Re: Impersonation for accessing network resources?

You should not use LOGON32_LOGON_NETWORK to obtain an access token to access
remote server resources when impersonating, this type of logon token has no
network access.
LOGON32_LOGON_NEW_CREDENTIALS (w2k and up) uses the supplied credentials to
access the remote server, while using your current logon token to access
local resources.

Willy.


"Ben Fidge" <BenFidge@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E6C985C7-7D7C-475A-8DA8-DEB8B4F46059@xxxxxxxxxxxxxxxx
> Found it!!
>
> First of all, I was assuming that LogonUser returned 0 (zero) on success,
> wrongly. Secondly, I changed my code to use LOGON32_LOGON_NEW_CREDENTIALS
> instead of LOGON32_LOGON_NETWORK, and it works a treat.
>
> Thanks for your help Willy.
>
> Ben
>
> "Ben Fidge" wrote:
>
>> Hi Willy,
>>
>> Does LogonUser login the specified user into the local system only, or
>> can
>> it be used to specify credentials when accessing a network resource. I've
>> tried everything you've suggested and it's occured to me that I'm trying
>> to
>> provide credentials for the administrator account of the SERVER where my
>> files are located. I'm owrried I might actually be trying to logon to my
>> local machine using credentials it knows nothing about.
>>
>> Ben
>>
>> "Willy Denoyette [MVP]" wrote:
>>
>> >
>> > "Ben Fidge" <ben.fidge@xxxxxxxxxxxxxxxxxxxxx> wrote in message
>> > news:ebI7rJYAGHA.3780@xxxxxxxxxxxxxxxxxxxxxxx
>> > > Hi Willy,
>> > >
>> > > The domain, account and password are all entered via a Form and not
>> > > hard-coded. I've tried passing all three to LogonUser as seperate
>> > > parameters, to no avail. I've also tried leaving domain param empty
>> > > (not
>> > > null though) and concatenating doman and account together and passing
>> > > them
>> > > in the Account param.
>> > >
>> > > Really starting to frustrate me now.
>> > >
>> > > Ben
>> > >
>> >
>> > I understand your frustration, but you need to make sure that
>> > - the user account string you pass to LogonUser() has the correct
>> > syntax,
>> > that is, it should contain the accountname "accountname" or the
>> > "account@domainname" in UPN format
>> > - the domain name must refer to your account domain if the user name is
>> > NOT
>> > in UPN format, else it must be null or . for local user accounts or the
>> > remote machine name for non local/non domain accounts.
>> > So in your case the call could look like :
>> >
>> > LogonUser("Administrator", "YourDomainName", "YourAdminsPwd",...);
>> >
>> > Willy.
>> >
>> >
>> >
>> >


.

Relevant Pages

  • Re: Why all the Israeli/Jew-hatred?
    ... I see no point in posting my credentials here. ... You said "a net drain on world resources". ... producing or consuming resources, ... If their land had not been stolen none of this would have started. ...
    (uk.politics.misc)
  • Re: Multiple domains
    ... and I have the same problem for the home resources. ... > connected via Checkpoint's SecureRemote (because I can ping them and get ... credentials from that domain at connection time. ...
    (microsoft.public.windows.server.active_directory)
  • Re: A services threads outgoing security:how to manage?
    ... your current process runs as "BOB" and you call LogonUser specifying ... ALICE's credentials, after impersonating local resources will be accessed ... using BOB's token while remote resources will be accessed using ALICE's ...
    (microsoft.public.security)
  • Re: A services threads outgoing security:how to manage?
    ... your current process runs as "BOB" and you call LogonUser specifying ... ALICE's credentials, after impersonating local resources will be accessed ... using BOB's token while remote resources will be accessed using ALICE's ...
    (microsoft.public.dotnet.security)
  • Re: Nesting domain groups under local groups
    ... access the other domain's file sharing resources, ... across the network with other users in this application. ... laptop/computer, using cached credentials, you can then connect to resources ... If the user disconnects ...
    (microsoft.public.windowsxp.security_admin)