Answered by:
Impersonate user conundrum

Question
-
Hi
I'm using VS c++ 2010 on an xp sp3 pc.
Script 1
When I write a simple console application to test impersonation:
...
using namespace System::Runtime::InteropServices;
using namespace System::Security::Principal;
using namespace System::Security::Permissions;
[DllImport("advapi32.dll",SetLastError=true)]
bool LogonUser( String^ lpszUsername, String^ lpszDomain, String^ lpszPassword, int dwLogonType, int dwLogonProvider, IntPtr * phToken );
[DllImport("kernel32.dll",CharSet=CharSet::Auto)]
bool CloseHandle( IntPtr handle );void impersonate() {
IntPtr tokenHandle = IntPtr(0);
String^ userName = "xxx";
String^ domainName = "yyy";
String^ password = "zzz";
//This parameter causes LogonUser to create a primary token.
//const int LOGON32_PROVIDER_DEFAULT = 0;
//const int LOGON32_LOGON_INTERACTIVE = 2;
const int SecurityImpersonation = 2;
tokenHandle = IntPtr::Zero;
// Call LogonUser to obtain a handle to an access token.
bool returnValue = LogonUser( userName, domainName, password, 2, 0, &tokenHandle );
Console::WriteLine( "LogonUser called." );
if ( false == returnValue )
{
int ret = Marshal::GetLastWin32Error();
Console::WriteLine( "LogonUser failed with error code : {0}", ret );
throw gcnew System::ComponentModel::Win32Exception( ret );
}
Console::WriteLine( "Did LogonUser Succeed? {0}", (returnValue ? (String^)"Yes" : "No") );
Console::WriteLine( "Value of Windows NT token: {0}", tokenHandle );
// Check the identity.
Console::WriteLine( "Before impersonation: {0}", WindowsIdentity::GetCurrent()->Name );
// The token that is passed to the following constructor must
// be a primary token in order to use it for impersonation.
WindowsIdentity^ newId = gcnew WindowsIdentity( tokenHandle );
WindowsImpersonationContext^ impersonatedUser = newId->Impersonate();
// Check the identity.
Console::WriteLine( "After impersonation: {0}", WindowsIdentity::GetCurrent()->Name );
// Stop impersonating the user.
impersonatedUser->Undo();
// Check the identity.
Console::WriteLine( "After Undo: {0}", WindowsIdentity::GetCurrent()->Name );
// Free the tokens.
if ( tokenHandle != IntPtr::Zero ) CloseHandle( tokenHandle );
Console::ReadLine();
}int main()
{
impersonate();}
This works just fine.
Script 2
When I put the above code into a clr form script, the form appears and then this error message::
An unhandled exception of type 'System.ComponentModel.Win32Exception' occurred in Login.exe
Additional information: Logon failure: unknown user name or bad passwordCan someone suggest where I'm going wrong please? Don't have any more hair to pull out.
Thanks
- Edited by nz556 Monday, October 17, 2011 5:09 AM
Monday, October 17, 2011 5:08 AM
Answers
-
Think I've found my mistake. Needed:
bool returnValue = LogonUser(userName, domainName, password, 9, 0, &tokenHandle);
i.e LOGON32_LOGON_NEW_CREDENTIALS = 9
Ignore my request for help - for now at least.
Tuesday, October 18, 2011 5:25 AM
All replies
-
Think I've found my mistake. Needed:
bool returnValue = LogonUser(userName, domainName, password, 9, 0, &tokenHandle);
i.e LOGON32_LOGON_NEW_CREDENTIALS = 9
Ignore my request for help - for now at least.
Tuesday, October 18, 2011 5:25 AM -
Hi,
I'm glad to hear that you have resolved your issue and thanks for sharing your solution here.
Best Regards,
Rob
Rob Pan [MSFT]
MSDN Community Support | Feedback to us
Get or Request Code Sample from Microsoft
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
Wednesday, October 19, 2011 2:36 AM -
Hi again
At work now and sadly my initial thoughts are wrong. The original posting still stands. In summary:
I'm running a login script. Form loads and I'm trying to create an impersonation on the XP PC so the user has additional rights,. Using Dot net4, SP3.
impersonation works in a simple console application run on the PC.
When I embed the same code in a managed c++ script I get:
A first chance exception of type 'System.ComponentModel.Win32Exception' occurred in Login.exe
An unhandled exception of type 'System.ComponentModel.Win32Exception' occurred in Login.exe
Additional information: Logon failure: unknown user name or bad password
The program '[6312] Login.exe: Managed (v4.0.30319)' has exited with code 1073807364 (0x40010004).bool returnValue = LogonUser(userName, domainName, password, 2, 0, &tokenHandle); // - no success managed script
bool returnValue = LogonUser(userName, domainName, password, 2, 0, &tokenHandle); // - OK console script
At the point of screaming.Help much appreciated.
- Edited by nz556 Friday, October 21, 2011 1:13 AM
Friday, October 21, 2011 1:12 AM