|
Overview |
|
|
|
Group |
|
|
|
Quick Info
Windows NT
| Yes
| Win95
| No
| Win32s
| No
| Import Library
| advapi32.lib
| Header File
| winbase.h
| Unicode
| WinNT
| Platform Notes
| None
|
|
|
LogonUser
The
LogonUser function attempts to perform a user logon operation. You specify the user
with a user name and domain, and authenticate the user with a clear-text password.
If the function succeeds, you receive a handle to a token that represents the
logged-on user. You can then use this token handle to impersonate the specified
user, or in most cases, to create a process running in the context of the
specified user.
BOOL LogonUser(
LPTSTR lpszUsername,
| // string that specifies the user name
|
LPTSTR lpszDomain,
| // string that specifies the domain or server
|
LPTSTR lpszPassword,
| // string that specifies the password
|
DWORD dwLogonType,
| // specifies the type of logon operation
|
DWORD dwLogonProvider,
| // specifies the logon provider
|
PHANDLE phToken
| // pointer to variable to receive token handle
|
);
|
|
Parameters
lpszUsername
Pointer to a null-terminated string that specifies the user name. This is the
name of the user account to log on to.
lpszDomain
Pointer to a null-terminated string that specifies the domain or server to log
on to. If this parameter is ".",
LogonUser searches only the local account database for the account specified in
lpszUsername. If this parameter is NULL,
LogonUser searches the local account database, and then searches trusted domain account
databases, until it finds the
lpszUsername account or the search is exhausted without finding the account name.
lpszPassword
Pointer to a null-terminated string that specifies the clear-text password for
the user account specified by
lpszUsername.
dwLogonType
Specifies the type of logon operation to perform. The following logon types
are defined:
Value
| Meaning
|
LOGON32_LOGON_BATCH
| This logon type is intended for batch servers, where processes may be
executing on behalf of a user without their direct intervention; or for higher
performance servers that process many clear-text authentication attempts at a time,
such as mail or web servers. LogonUser does not cache credentials for this logon type.
|
LOGON32_LOGON_INTERACTIVE
| This logon type is intended for users who will be interactively using the
machine, such as a user being logged on by a terminal server, remote shell, or
similar process. This logon type has the additional expense of caching logon
information for disconnected operation, and is therefore inappropriate for some
client/server applications, such as a mail server.
|
LOGON32_LOGON_SERVICE
| Indicates a service-type logon. The account provided must have the service
privilege enabled.
|
LOGON32_LOGON_NETWORK
| This logon type is intended for high performance servers to authenticate clear
text passwords. LogonUser does not cache credentials for this logon type. This is the fastest logon
path, but there are two limitations.
First, the function returns an impersonation token, not a primary token. You
cannot use this token directly in the CreateProcessAsUser function. However, you can call the DuplicateTokenEx function to convert the token to a primary token, and then use it in CreateProcessAsUser.
Second, if you convert the token to a primary token and use it in CreateProcessAsUser to start a process, the new process will not be able to access other network
resources, such as remote servers or printers, through the redirector.
|
dwLogonProvider
Specifies the logon provider. The following logon providers are defined:
Value
| Meaning
|
LOGON32_PROVIDER_DEFAULT
| Use the standard logon provider. This is the recommended value for dwLogonProvider. It gives an application the maximum upward compatibility with future
releases of Windows NT.
|
phToken
Pointer to a
HANDLE variable that receives a handle to a token that represents the specified
user.
You can use the returned handle in calls to the
ImpersonateLoggedOnUser function.
In most cases, the returned handle is a primary token that you can use in
calls to the
CreateProcessAsUser function. However, if you specify the LOGON32_LOGON_NETWORK flag,
LogonUser returns an impersonation token that you cannot use in
CreateProcessAsUser unless you call
DuplicateTokenEx to convert it to a primary token.
When you no longer need this handle, close it by calling the
CloseHandle function.
Return Values
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error
information, call
GetLastError.
Remarks
The process that calls
LogonUser must have the SE_TCB_NAME privilege. The privilege does not need to be
enabled. The
LogonUser function enables the privilege as necessary. The function fails if the
calling process does not have the SE_TCB_NAME privilege, and
GetLastError returns the error code ERROR_PRIVILEGE_NOT_HELD. For more information about
privileges, see
Privileges.
A user is considered logged on as long as at least one token exists. If you
call
CreateProcessAsUser and then close the token, the system considers the user as still logged on
until the process (and all child processes) have ended.
If the
LogonUser call is successful, the system notifies network providers that the logon
occurred by calling the provider's NPLogonNotify entry-point.
See Also
CreateProcessAsUser,
ImpersonateLoggedOnUser
- Software for developers
-
Delphi Components
.Net Components
Software for Android Developers
- More information resources
-
MegaDetailed.Net
Unix Manual Pages
Delphi Examples
- Databases for Amazon shops developers
-
Amazon Categories Database
Browse Nodes Database
