/// <summary>
/// Logon a user with a username and password.
/// </summary>
/// <param name="user">The username.</param>
/// <param name="domain">The user's domain.</param>
/// <param name="password">The user's password.</param>
/// <param name="type">The type of logon token.</param>
/// <param name="provider">The Logon provider.</param>
/// <param name="groups">Additional groups to add. Needs SeTcbPrivilege.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The logged on token.</returns>
public static NtResult <NtToken> LsaLogonUser(string user, string domain, SecureString password, SecurityLogonType type, Logon32Provider provider,
IEnumerable <UserGroup> groups, bool throw_on_error)
{
if (groups is null)
{
return(LsaLogonUser(user, domain, password, type, provider, throw_on_error));
}
TokenGroupsBuilder builder = new TokenGroupsBuilder();
foreach (var group in groups)
{
builder.AddGroup(group.Sid, group.Attributes);
}
using (var group_buffer = builder.ToBuffer())
{
using (var pwd = new SecureStringMarshalBuffer(password))
{
return(SecurityNativeMethods.LogonUserExExW(user, domain, pwd, type, provider, group_buffer,
out SafeKernelObjectHandle token, null, null, null, null)
.CreateWin32Result(throw_on_error, () => new NtToken(token)));
}
}
}
