Re: LSALogonUser Access Denied Error

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 06/23/05 

Date: Wed, 22 Jun 2005 17:17:42 -0500

Can you explain again why you can't call LogonUser? That would definitely
be easier.

Another approach would be to use an SSPI wrapper (InitialSecurityContext) to
do this for you. This is super easy in .NET 2.0 with the NegotiateStream
class but takes a little work in 1.1. However, there are samples that
people have posted that you can probably find.

Joe K.

"B111Gates" <justengland@gmail.com> wrote in message
news:1119471568.399216.35540@z14g2000cwz.googlegroups.com...
I am tring to use LSALogonUser to authenticate my application. The
program requirements dictate that I cannot use LogonUser. I want to be
able to use this on SAM accounts and Active Directory and be able to
access the information from any domain. Thus I feel this is
LSALogonUsers Job(I could be wrong I have been before :)

Anyway I am getting a Access Denied error relevent code below.

'This is my structure
Public Structure MSV1_0_LM20_LOGON
 Public MessageType As MSV1_0_PROTOCOL_MESSAGE_TYPE
 Public LogonDomainName As String
 Public UserName As String
 Public Workstation As String
 Public aryPassword As Char() 'Password
 Public CaseSensitivePassword As String
 Public CaseInsensitivePassword As String
 Public ParameterControl As UInt32
End Structure

'API Call
<System.Security.Permissions.P­­ermissionSetAttribute(System.­S­ecurity.Permissions.Security­Ac­tion.Assert,

Name:="FullTrust", Unrestricted:=True)> _
Declare Auto Function LsaLogonUser Lib "Secur32.dll" _
(ByVal LSA_Handle As IntPtr, _
 ByRef OriginName As LSA_STRING, _
 ByVal LogonType As SecurityLogonType, _
 ByVal AuthenticationPackage As UInt32, _
 ByVal AuthenticationInformation As IntPtr, _
 ByVal AuthenticationInformationLengt­­h As UInt32, _
 ByVal LocalGroups As IntPtr, _
 ByRef SourceContext As TOKEN_SOURCE, _
 ByRef ProfileBuffer As IntPtr, _
 ByRef ProfileBufferLength As UInt32, _
 ByRef logonid As Int64, _
 ByRef Quotas As QUOTA_LIMITS, _
 ByRef SubStatus As UInt16) _
 As UInt16

Public Sub CallMain(ByVal strUserName As String, ByVal strPassword As
String, ByVal strDomain As String)

 'Get a pointer to the above structure
 'Build the MSV1_0_LM20_LOGON structure
 Dim LoginRequest As MSV1_0_LM20_LOGON
 Dim ptrLoginRequest As New IntPtr
 Dim lenLoginRequest As Integer

 lenLoginRequest = Marshal.SizeOf(GetType(MSV1_0_LM20_LOGON))
 ptrLoginRequest = Marshal.AllocCoTaskMem(lenLoginRequest)
 Marshal.StructureToPtr(LoginRequest, ptrLoginRequest, True)

 'Generate the Pointer
 With LoginRequest
  .UserName = strUserName
  .LogonDomainName = strDomain
  .Workstation = Environment.MachineName
  .aryPassword = strPassword.ToCharArray
 'This is MSV1_0_CLEARTEXT_PASSWORD_ALLOWED
 'I will need to change this for production as
 'This sends unsecured passwords.
 'Specifies attributes of the other parameters.
 'This can be one or more of the following flags.
  .ParameterControl = converter.ConvertFromString("2")
  .CaseInsensitivePassword = strPassword
  .CaseSensitivePassword = strPassword
End With

intStatus = Convert.ToInt32(status)
If Not Convert.ToInt32(status) = 0 Or Not Convert.ToInt32(mStatus)
  MsgBox(Convert.ToInt32(status))
  Throw New Win32Exception(Marshal.GetLastWin32Error())
End If

the function returns a access denied error

Relevant Pages

  • LSALogonUser Access Denied Error
    ... I am tring to use LSALogonUser to authenticate my application. ... Public LogonDomainName As String ... ByVal AuthenticationInformation As IntPtr, _ ... ByRef SourceContext As TOKEN_SOURCE, _ ...
    (microsoft.public.platformsdk.security)
  • Declare parameter name start with "p" ?
    ... One reason is that the ByRef or ByVal does not show by InteliSence so the ... (ByVal pPrinterName As String, ByRef phPrinter As IntPtr, ByRef pDefault As ... (ByVal hPrinter As IntPtr, ByVal level As Integer, ByVal pPrinter As IntPtr, ...
    (microsoft.public.dotnet.languages.vb)
  • How to use NetFileEnum with .NET?
    ... Dim fi3_permission As Integer ... Dim fi3_pathname As String ... ByRef entriesread As Integer, _ ... ByVal resume_handle As IntPtr) As Integer ...
    (microsoft.public.dotnet.framework.interop)
  • Help me get a pointer from a structure
    ... Public LogonDomainName As String ... ByVal AuthenticationPackage As UInt32, _ ... ByVal AuthenticationInformation As IntPtr, _ ... ByRef SourceContext As TOKEN_SOURCE, _ ...
    (microsoft.public.dotnet.framework.interop)
  • Re: Issue with pinvoking DeviceIoControl: switching USB function driver at run time
    ... Looks like the string needed to exactly match the WinCE data type _TCHAR ... Marshal.StringToBSTRto get me a IntPtr after allocating a COM-style ... UInt32 dwDesiredAccess, ... uint dwIoControlCode, ...
    (microsoft.public.pocketpc.developer)