Click here to Skip to main content
12,699,308 members (33,547 online)
Rate this:
Please Sign up or sign in to vote.
See more: C# Impersonation
Hello Everybody

I'm writing an application that allows to impersonate a user if required.
However, the impersonation keeps failing with message: "Logon failure: unknown user name or bad password".
Even the error sounds pretty clear, it can't be the case, cause the credentials are valid and I'm able to logon to the domain using the given credentials. I also tried different examples, which return the same error

MSDN Example[^]
A Complete Impersonation Demo in C#.NET[^]
User Impersonation in .NET[^]

Can anybody point-out what I'm doing wrong? The machine I'm testing on it not joined to any domain though. Could that be the problem?

Here's the code I'm using:

public Impersonation(string domain, string username, string password, LogonType LOGON_TYPE, LogonProvider LOGON_PROVIDER)
            bool ok = LogonUser(username, domain, password, (int)LOGON_TYPE, (int)LOGON_PROVIDER, out this._handle);
            if (!ok)
                int ret = Marshal.GetLastWin32Error();
                throw new System.ComponentModel.Win32Exception(ret);

            this._context = WindowsIdentity.Impersonate(this._handle.DangerousGetHandle());

        public void Dispose()

        [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
        private static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, out SafeTokenHandle phToken);

The calling method:
                _slImpersonation = new Impersonation(tbx_Domain.Text, tbx_UserName.Text, tbx_Password.Text, LogonType.LOGON32_LOGON_INTERACTIVE, LogonProvider.LOGON32_PROVIDER_DEFAULT);
                toolStripStatusLabel1.Text = "Impersonation succeeded";
                _slImpersonation = null;
            catch (Exception exp)
                toolStripStatusLabel1.Text = "Impersonation failed";
                MessageBox.Show(this, exp.Message, "Error", MessageBoxButtons.OK);
                _slImpersonation = null;
                toolStripStatusLabel1.Text = "";

Can anybody explain why this keeps failing although the credentials are valid?

Thanks very much for your answers
Posted 4-Feb-13 5:20am
Updated 4-Feb-13 7:31am
CHill60 4-Feb-13 10:50am
For a starter - put a breakpoint on bool ok = LogonUser(username, domain, password, (int)LOGON_TYPE, (int)LOGON_PROVIDER, out this._handle); and run in debug mode. Check that the user details are really what you think they are
genese1977 4-Feb-13 10:57am
Hi CHill60, I did that again, to verify and yes the credentials are as they should be. I also tried another set which also fails.
Interesting enough if I change the calling method to
_slImpersonation = new Impersonation(tbx_Domain.Text, tbx_UserName.Text, tbx_Password.Text, LogonType.LOGON32_LOGON_NEW_CREDENTIALS, LogonProvider.LOGON32_PROVIDER_DEFAULT);
it always succeeds even when providing wrong credentials. This is really wired.
CHill60 4-Feb-13 12:05pm
Agree it's weird! Also agree with Marco - well formed question. This might come down to some environment "feature" ... what platform are you running on?
Marco Bertschi 4-Feb-13 11:22am
Eventhough I don't know the answer, I like to congrat you because of the good formatted question which has a good code sample!
genese1977 4-Feb-13 12:22pm
Thanks for the compliment guys!
@CHill60: This might come down to some environment "feature"
Well this is an Microsoft active directory. ADS is of version 2k8. The machine I'm testing on is not part of any domain but member of "workgroup".

Trying to impersonate against a different domain behaves the same. I even ran the application as local administrator and it still failed. This thing is driving me nuts :)

Is there additional logging one could turn on to better troubleshoot this issue?
Thanks very much for you help.
Zoltán Zörgő 4-Feb-13 12:25pm
Makes little sense, but try using string scalar type instead of String class in the DllImport section. Can happen, that if you don't specify mashal type, the automatic marshaling method is making wrong assumptions. The correct usage is here:
genese1977 4-Feb-13 12:35pm
Thanks for your hints. I'll read through the link provided and give it a try.
genese1977 4-Feb-13 13:13pm
- Changing String to string did not change anything
- Following the article provided still throw error 1326
- commenting out
int ret = Marshal.GetLastWin32Error();
throw new System.ComponentModel.Win32Exception(ret)
causes the impersonation to always succeed, even if the credentials are wrong.
I'm really wondering if I should go with unmanaged C++ to solve this (although won't make much sense to me)

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Mobile
Web02 | 2.8.170118.1 | Last Updated 4 Feb 2013
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100