internal static extern bool LogonUser(
char[] username,
char[]?domain,
char[] password,
LogOnType logonType,
LogOnProviderType logonProvider,
out AccessControlToken token);
/// <summary>
/// C# Wrapper for Win32 LogonUser call. Can be used to impersonate a local or remote user. This is safe to call
/// </summary>
/// <param name="user">username to authenticate with</param>
/// <param name="domain">domain to authenticate with</param>
/// <param name="password">plaintext password to authenticate with</param>
/// <param name="logOnType">Win32 Logon Type to use</param>
/// <param name="logOnProvider">Win32 Logon Provider to use</param>
/// <returns>LogonToken wrapped in a SafeHandle</returns>
public static AccessControlToken LogonUser(
string user,
string?domain,
string password,
LogOnType logOnType,
LogOnProviderType logOnProvider)
{
user = Arguments.EnsureNotNullOrWhitespace(user, nameof(user));
password = Arguments.EnsureNotNullOrWhitespace(password, nameof(password));
if (!NativeMethods.LogonUser(user.ToCharArray(), domain?.ToCharArray(), password.ToCharArray(), logOnType, logOnProvider, out var token))
{
var errorInfo = Marshal.GetLastWin32Error();
if (token != null)
{
if (token.IsInvalid)
{
token.Dispose();
}
}
throw new Win32Exception(errorInfo, "Logon User failed");
}
return(token);
}
private WindowsIdentity CreateWindowsIdentity(string username, string domain, string password, SecurityLogOnType logonType, LogOnProviderType logonProviderType, SecurityImpersonationLevel impersonationLevel)
{
// initialize tokens
var existingTokenHandle = IntPtr.Zero;
var duplicateTokenHandle = IntPtr.Zero;
if (!NativeMethods.LogonUser(
username,
domain,
password,
(int)logonType,
(int)logonProviderType,
out existingTokenHandle))
{
throw Marshal.GetExceptionForHR(Marshal.GetHRForLastWin32Error());
}
if (!NativeMethods.DuplicateToken(existingTokenHandle, (int)impersonationLevel, out duplicateTokenHandle))
{
NativeMethods.CloseHandle(existingTokenHandle);
throw Marshal.GetExceptionForHR(Marshal.GetHRForLastWin32Error());
}
// create new identity using new primary token
return(new WindowsIdentity(duplicateTokenHandle));
}
private WindowsIdentity CreateWindowsIdentity(string username, string domain, string password, SecurityLogOnType logonType, LogOnProviderType logonProviderType, SecurityImpersonationLevel impersonationLevel)
{
// initialize tokens
var existingTokenHandle = IntPtr.Zero;
var duplicateTokenHandle = IntPtr.Zero;
if (!NativeMethods.LogonUser(
username,
domain,
password,
(int)logonType,
(int)logonProviderType,
out existingTokenHandle))
{
throw Marshal.GetExceptionForHR(Marshal.GetHRForLastWin32Error());
}
if (!NativeMethods.DuplicateToken(existingTokenHandle, (int)impersonationLevel, out duplicateTokenHandle))
{
NativeMethods.CloseHandle(existingTokenHandle);
throw Marshal.GetExceptionForHR(Marshal.GetHRForLastWin32Error());
}
// create new identity using new primary token
return new WindowsIdentity(duplicateTokenHandle);
}
public NewIdentityHandle(string userName, string domain, string password, SecurityLogOnType logOnType, LogOnProviderType logOnProvider, SecurityImpersonationLevel impersonationLevel)
{
if (!NativeMethods.LogonUser(
userName,
domain,
password,
(int)logOnType,
(int)logOnProvider,
out var logonHandle))
{
throw Marshal.GetExceptionForHR(Marshal.GetHRForLastWin32Error());
}
#if NETSTANDARD
Handle = logonHandle;
#else
// adapted from:
// https://www.codeproject.com/csharp/cpimpersonation1.asp
if (!NativeMethods.DuplicateToken(logonHandle, (int)impersonationLevel, out _handle))
{
NativeMethods.CloseHandle(logonHandle);
throw Marshal.GetExceptionForHR(Marshal.GetHRForLastWin32Error());
}
NativeMethods.CloseHandle(logonHandle);
// create new identity using new primary token)
Handle = new WindowsIdentity(_handle);
#endif
}
