-
April 16th, 2003, 04:18 AM
#1
Logonuser
Can somebody tell me how to use LogonUser API with C#?
I tried using the following code, but it gave an error.
Code:
using System;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Security.Permissions;
[assembly:SecurityPermissionAttribute(SecurityAction.RequestMinimum, UnmanagedCode=true)]
public class Class1
{
[DllImport("C:\\WINNT\\System32\\advapi32.dll")]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, out int phToken);
[DllImport("C:\\WINNT\\System32\\Kernel32.dll")]
public static extern int GetLastError();
public static void Main(string[] args)
{
// The Windows NT user token.
int token1;
// Get the user token for the specified user, machine, and password using the unmanaged LogonUser method.
bool loggedOn = LogonUser(
// User name.
"Username",
// Computer name.
"Domain",
// Password.
"Password",
// Logon type = LOGON32_LOGON_NETWORK.
2,
// Logon provider = LOGON32_PROVIDER_DEFAULT.
0,
// The user token for the specified user is returned here.
out token1);
Console.WriteLine("LogonUser called");
// Call GetLastError to try to determine why logon failed if it did not succeed.
int ret = GetLastError();
Console.WriteLine("LogonUser Success? " + loggedOn);
Console.WriteLine("NT Token Value: " + token1);
if (ret != 0) Console.WriteLine("Error code (126 == \"Specified module could not be found\"): " + ret);
//Starting impersonation here:
Console.WriteLine("\n\nBefore impersonation:\n");
WindowsIdentity mWI1 = WindowsIdentity.GetCurrent();
Console.WriteLine(mWI1.Name);
Console.WriteLine(mWI1.Token);
IntPtr token2 = new IntPtr(token1);
Console.WriteLine("\n\nNew identity created:\n");
WindowsIdentity mWI2 = new WindowsIdentity(token2);
Console.WriteLine(mWI2.Name);
Console.WriteLine(mWI2.Token);
// Impersonate the user.
WindowsImpersonationContext mWIC = mWI2.Impersonate();
Console.WriteLine("\n\nAfter impersonation:\n");
WindowsIdentity mWI3 = WindowsIdentity.GetCurrent();
Console.WriteLine(mWI3.Name);
Console.WriteLine(mWI3.Token);
// Revert to previous identity.
mWIC.Undo();
Console.WriteLine("\n\nAfter impersonation is reverted:\n");
WindowsIdentity mWI4 = WindowsIdentity.GetCurrent();
Console.WriteLine(mWI4.Name);
Console.WriteLine(mWI4.Token);
}
}
Thanks in advance.
Muthu
-
April 16th, 2003, 09:00 AM
#2
Didn't read the whole code so I am just a guessing now...
I suppose, you run this code on Win2k machine under the call-context of some logged on user... If so, the LogonUser function will probably fail and GetLastError() function returns you error ERROR_PRIVILEGE_NOT_HELD.
LogonUser function requires the SE_TCB_NAME privilege. Processes those are running under the local-system account have this privilege set by default. But processes those are running under the context of some user do not have it. You have to grant this privilege to the process explicitelly. If you don't know how, just have a look at the "Enabling and Disabling Privileges" in MSDN.
If this is the case, just add to your application code that will grant this privilege to the application's process before you call LogonUser() function.
If this is not the case, let me know and I will look at the code in more details...
Martin
-
April 16th, 2003, 02:30 PM
#3
The error is,
"Unable to impersonate user"
which means that it din't succeed in impersonating the identity.
a.) I think there's also an Impersonate User" privilege, or something like it.
b.) As I recall, the token a process is originally given has a minimal set of rights.
What you need to do is enable the privilege on the token. If you don't
have that privilege, an error will occur.
check the following link,
MSDN - Impersonate
thanks
Paresh
- Software Architect
-
April 16th, 2003, 08:33 PM
#4
For me the error is
"Error code (126 == "Specified module could not be found"
which is nothing but the error trapped in the program. I am sure this means that the dll/function is not found.
I am using a WIN2K machine. The advapi32.dll is present in C:\WINNT\SYSTEM32.
So the path name is correct.
Any clues??
Thanks for your responses.
Muthu
-
April 17th, 2003, 02:40 AM
#5
-
April 17th, 2003, 02:52 AM
#6
Sorry about that Martin! The return value ret is 126.(Equal to the value that is being displayed)
Muthu
-
April 17th, 2003, 03:14 AM
#7
Yes man.. I try it and I see it...
And the strange is that the same code is running if it is a windows service... I don't understand it know, however when I have a time, I will look on it...
martin
-
April 18th, 2003, 09:25 PM
#8
Thanks Martin! I appreciate your help!
Muthu
-
June 20th, 2013, 10:13 AM
#9
Re: Logonuser
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|