Hi,

We are using Windows APIs to impersonate a user in an application that runs as a service. The service under which the application is running is started with Logon as Local System Account.

The Local System account has all the privileges required for impersonation. After providing correct credentials, the application is able to logon as a service and do successful impersonation.

However, if the password passed to LogonUser() API is incorrect, the call is blocked/hanging. It is expected that the API returns failure but it should not hang. Is this a known issue or is something wrong?

We are using OS: Windows XP

Here are the details for impersonation-

For impersonation we are calling LogonUser() API

LogonUser(mailbox,domain,m_szPassword,
LOGON32_LOGON_SERVICE,
LOGON32_PROVIDER_DEFAULT,
&hToken))

Steps followed for impersonation are as follows-

1. LookupPrivilegeValue for SE_TCB_NAME
2. OpenProcessToken
3. AdjustTokenPrivileges
4. LogonUser
5. LoadUserProfile
6. ImpersonateLoggedOnUser

Any pointers will be helpful!

Thanks,
Neha