Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C# Impersonation
Hello Everybody
 
I'm writing an application that allows to impersonate a user if required.
However, the impersonation keeps failing with message: "Logon failure: unknown user name or bad password".
Even the error sounds pretty clear, it can't be the case, cause the credentials are valid and I'm able to logon to the domain using the given credentials. I also tried different examples, which return the same error
 
MSDN Example[^]
or
A Complete Impersonation Demo in C#.NET[^]
or
User Impersonation in .NET[^]
 
Can anybody point-out what I'm doing wrong? The machine I'm testing on it not joined to any domain though. Could that be the problem?
 
Here's the code I'm using:
 
public Impersonation(string domain, string username, string password, LogonType LOGON_TYPE, LogonProvider LOGON_PROVIDER)
        {
            bool ok = LogonUser(username, domain, password, (int)LOGON_TYPE, (int)LOGON_PROVIDER, out this._handle);
            if (!ok)
            {
                int ret = Marshal.GetLastWin32Error();
                throw new System.ComponentModel.Win32Exception(ret);
            }
 
            this._context = WindowsIdentity.Impersonate(this._handle.DangerousGetHandle());
        }
 
        public void Dispose()
        {
            this._context.Dispose();
            this._handle.Dispose();
        }
 
        [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
        private static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, out SafeTokenHandle phToken);
The calling method:
try
            {
                _slImpersonation = new Impersonation(tbx_Domain.Text, tbx_UserName.Text, tbx_Password.Text, LogonType.LOGON32_LOGON_INTERACTIVE, LogonProvider.LOGON32_PROVIDER_DEFAULT);
                toolStripStatusLabel1.Text = "Impersonation succeeded";
                _slImpersonation.Dispose();
                _slImpersonation = null;
            }
            catch (Exception exp)
            {
                toolStripStatusLabel1.Text = "Impersonation failed";
                MessageBox.Show(this, exp.Message, "Error", MessageBoxButtons.OK);
                _slImpersonation = null;
                toolStripStatusLabel1.Text = "";
            }
 
Can anybody explain why this keeps failing although the credentials are valid?
 
Thanks very much for your answers
Posted 4-Feb-13 4:20am
Edited 4-Feb-13 6:31am
v3
Comments
CHill60 at 4-Feb-13 10:50am
   
For a starter - put a breakpoint on bool ok = LogonUser(username, domain, password, (int)LOGON_TYPE, (int)LOGON_PROVIDER, out this._handle); and run in debug mode. Check that the user details are really what you think they are
genese1977 at 4-Feb-13 10:57am
   
Hi CHill60, I did that again, to verify and yes the credentials are as they should be. I also tried another set which also fails.
Interesting enough if I change the calling method to
_slImpersonation = new Impersonation(tbx_Domain.Text, tbx_UserName.Text, tbx_Password.Text, LogonType.LOGON32_LOGON_NEW_CREDENTIALS, LogonProvider.LOGON32_PROVIDER_DEFAULT);
it always succeeds even when providing wrong credentials. This is really wired.
CHill60 at 4-Feb-13 12:05pm
   
Agree it's weird! Also agree with Marco - well formed question. This might come down to some environment "feature" ... what platform are you running on?
Marco Bertschi at 4-Feb-13 11:22am
   
Eventhough I don't know the answer, I like to congrat you because of the good formatted question which has a good code sample!
genese1977 at 4-Feb-13 12:22pm
   
Thanks for the compliment guys!
@CHill60: This might come down to some environment "feature"
Well this is an Microsoft active directory. ADS is of version 2k8. The machine I'm testing on is not part of any domain but member of "workgroup".
 
Trying to impersonate against a different domain behaves the same. I even ran the application as local administrator and it still failed. This thing is driving me nuts :)
 
Is there additional logging one could turn on to better troubleshoot this issue?
Thanks very much for you help.
Zoltán Zörgő at 4-Feb-13 12:25pm
   
Makes little sense, but try using string scalar type instead of String class in the DllImport section. Can happen, that if you don't specify mashal type, the automatic marshaling method is making wrong assumptions. The correct usage is here: http://www.pinvoke.net/default.aspx/advapi32.logonuser
genese1977 at 4-Feb-13 12:35pm
   
Thanks for your hints. I'll read through the link provided and give it a try.
genese1977 at 4-Feb-13 13:13pm
   
- Changing String to string did not change anything
- Following the article provided still throw error 1326
- commenting out
int ret = Marshal.GetLastWin32Error();
throw new System.ComponentModel.Win32Exception(ret)
causes the impersonation to always succeed, even if the credentials are wrong.
I'm really wondering if I should go with unmanaged C++ to solve this (although won't make much sense to me)

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 406
1 Sergey Alexandrovich Kryukov 309
2 CB Sharma 79
3 RyanDev 75
4 PhilLenoir 70
0 Sergey Alexandrovich Kryukov 6,676
1 OriginalGriff 6,056
2 CPallini 2,473
3 Richard MacCutchan 1,697
4 Abhinav S 1,560


Advertise | Privacy | Mobile
Web04 | 2.8.140821.2 | Last Updated 4 Feb 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100