LogonUser (advapi32)
Last changed:

allows you to programmatically log on a user.

C# Signature:

[DllImport("advapi32.dll", SetLastError=true, CharSet=CharSet.Unicode)]
public static extern bool LogonUser(
    string lpszUsername,
    string lpszDomain,
    string lpszPassword,
    LogonType dwLogonType,
    LogonProvider dwLogonProvider,
    [Out]out IntPtr phToken

VB .NET Signature:

Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As String, _
   ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Integer, _
   ByVal dwLogonProvider As Integer, ByRef phToken As IntPtr) As Integer

User-Defined Types:

public enum LogonType : int


    Interactive       = 2,
    Network       = 3,
    Batch         = 4,
    Service       = 5,
    Unlock        = 7,
    NetworkCleartext  = 8,
    NewCredentials    = 9


public enum LogonProvider : int


    Default       = 0,
    WinNT35       = 1,
    WinNT40       = 2,
    WinNT50       = 3



See MSDN docs for description of various logon types etc.

Tips & Tricks:

The DuplicateHandle trick is only needed if you do not have a primary token. This can be avoided by not using LogonType.Network when calling LogonUser.

Sample Code:

IntPtr hToken = IntPtr.Zero;

if(!LogonUser(username, domain, password, LogonType.Interactive, LogonProvider.Default, out hToken))
     throw new Win32Exception(Marshal.GetLastWin32Error());

if(hToken != IntPtr.Zero)

Alternative Managed API:

Do you know one? Please contribute it!

LogonUser on MSDN