CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 9 of 9

Thread: Logonuser

  1. #1
    Join Date
    Jan 2002
    Location
    TamilNadu, India
    Posts
    158

    Logonuser

    Can somebody tell me how to use LogonUser API with C#?

    I tried using the following code, but it gave an error.

    Code:
    using System;
    using System.Runtime.InteropServices;
    using System.Security.Principal;
    using System.Security.Permissions;
    
    [assembly:SecurityPermissionAttribute(SecurityAction.RequestMinimum, UnmanagedCode=true)]
    public class Class1
    {
    	[DllImport("C:\\WINNT\\System32\\advapi32.dll")]
    	public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, 
    		int dwLogonType, int dwLogonProvider, out int phToken);
    
    	[DllImport("C:\\WINNT\\System32\\Kernel32.dll")]
    	public static extern int GetLastError();
    
    	public static void Main(string[] args)
    	{   
    		// The Windows NT user token.
    		int token1;                     
    
    		// Get the user token for the specified user, machine, and password using the unmanaged LogonUser method.
    
    		bool loggedOn = LogonUser(
    			// User name.
    			"Username",    
    
    			// Computer name.
    			"Domain",    
    
    			// Password.
    			"Password",   
    
    			// Logon type = LOGON32_LOGON_NETWORK.
    			2,   
    
    			// Logon provider = LOGON32_PROVIDER_DEFAULT.
    			0,    
    
    			// The user token for the specified user is returned here.
    			out token1);            
          
    		Console.WriteLine("LogonUser called");
                
    		// Call GetLastError to try to determine why logon failed if it did not succeed.
    		int ret = GetLastError();
          
    		Console.WriteLine("LogonUser Success? " + loggedOn);
    		Console.WriteLine("NT Token Value: " + token1);
    		if (ret != 0) Console.WriteLine("Error code (126 == \"Specified module could not be found\"): " + ret);
          
    		//Starting impersonation here:
    		Console.WriteLine("\n\nBefore impersonation:\n");
    		WindowsIdentity mWI1 = WindowsIdentity.GetCurrent();
    		Console.WriteLine(mWI1.Name);
    		Console.WriteLine(mWI1.Token);
    
    		IntPtr token2 = new IntPtr(token1);
    
    		Console.WriteLine("\n\nNew identity created:\n");
    		WindowsIdentity mWI2 = new WindowsIdentity(token2);
    		Console.WriteLine(mWI2.Name);
    		Console.WriteLine(mWI2.Token);
    
    		// Impersonate the user.
    		WindowsImpersonationContext mWIC = mWI2.Impersonate();   
    
    		Console.WriteLine("\n\nAfter impersonation:\n");
    		WindowsIdentity mWI3 = WindowsIdentity.GetCurrent();
    		Console.WriteLine(mWI3.Name);
    		Console.WriteLine(mWI3.Token);
    
    		// Revert to previous identity.
    		mWIC.Undo();
    
    		Console.WriteLine("\n\nAfter impersonation is reverted:\n");
    		WindowsIdentity mWI4 = WindowsIdentity.GetCurrent();
    		Console.WriteLine(mWI4.Name);
    		Console.WriteLine(mWI4.Token);
    	}
    }
    Thanks in advance.
    Muthu

  2. #2
    Join Date
    Dec 2000
    Location
    Slovakia
    Posts
    1,043
    Didn't read the whole code so I am just a guessing now...

    I suppose, you run this code on Win2k machine under the call-context of some logged on user... If so, the LogonUser function will probably fail and GetLastError() function returns you error ERROR_PRIVILEGE_NOT_HELD.

    LogonUser function requires the SE_TCB_NAME privilege. Processes those are running under the local-system account have this privilege set by default. But processes those are running under the context of some user do not have it. You have to grant this privilege to the process explicitelly. If you don't know how, just have a look at the "Enabling and Disabling Privileges" in MSDN.

    If this is the case, just add to your application code that will grant this privilege to the application's process before you call LogonUser() function.

    If this is not the case, let me know and I will look at the code in more details...

    Martin

  3. #3
    Join Date
    Nov 2002
    Location
    Singapore
    Posts
    1,890
    The error is,

    "Unable to impersonate user"

    which means that it din't succeed in impersonating the identity.

    a.) I think there's also an Impersonate User" privilege, or something like it.

    b.) As I recall, the token a process is originally given has a minimal set of rights.

    What you need to do is enable the privilege on the token. If you don't
    have that privilege, an error will occur.

    check the following link,
    MSDN - Impersonate

    thanks
    Paresh
    - Software Architect

  4. #4
    Join Date
    Jan 2002
    Location
    TamilNadu, India
    Posts
    158
    For me the error is
    "Error code (126 == "Specified module could not be found"

    which is nothing but the error trapped in the program. I am sure this means that the dll/function is not found.

    I am using a WIN2K machine. The advapi32.dll is present in C:\WINNT\SYSTEM32.

    So the path name is correct.

    Any clues??

    Thanks for your responses.
    Muthu

  5. #5
    Join Date
    Dec 2000
    Location
    Slovakia
    Posts
    1,043
    You use this statements to let user know that the error occured:
    Code:
    Console.WriteLine("Error code (126 == \"Specified module could not be found\"): " + ret);
    What is the value of ret? That is important!

    It doesn't mean that dll function is not found... You didn't post the value of ret... I am sure, the value is equal to ERROR_PRIVILEGE_NOT_FOUND which is value 1314.

    If you run the program on the same machine where it is compiled, the error cannot be "dll function not found". I am pretty sure, because you are not able to compile such program when it cant find the dll...

    So, post the value of ret (return value of GetLastError) after the call to LogonUser. Then you will see, I am right...

    Martin

  6. #6
    Join Date
    Jan 2002
    Location
    TamilNadu, India
    Posts
    158
    Sorry about that Martin! The return value ret is 126.(Equal to the value that is being displayed)
    Muthu

  7. #7
    Join Date
    Dec 2000
    Location
    Slovakia
    Posts
    1,043
    Yes man.. I try it and I see it...

    And the strange is that the same code is running if it is a windows service... I don't understand it know, however when I have a time, I will look on it...

    martin

  8. #8
    Join Date
    Jan 2002
    Location
    TamilNadu, India
    Posts
    158
    Thanks Martin! I appreciate your help!
    Muthu

  9. #9
    Join Date
    Apr 2005
    Posts
    1

    Cool Re: Logonuser

    here is a simple full working example:

    http://stackoverflow.com/a/17217167/1944063

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  





Click Here to Expand Forum to Full Width

Featured