/// <summary>
        /// Logon a user with a username and password.
        /// </summary>
        /// <param name="user">The username.</param>
        /// <param name="domain">The user's domain.</param>
        /// <param name="password">The user's password.</param>
        /// <param name="type">The type of logon token.</param>
        /// <param name="provider">The Logon provider.</param>
        /// <param name="groups">Additional groups to add. Needs SeTcbPrivilege.</param>
        /// <param name="throw_on_error">True to throw on error.</param>
        /// <returns>The logged on token.</returns>
        public static NtResult <NtToken> LsaLogonUser(string user, string domain, SecureString password, SecurityLogonType type, Logon32Provider provider,
                                                      IEnumerable <UserGroup> groups, bool throw_on_error)
        {
            if (groups is null)
            {
                return(LsaLogonUser(user, domain, password, type, provider, throw_on_error));
            }

            TokenGroupsBuilder builder = new TokenGroupsBuilder();

            foreach (var group in groups)
            {
                builder.AddGroup(group.Sid, group.Attributes);
            }

            using (var group_buffer = builder.ToBuffer())
            {
                using (var pwd = new SecureStringMarshalBuffer(password))
                {
                    return(SecurityNativeMethods.LogonUserExExW(user, domain, pwd, type, provider, group_buffer,
                                                                out SafeKernelObjectHandle token, null, null, null, null)
                           .CreateWin32Result(throw_on_error, () => new NtToken(token)));
                }
            }
        }
        /// <summary>
        /// Logon a user with a username and password.
        /// </summary>
        /// <param name="user">The username.</param>
        /// <param name="domain">The user's domain.</param>
        /// <param name="password">The user's password.</param>
        /// <param name="type">The type of logon token.</param>
        /// <param name="groups">Additional groups to add. Needs SeTcbPrivilege.</param>
        /// <returns>The logged on token.</returns>
        public static NtToken Logon(string user, string domain, string password, SecurityLogonType type, IEnumerable <UserGroup> groups)
        {
            TokenGroupsBuilder builder = new TokenGroupsBuilder();

            foreach (var group in groups)
            {
                builder.AddGroup(group.Sid, group.Attributes);
            }

            using (var group_buffer = builder.ToBuffer())
            {
                if (!Win32NativeMethods.LogonUserExExW(user, domain, password, type, 0, group_buffer,
                                                       out SafeKernelObjectHandle token, null, null, null, null))
                {
                    throw new SafeWin32Exception();
                }
                return(new NtToken(token));
            }
        }