C# Signature:

enum LOGON_TYPE
{
     LOGON32_LOGON_INTERACTIVE = 2,
     LOGON32_LOGON_NETWORK = 3,
     LOGON32_LOGON_BATCH = 4,
     LOGON32_LOGON_SERVICE = 5,
     LOGON32_LOGON_UNLOCK = 7,
     LOGON32_LOGON_NETWORK_CLEARTEXT = 8,
     LOGON32_LOGON_NEW_CREDENTIALS = 9
}

VB Signature:

Enum LOGON_TYPE
     LOGON32_LOGON_INTERACTIVE = 2
     LOGON32_LOGON_NETWORK = 3
     LOGON32_LOGON_BATCH = 4
     LOGON32_LOGON_SERVICE = 5
     LOGON32_LOGON_UNLOCK = 7
     LOGON32_LOGON_NETWORK_CLEARTEXT = 8
     LOGON32_LOGON_NEW_CREDENTIALS = 9
End Enum

User-Defined Types:

None.

Notes:

One important thing to note is that in order to use WindowsIdentity.Impersonate(), we need a primary token, so if we go with LOGON32, we'll need to use DuplicateHandle in order to get at the primary token. Since I like to avoid extra work like that, it looks like LOGON32 or LOGON32 would both be more appropriate choices. Selecting between them will depend on the rights that the account we're trying to logon has.

Once your call to LogonUser has gotten you a user token for the user you'd like to impersonate, you can then call WindowsIdentity.Impersonate() and have your thread take over the identity of the Windows user you just logged on.

https://blogs.msdn.microsoft.com/shawnfa/2005/03/21/how-to-impersonate/

Tips & Tricks:

Please add some!

Sample Code:

    // Call LogonUser to get a token for the user
    IntPtr userHandle = IntPtr.Zero();
    bool loggedOn = LogonUser(
        user,
        domain,
        password,
        LogonType.Interactive,
        LogonProvider.Default,
        out userHandle);
    if(!loggedOn)
        throw new Win32Exception(Marshal.GetLastWin32Error());

    // Begin impersonating the user
    WindowsImpersonationContext impersonationContext = WindowsIdentity.Impersonate(userHandle.Token);

    DoSomeWorkWhileImpersonating();

    // Clean up
    CloseHandle(userHandle);
    impersonationContext.Undo();

Alternative Managed API:

Do you know one? Please contribute it!