pinvoke.net: Edit: secur32.LsaGetLogonSessionData

@msdn=http://search.microsoft.com/search/results.aspx?qu=$$$
@pinvoke=http://pinvoke.net/$$$.htm

Summary: TODO - a short description

!!!!C# Signature:
[DllImport("secur32.dll", SetLastError = false)]
private static extern uint LsaFreeReturnBuffer(IntPtr buffer);

[DllImport("Secur32.dll", SetLastError = false)]
private static extern uint LsaEnumerateLogonSessions(out UInt64 LogonSessionCount, out IntPtr LogonSessionList);

[DllImport("Secur32.dll", SetLastError = false)]
private static extern uint LsaGetLogonSessionData(IntPtr luid, out IntPtr ppLogonSessionData);

[StructLayout(LayoutKind.Sequential)]
private struct LSA_UNICODE_STRING
{
    public UInt16 Length;
    public UInt16 MaximumLength;
    public IntPtr buffer;
}

[StructLayout(LayoutKind.Sequential)]
private struct LUID
{
    public UInt32 LowPart;
    public UInt32 HighPart;
}

[StructLayout(LayoutKind.Sequential)]
private struct SECURITY_LOGON_SESSION_DATA
{
    public UInt32 Size;
    public LUID LoginID;
    public LSA_UNICODE_STRING Username;
    public LSA_UNICODE_STRING LoginDomain;
    public LSA_UNICODE_STRING AuthenticationPackage;
    public UInt32 LogonType;
    public UInt32 Session;
    public IntPtr PSiD;
    public UInt64 LoginTime;
    public LSA_UNICODE_STRING LogonServer;
    public LSA_UNICODE_STRING DnsDomainName;
    public LSA_UNICODE_STRING Upn;
}

private enum SECURITY_LOGON_TYPE : uint
{
    Interactive = 2,    //The security principal is logging on interactively. 
    Network,            //The security principal is logging using a network. 
    Batch,              //The logon is for a batch process. 
    Service,            //The logon is for a service account. 
    Proxy,              //Not supported. 
    Unlock,             //The logon is an attempt to unlock a workstation.
    NetworkCleartext,   //The logon is a network logon with cleartext credentials.
    NewCredentials,     // Allows the caller to clone its current token and specify new credentials for outbound connections. 
    RemoteInteractive,  // A terminal server session that is both remote and interactive.
    CachedInteractive,  // Attempt to use the cached credentials without going out across the network.
    CachedRemoteInteractive, // Same as RemoteInteractive, except used internally for auditing purposes.
    CachedUnlock          // The logon is an attempt to unlock a workstation.
}
!!!!VB Signature:
 Declare Function LsaGetLogonSessionData Lib "secur32.dll" (TODO) As TODO
!!!!User-Defined Types:
None.

!!!!Alternative Managed API:
Do you know one?  Please contribute it!

!!!!Notes:
None.

!!!!Tips & Tricks:
Please add some!

!!!!Sample Code:
 DateTime systime = new DateTime(1601, 1, 1, 0, 0, 0, 0); //win32 systemdate

UInt64 count;
  IntPtr luidPtr = IntPtr.Zero;
  LsaEnumerateLogonSessions(out count, out luidPtr);  //gets an array of pointers to LUIDs

IntPtr iter = luidPtr;      //set the pointer to the start of the array

for (ulong i = 0; i < count; i++)   //for each pointer in the array
  {
      IntPtr sessionData;

LsaGetLogonSessionData(iter, out sessionData);
      SECURITY_LOGON_SESSION_DATA data = (SECURITY_LOGON_SESSION_DATA)Marshal.PtrToStructure(sessionData, typeof(SECURITY_LOGON_SESSION_DATA));

//if we have a valid logon
      if (data.PSiD != IntPtr.Zero)
      {
          //get the security identifier for further use
          System.Security.Principal.SecurityIdentifier sid = new System.Security.Principal.SecurityIdentifier(data.PSiD);
               
          //extract some useful information from the session data struct
          string username = Marshal.PtrToStringUni(data.Username.buffer).Trim();          //get the account username
          string domain =  Marshal.PtrToStringUni(data.LoginDomain.buffer).Trim();        //domain for this account  
          string authpackage = Marshal.PtrToStringUni(data.AuthenticationPackage.buffer).Trim();    //authentication package
                
          SECURITY_LOGON_TYPE secType = (SECURITY_LOGON_TYPE)data.LogonType;
          DateTime time = systime.AddTicks((long)data.LoginTime);                              //get the datetime the session was logged in

//do something with the extracted data, ie, add to a display control....
          listBox1.Items.Add("User: " + username + " *** Domain: " + domain + " *** Login Type: (" + data.LogonType + ") " + secType.ToString() +" *** Login Time: "+time.ToLocalTime().ToString());
   
      }
      iter = (IntPtr)((int)iter + Marshal.SizeOf(typeof(LUID)));  //move the pointer forward
      LsaFreeReturnBuffer(sessionData);   //free the SECURITY_LOGON_SESSION_DATA memory in the struct
  }
  LsaFreeReturnBuffer(luidPtr);   //free the array of LUIDs

Documentation: LsaGetLogonSessionData@msdn on MSDN