/// <summary>
/// Logon a user.
/// </summary>
/// <param name="username">The username.</param>
/// <param name="domain">The user's domain.</param>
/// <param name="password">The user's password.</param>
/// <param name="logon_type">The logon token's type.</param>
/// <param name="groups">Optional list of additonal groups to add.</param>
/// <param name="provider">The Logon provider.</param>
/// <returns>The logged on token.</returns>
public static NtToken GetLogonUserToken(string username, string domain, string password, SecurityLogonType logon_type,
Logon32Provider provider, IEnumerable <UserGroup> groups)
{
switch (logon_type)
{
case SecurityLogonType.Batch:
case SecurityLogonType.Interactive:
case SecurityLogonType.Network:
case SecurityLogonType.NetworkCleartext:
case SecurityLogonType.NewCredentials:
case SecurityLogonType.Service:
break;
default:
throw new ArgumentException("Invalid logon type for Logon");
}
if (groups != null)
{
return(LogonUtils.Logon(username, domain, password, logon_type, provider, groups));
}
else
{
return(LogonUtils.Logon(username, domain, password, logon_type, provider));
}
}
internal static extern bool LogonUserExExW(
string lpszUsername,
string lpszDomain,
SecureStringMarshalBuffer lpszPassword,
SecurityLogonType dwLogonType,
Logon32Provider dwLogonProvider,
SafeTokenGroupsBuffer pTokenGroups,
out SafeKernelObjectHandle phToken,
[Out] OptionalPointer ppLogonSid,
[Out] OptionalPointer ppProfileBuffer,
[Out] OptionalPointer pdwProfileLength,
[Out] QUOTA_LIMITS pQuotaLimits
);
internal static extern bool LogonUser(string lpszUsername, string lpszDomain, SecureStringMarshalBuffer lpszPassword, SecurityLogonType dwLogonType,
Logon32Provider dwLogonProvider, out SafeKernelObjectHandle phToken);
public static NtResult <NtToken> Logon(string user, string domain, string password, SecurityLogonType type, Logon32Provider provider,
IEnumerable <UserGroup> groups, bool throw_on_error)
{
return(Win32Security.LsaLogonUser(user, domain, password.ToSecureString(), type, provider, groups, throw_on_error));
}
public static NtToken Logon(string user, string domain, string password, SecurityLogonType type, Logon32Provider provider, IEnumerable <UserGroup> groups)
{
return(Logon(user, domain, password, type, provider, groups, true).Result);
}
public static NtToken Logon(string user, string domain, string password, SecurityLogonType type, Logon32Provider provider)
{
return(Logon(user, domain, password, type, provider, true).Result);
}
/// <summary>
/// Logon a user.
/// </summary>
/// <param name="username">The username.</param>
/// <param name="domain">The user's domain.</param>
/// <param name="password">The user's password.</param>
/// <param name="logon_type">The logon token's type.</param>
/// <param name="groups">Optional list of additonal groups to add.</param>
/// <param name="provider">The Logon provider.</param>
/// <returns>The logged on token.</returns>
public static NtToken GetLogonUserToken(string username, string domain, string password, SecurityLogonType logon_type,
Logon32Provider provider, IEnumerable <UserGroup> groups)
{
return(GetLogonUserToken(username, domain, password, logon_type, provider, groups, true).Result);
}
/// <summary>
/// Logon a user with a username and password.
/// </summary>
/// <param name="user">The username.</param>
/// <param name="domain">The user's domain.</param>
/// <param name="password">The user's password.</param>
/// <param name="type">The type of logon token.</param>
/// <param name="provider">The Logon provider.</param>
/// <param name="groups">Additional groups to add. Needs SeTcbPrivilege.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The logged on token.</returns>
public static NtResult <NtToken> Logon(string user, string domain, string password, SecurityLogonType type, Logon32Provider provider,
IEnumerable <UserGroup> groups, bool throw_on_error)
{
if (groups is null)
{
throw new ArgumentNullException(nameof(groups));
}
TokenGroupsBuilder builder = new TokenGroupsBuilder();
foreach (var group in groups)
{
builder.AddGroup(group.Sid, group.Attributes);
}
using (var group_buffer = builder.ToBuffer())
{
return(SecurityNativeMethods.LogonUserExExW(user, domain, password, type, provider, group_buffer,
out SafeKernelObjectHandle token, null, null, null, null)
.CreateWin32Result(throw_on_error, () => new NtToken(token)));
}
}
/// <summary>
/// Logon a user with a username and password.
/// </summary>
/// <param name="user">The username.</param>
/// <param name="domain">The user's domain.</param>
/// <param name="password">The user's password.</param>
/// <param name="type">The type of logon token.</param>
/// <param name="provider">The Logon provider.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The logged on token.</returns>
public static NtResult <NtToken> Logon(string user, string domain, string password, SecurityLogonType type, Logon32Provider provider, bool throw_on_error)
{
return(SecurityNativeMethods.LogonUser(user, domain, password, type, provider,
out SafeKernelObjectHandle handle).CreateWin32Result(throw_on_error, () => new NtToken(handle)));
}
/// <summary>
/// Logon a user with a username and password.
/// </summary>
/// <param name="user">The username.</param>
/// <param name="domain">The user's domain.</param>
/// <param name="password">The user's password.</param>
/// <param name="type">The type of logon token.</param>
/// <param name="provider">The Logon provider.</param>
/// <param name="groups">Additional groups to add. Needs SeTcbPrivilege.</param>
/// <returns>The logged on token.</returns>
public static NtToken Logon(string user, string domain, string password, SecurityLogonType type, Logon32Provider provider, IEnumerable <UserGroup> groups)
{
TokenGroupsBuilder builder = new TokenGroupsBuilder();
foreach (var group in groups)
{
builder.AddGroup(group.Sid, group.Attributes);
}
using (var group_buffer = builder.ToBuffer())
{
if (!SecurityNativeMethods.LogonUserExExW(user, domain, password, type, provider, group_buffer,
out SafeKernelObjectHandle token, null, null, null, null))
{
throw new SafeWin32Exception();
}
return(new NtToken(token));
}
}
/// <summary>
/// Logon a user with a username and password.
/// </summary>
/// <param name="user">The username.</param>
/// <param name="domain">The user's domain.</param>
/// <param name="password">The user's password.</param>
/// <param name="type">The type of logon token.</param>
/// <param name="provider">The Logon provider.</param>
/// <returns>The logged on token.</returns>
public static NtToken Logon(string user, string domain, string password, SecurityLogonType type, Logon32Provider provider)
{
if (!SecurityNativeMethods.LogonUser(user, domain, password, type, provider, out SafeKernelObjectHandle handle))
{
throw new SafeWin32Exception();
}
return(NtToken.FromHandle(handle));
}
