locked
Impersonate user conundrum RRS feed

  • Question

  • Hi

    I'm using VS c++ 2010 on an xp sp3 pc.

    Script 1

    When I write a simple console application to test impersonation:

    ...

    using namespace System::Runtime::InteropServices;
    using namespace System::Security::Principal;
    using namespace System::Security::Permissions;


    [DllImport("advapi32.dll",SetLastError=true)]
    bool LogonUser( String^ lpszUsername, String^ lpszDomain, String^ lpszPassword, int dwLogonType, int dwLogonProvider, IntPtr * phToken );

    [DllImport("kernel32.dll",CharSet=CharSet::Auto)]
    bool CloseHandle( IntPtr handle );

    void impersonate() {
        IntPtr tokenHandle = IntPtr(0);

        String^ userName    = "xxx";
        String^ domainName    = "yyy";
        String^ password    = "zzz";

        //This parameter causes LogonUser to create a primary token.
        //const int LOGON32_PROVIDER_DEFAULT = 0; 
        //const int LOGON32_LOGON_INTERACTIVE = 2;
        const int SecurityImpersonation = 2;
        tokenHandle = IntPtr::Zero;

        // Call LogonUser to obtain a handle to an access token.

        bool returnValue = LogonUser( userName, domainName, password, 2, 0,  &tokenHandle );
        Console::WriteLine( "LogonUser called." );
        if ( false == returnValue )
        {
        int ret = Marshal::GetLastWin32Error();
        Console::WriteLine( "LogonUser failed with error code : {0}", ret );
        throw gcnew System::ComponentModel::Win32Exception( ret );
        }
        Console::WriteLine( "Did LogonUser Succeed? {0}", (returnValue ? (String^)"Yes" : "No") );
        Console::WriteLine( "Value of Windows NT token: {0}", tokenHandle );

        // Check the identity.
        Console::WriteLine( "Before impersonation: {0}", WindowsIdentity::GetCurrent()->Name );

        // The token that is passed to the following constructor must
        // be a primary token in order to use it for impersonation.
        WindowsIdentity^ newId = gcnew WindowsIdentity( tokenHandle );
        WindowsImpersonationContext^ impersonatedUser = newId->Impersonate();

        // Check the identity.
        Console::WriteLine( "After impersonation: {0}", WindowsIdentity::GetCurrent()->Name );

        // Stop impersonating the user.
        impersonatedUser->Undo();

        // Check the identity.
        Console::WriteLine( "After Undo: {0}", WindowsIdentity::GetCurrent()->Name );

        // Free the tokens.
        if ( tokenHandle != IntPtr::Zero ) CloseHandle( tokenHandle );

        Console::ReadLine();

    }

    int main()
    {
        impersonate();

    }

    This works just fine.

     

    Script 2

    When I put the above code into a clr form script, the form appears and then this error message::

    An unhandled exception of type 'System.ComponentModel.Win32Exception' occurred in Login.exe

    Additional information: Logon failure: unknown user name or bad password

    Can someone suggest where I'm going wrong please? Don't have any more hair to pull out.

     

    Thanks

     

     

     


    • Edited by nz556 Monday, October 17, 2011 5:09 AM
    Monday, October 17, 2011 5:08 AM

Answers

  • Think I've found my mistake. Needed:

     

    bool returnValue = LogonUser(userName, domainName, password, 9, 0, &tokenHandle);

     

    i.e LOGON32_LOGON_NEW_CREDENTIALS = 9

     

    Ignore my request for help - for now at least.


    • Edited by nz556 Tuesday, October 18, 2011 5:27 AM
    • Marked as answer by nz556 Tuesday, October 18, 2011 5:27 AM
    Tuesday, October 18, 2011 5:25 AM

All replies

  • Think I've found my mistake. Needed:

     

    bool returnValue = LogonUser(userName, domainName, password, 9, 0, &tokenHandle);

     

    i.e LOGON32_LOGON_NEW_CREDENTIALS = 9

     

    Ignore my request for help - for now at least.


    • Edited by nz556 Tuesday, October 18, 2011 5:27 AM
    • Marked as answer by nz556 Tuesday, October 18, 2011 5:27 AM
    Tuesday, October 18, 2011 5:25 AM
  • Hi,

     

    I'm glad to hear that you have resolved your issue and thanks for sharing your solution here.

     

    Best Regards,

    Rob


    Rob Pan [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Wednesday, October 19, 2011 2:36 AM
  • Hi again

    At work now and sadly my initial thoughts are wrong. The original posting still stands. In summary:

     

    I'm running a login script. Form loads and I'm trying to create an impersonation on the XP PC so the user has additional rights,. Using Dot net4, SP3.

     

    impersonation works in a simple console application run on the PC.

     

    When I embed the same code in a managed c++ script I get:

     

    A first chance exception of type 'System.ComponentModel.Win32Exception' occurred in Login.exe
    An unhandled exception of type 'System.ComponentModel.Win32Exception' occurred in Login.exe

    Additional information: Logon failure: unknown user name or bad password

    The program '[6312] Login.exe: Managed (v4.0.30319)' has exited with code 1073807364 (0x40010004).

     

    bool returnValue = LogonUser(userName, domainName, password, 2, 0, &tokenHandle); // - no success managed script

     

    bool returnValue = LogonUser(userName, domainName, password, 2, 0, &tokenHandle); // - OK console script

     


    At the point of screaming.

     

    Help much appreciated.

    • Edited by nz556 Friday, October 21, 2011 1:13 AM
    Friday, October 21, 2011 1:12 AM