how to use LogonUser API with C#?
I tried using the following code, but it gave an error.
public class Class1
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, out int phToken);
public static extern int GetLastError();
public static void Main(string args)
// The Windows NT user token.
// Get the user token for the specified user, machine, and password using the unmanaged LogonUser method.
bool loggedOn = LogonUser(
// User name.
// Computer name.
// Logon type = LOGON32_LOGON_NETWORK.
// Logon provider = LOGON32_PROVIDER_DEFAULT.
// The user token for the specified user is returned here.
// Call GetLastError to try to determine why logon failed if it did not succeed.
int ret = GetLastError();
Console.WriteLine("LogonUser Success? " + loggedOn);
Console.WriteLine("NT Token Value: " + token1);
if (ret != 0) Console.WriteLine("Error code (126 == \"Specified module could not be found\"): " + ret);
Didn't read the whole code so I am just a guessing now...
I suppose, you run this code on Win2k machine under the call-context of some logged on user... If so, the LogonUser function will probably fail and GetLastError() function returns you error ERROR_PRIVILEGE_NOT_HELD.
LogonUser function requires the SE_TCB_NAME privilege. Processes those are running under the local-system account have this privilege set by default. But processes those are running under the context of some user do not have it. You have to grant this privilege to the process explicitelly. If you don't know how, just have a look at the "Enabling and Disabling Privileges" in MSDN.
If this is the case, just add to your application code that will grant this privilege to the application's process before you call LogonUser() function.
If this is not the case, let me know and I will look at the code in more details...
April 16th, 2003, 02:30 PM
The error is,
"Unable to impersonate user"
which means that it din't succeed in impersonating the identity.
a.) I think there's also an Impersonate User" privilege, or something like it.
b.) As I recall, the token a process is originally given has a minimal set of rights.
What you need to do is enable the privilege on the token. If you don't
have that privilege, an error will occur.
For me the error is
"Error code (126 == "Specified module could not be found"
which is nothing but the error trapped in the program. I am sure this means that the dll/function is not found.
I am using a WIN2K machine. The advapi32.dll is present in C:\WINNT\SYSTEM32.
So the path name is correct.
Thanks for your responses.
April 17th, 2003, 02:40 AM
You use this statements to let user know that the error occured:
Console.WriteLine("Error code (126 == \"Specified module could not be found\"): " + ret);
What is the value of ret? That is important!
It doesn't mean that dll function is not found... You didn't post the value of ret... I am sure, the value is equal to ERROR_PRIVILEGE_NOT_FOUND which is value 1314.
If you run the program on the same machine where it is compiled, the error cannot be "dll function not found". I am pretty sure, because you are not able to compile such program when it cant find the dll...
So, post the value of ret (return value of GetLastError) after the call to LogonUser. Then you will see, I am right... :D:D:D
April 17th, 2003, 02:52 AM
Sorry about that Martin! The return value ret is 126.(Equal to the value that is being displayed)
April 17th, 2003, 03:14 AM
Yes man.. I try it and I see it...
And the strange is that the same code is running if it is a windows service... I don't understand it know, however when I have a time, I will look on it...