C# Signature:
[DllImport("advapi32.dll", SetLastError=true)]
public static extern bool LogonUser(
string lpszUsername,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
out IntPtr phToken
);
VB .NET Signature:
Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As String, _
ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Integer, _
ByVal dwLogonProvider As Integer, ByRef phToken As IntPtr) As Integer
User-Defined Types:
None.
Notes:
See MSDN docs for description of various logon types etc.
Tips & Tricks:
When invoking this code from ASP.NET on Windows 2000, you may need to add the "Act as part of operating system" privilege to the ASPNET user account to make it work. See the note at the bottom of http://support.microsoft.com/default.aspx?scid=kb;EN-US;q306158 for this information. Also, after doing this, you may need to reset IIS to make the change in privileges take effect.
Sample Code:
const int LOGON32_LOGON_INTERACTIVE = 2;
const int LOGON32_LOGON_NETWORK = 3;
const int LOGON32_LOGON_BATCH = 4;
const int LOGON32_LOGON_SERVICE = 5;
const int LOGON32_LOGON_UNLOCK = 7;
const int LOGON32_LOGON_NETWORK_CLEARTEXT = 8;
const int LOGON32_LOGON_NEW_CREDENTIALS = 9;
const int LOGON32_PROVIDER_DEFAULT = 0;
IntPtr hToken;
IntPtr hTokenDuplicate;
if (LogonUser(username, domain, password,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, out hToken))
{
if (DuplicateToken(hToken, 2, out hTokenDuplicate))
{
WindowsIdentity windowsIdentity = new WindowsIdentity(hTokenDuplicate);
WindowsImpersonationContext impersonationContext = windowsIdentity.Impersonate();
// ...
impersonationContext.Undo();
}
}
if (hToken != IntPtr.Zero) CloseHandle(hToken);
if (hTokenDuplicate != IntPtr.Zero) CloseHandle(hTokenDuplicate);
Alternative Managed API:
TODO
