LogonUser (advapi32)

allows you to programmatically log a user on. Once done, the application space will take the identity of the newly logged on user.

C# Signature:

public static extern bool LogonUser (String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

VB .NET Signature:

Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, ByRef phToken As IntPtr) As Integer

It is very important to know which LOGON type you need. LOGON_NETWORK will allow access to network resources, while LOGON_INTERACTIVE will not. This will cause you hours of consteration if you don't pay attention to it.

To make this useful, you will also need to implement DuplicateToken.

Sample Code:

const int LOGON32 = 3;

Int16 LOGON32 = 2;

Int16 LOGON32 = 0;

if(LogonUser(userName, domain, passWord, interactiveValue, LOGON32, ref token))


    if(DuplicateToken(token, 2, ref tokenDuplicate))
        tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
        impersonationContext = tempWindowsIdentity.Impersonate();
        if(impersonationContext == null)
            return false;
            return true;
        return false;




    return false;


Windows 2000 needs the SE_TCB_NAME (act as part of the operating system) set to work correctly

