-----------------------------------------------------------
New Message on cochindotnet
-----------------------------------------------------------
From: Pradeep
Message 1 in Discussion
Hi, Im trying to programmatically authenticate a user against NT under windows
2000. I use the LogonUser API[advapi32.dll]. Realizing that the call needs TCB
privilege I had set the 'Act as part of the operating system' and added the below
code also
ManagementObject mo = new ManagementObject(new ManagementPath( ));
mo.Scope.Options.EnablePrivileges = true;
Still its giving the problem as given below.
LogonUser failed with error code: 1314
ps: it works on my machine (windows xp pro)
Any feedback will greatly appreciated. Below given is the full code which i written
in C# using System;
using System.Security.Principal;
using System.Configuration;
using System.Runtime.InteropServices;
using System.Text;
using System.Collections;
using System.Management;
namespace Research
{
public enum LogonType : int
{
LOGON32_LOGON_INTERACTIVE = 2,
LOGON32_LOGON_NETWORK = 3,
LOGON32_LOGON_BATCH = 4,
LOGON32_LOGON_SERVICE = 5,
LOGON32_LOGON_UNLOCK = 7,
LOGON32_LOGON_NETWORK_CLEARTEXT = 8, // Only for Win2K or higher
LOGON32_LOGON_NEW_CREDENTIALS = 9 // Only for Win2K or higher
}; public enum LogonProvider : int
{
LOGON32_PROVIDER_DEFAULT = 0,
LOGON32_PROVIDER_WINNT35 = 1,
LOGON32_PROVIDER_WINNT40 = 2,
LOGON32_PROVIDER_WINNT50 = 3
}
; /// <summary>
/// Summary description for WinImpersonization.
/// </summary>
public class WinImpersonization
{
public WinImpersonization()
{
//
// TODO: Add constructor logic here
//
}
private static string user;
private static string domain;
private static string password;
static WinImpersonization()
{
string impersonateUser = ConfigurationSettings.AppSettings["impersonateUser"] ;
if (impersonateUser != null)
{
string[] details = impersonateUser.Split(',');
user = details[0];
domain = details[1];
password = details[2];
}
} public static WindowsIdentity GetIdentity()
{
ManagementObject mo = new ManagementObject(new ManagementPath( ));
mo.Scope.Options.EnablePrivileges = true;
IntPtr tokenHandle = IntPtr.Zero;
// Call LogonUser to obtain a handle to an access token.
bool returnValue =
LogonUser(user,domain,password,(int)LogonType.LOGON32_LOGON_INTERACTIVE
,(int)LogonProvider.LOGON32_PROVIDER_DEFAULT,ref tokenHandle);
if (false == returnValue)
{
int ret = Marshal.GetLastWin32Error();
throw new Exception("LogonUser failed with error code: " + ret);
}
System.Diagnostics.Debug.WriteLine("Created user token: " + tokenHandle);
//The WindowsIdentity class makes a new copy of the token.
//It also handles calling CloseHandle for the copy.
WindowsIdentity id = new WindowsIdentity(tokenHandle);
CloseHandle(tokenHandle);
return id;
} [DllImport("advapi32.dll", SetLastError=true)]
private static extern bool LogonUser(String lpszUsername, String lpszDomain, String
lpszPassword,
int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
private extern static bool CloseHandle(IntPtr handle);
}
}
Thanks and Regards, Pradeep kumar C
-----------------------------------------------------------
To stop getting this e-mail, or change how often it arrives, go to your E-mail
Settings.
http://groups.msn.com/cochindotnet/_emailsettings.msnw
Need help? If you've forgotten your password, please go to Passport Member Services.
http://groups.msn.com/_passportredir.msnw?ppmprop=help
For other questions or feedback, go to our Contact Us page.
http://groups.msn.com/contact
If you do not want to receive future e-mail from this MSN group, or if you received
this message by mistake, please click the "Remove" link below. On the pre-addressed
e-mail message that opens, simply click "Send". Your e-mail address will be deleted
from this group's mailing list.
mailto:[EMAIL PROTECTED]
