locked
Problem with user impersonation RRS feed

  • Question

  • Hi,

       I am writing a c#.net application to execute certain functions under another user context (on the local system). I am using the WinAPI "LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, out IntPtr phToken)" for achieving this.

      Now the problem that I encounter is, I have a local user in my system who does not have any password. The above LogonUser fails when I give lpszPassword as null or "". All the resources in the internet about "LogonUser" assumes it is taking  a password. So I couldn't get any help. Please help me to figure out a way.

    Thank you,

    Aron Sajan Philip



    Tuesday, July 21, 2015 6:31 PM

Answers

  • Hi Aron,

    After some research, if you want to Win32 API LogonUser function to get windows account token, you must supply the correct user name/password, you can call Marshal.GetLastWin32Error to find out why.

    throw new Win32Exception( Marshal.GetLastWin32Error() );

    >>Now the problem that I encounter is, I have a local user in my system who does not have any password.

    Is it possible to impersonate a user without logging him on?

    From above thread, I got a possible solution from SD. I believe you can get some hints from the following reply.

    You can impersonate a user without supplying password by calling ZwCreateToken. See the CreatePureUserToken function in this article: GUI-Based RunAsEx You must be running as an admin (or LocalSystem) for this to work.

    Another technique is to use Windows Subauthentication Packages. This allows you to override windows built-in authentication and allow a LogonUser to succeed even if no password was supplied. See this KB article.

    Best wishes!

    Kristin


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.



    • Edited by Kristin Xie Friday, July 24, 2015 3:01 AM
    • Marked as answer by Kristin Xie Thursday, July 30, 2015 9:54 AM
    Friday, July 24, 2015 2:58 AM

All replies

  • Hi Aron,

    >>I am writing a c#.net application to execute certain functions under another user context (on the local system).

    I suspect you are working Asp.Net project. AM I right? If yes, make sure you have ASP.NET impersonation enabled.

    ASP.NET impersonation problem

    https://support.microsoft.com/en-us/kb/306158

    Best regards,

    Kristin


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Wednesday, July 22, 2015 10:11 AM
  • Hi Kristin,

    I am working on a WPF windows application


    Thursday, July 23, 2015 8:38 PM
  • Hi Kristin,

    I am working on a WPF windows application


    Well it seems to me that you need to use some credentials that are going to allow you to log into the WebAPI service with user-id and psw.

    You need to start asking question in the WebAPI fourm.

    http://forums.asp.net/1246.aspx/1?Web+API

    Thursday, July 23, 2015 9:06 PM
  • Hi Aron,

    After some research, if you want to Win32 API LogonUser function to get windows account token, you must supply the correct user name/password, you can call Marshal.GetLastWin32Error to find out why.

    throw new Win32Exception( Marshal.GetLastWin32Error() );

    >>Now the problem that I encounter is, I have a local user in my system who does not have any password.

    Is it possible to impersonate a user without logging him on?

    From above thread, I got a possible solution from SD. I believe you can get some hints from the following reply.

    You can impersonate a user without supplying password by calling ZwCreateToken. See the CreatePureUserToken function in this article: GUI-Based RunAsEx You must be running as an admin (or LocalSystem) for this to work.

    Another technique is to use Windows Subauthentication Packages. This allows you to override windows built-in authentication and allow a LogonUser to succeed even if no password was supplied. See this KB article.

    Best wishes!

    Kristin


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.



    • Edited by Kristin Xie Friday, July 24, 2015 3:01 AM
    • Marked as answer by Kristin Xie Thursday, July 30, 2015 9:54 AM
    Friday, July 24, 2015 2:58 AM
  • Thank you very much Kristin
    Friday, July 24, 2015 6:23 PM
  • Thank you very much Kristin

    Hi  Aron,

    Currently, I marked my last reply as an answer, you can unmark if no help.

    Have a nice day!


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, July 30, 2015 9:55 AM