April 16th, 2003, 04:18 AM
Can somebody tell me how to use LogonUser API with C#?
I tried using the following code, but it gave an error.
Thanks in advance.
public class Class1
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, out int phToken);
public static extern int GetLastError();
public static void Main(string args)
// The Windows NT user token.
// Get the user token for the specified user, machine, and password using the unmanaged LogonUser method.
bool loggedOn = LogonUser(
// User name.
// Computer name.
// Logon type = LOGON32_LOGON_NETWORK.
// Logon provider = LOGON32_PROVIDER_DEFAULT.
// The user token for the specified user is returned here.
// Call GetLastError to try to determine why logon failed if it did not succeed.
int ret = GetLastError();
Console.WriteLine("LogonUser Success? " + loggedOn);
Console.WriteLine("NT Token Value: " + token1);
if (ret != 0) Console.WriteLine("Error code (126 == \"Specified module could not be found\"): " + ret);
//Starting impersonation here:
WindowsIdentity mWI1 = WindowsIdentity.GetCurrent();
IntPtr token2 = new IntPtr(token1);
Console.WriteLine("\n\nNew identity created:\n");
WindowsIdentity mWI2 = new WindowsIdentity(token2);
// Impersonate the user.
WindowsImpersonationContext mWIC = mWI2.Impersonate();
WindowsIdentity mWI3 = WindowsIdentity.GetCurrent();
// Revert to previous identity.
Console.WriteLine("\n\nAfter impersonation is reverted:\n");
WindowsIdentity mWI4 = WindowsIdentity.GetCurrent();
April 16th, 2003, 09:00 AM
Didn't read the whole code so I am just a guessing now...
I suppose, you run this code on Win2k machine under the call-context of some logged on user... If so, the LogonUser function will probably fail and GetLastError() function returns you error ERROR_PRIVILEGE_NOT_HELD.
LogonUser function requires the SE_TCB_NAME privilege. Processes those are running under the local-system account have this privilege set by default. But processes those are running under the context of some user do not have it. You have to grant this privilege to the process explicitelly. If you don't know how, just have a look at the "Enabling and Disabling Privileges" in MSDN.
If this is the case, just add to your application code that will grant this privilege to the application's process before you call LogonUser() function.
If this is not the case, let me know and I will look at the code in more details...
April 16th, 2003, 02:30 PM
The error is,
"Unable to impersonate user"
which means that it din't succeed in impersonating the identity.
a.) I think there's also an Impersonate User" privilege, or something like it.
b.) As I recall, the token a process is originally given has a minimal set of rights.
What you need to do is enable the privilege on the token. If you don't
have that privilege, an error will occur.
check the following link,
MSDN - Impersonate
- Software Architect
April 16th, 2003, 08:33 PM
For me the error is
"Error code (126 == "Specified module could not be found"
which is nothing but the error trapped in the program. I am sure this means that the dll/function is not found.
I am using a WIN2K machine. The advapi32.dll is present in C:\WINNT\SYSTEM32.
So the path name is correct.
Thanks for your responses.
April 17th, 2003, 02:40 AM
April 17th, 2003, 02:52 AM
Sorry about that Martin! The return value ret is 126.(Equal to the value that is being displayed)
April 17th, 2003, 03:14 AM
Yes man.. I try it and I see it...
And the strange is that the same code is running if it is a windows service... I don't understand it know, however when I have a time, I will look on it...
April 18th, 2003, 09:25 PM
Thanks Martin! I appreciate your help!
June 20th, 2013, 10:13 AM
Click Here to Expand Forum to Full Width