Joe,
This should do as well, but is not needed on W2K or higher (needs the kerberos provider). Much better is to use "split token identity", as provided by using LOGON32_LOGON_NEW_CREDENTIALS as logontype.
Willy.
Have you tried logging in with an account local to the server that has the same username and password as the user on the remote machine and impersonating that instead? My understanding is that this "trick" will work with NTLM in a situation where you can't use domain accounts/Kerberos.
Joe K.
"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message IntPtr tokenHandle = new IntPtr(0), duplicateTokenHandle = new IntPtr(0);
bool result = advapi32.LogonUser(userName, domain, password, advapi32.LogonType.Interactive, advapi32.LogonProvider.Default, ref tokenHandle);
LogonType.Interactive = 2, LogonProvider.Default = 0
Sorry; error code is 1326 - "Logon failure: unknown user name or bad password" even though the details are correct (I created the account specifically).
Not accepted is a little vague isn't it? What is the return code of the LogonUser call? Some code would help also.
LogonUser doesn't "log on", it retuns an access token that can be used to access the remote server, so when you specify the credentials, as valid on a remote server, this server 'security system' returns a token that can be used to access the remote server when "impersonating".
Willy.
"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message I have; it is not accepted.
LogonUser will only work when specifying the local machine name or a domain name that is valid for the local machine as you are effectively logging a new user onto that machine (and of course a local user on another machine would not be able to log onto the local machine).
Cheers.
Martin,
Have you tried using the machine name in the domain parameter?
--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)
"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message I need to access the scheduler service on a network computer in order to manipulate it remotely from .NET; I have all of the necessary code to perform the manipulation and it works - great - but I am having problems with authentication.
I have tried using LogonUser and this works fine with a domain account, however it is not possible to use this with an account that is defined only on the remote computer - it only works with local or domain accounts.
Any suggestions as to how I can authenticate my connection to the remote PC using a logon and password local to that machine?