-2
        // ------------------------------------------------------------------

        /// <summary>
        /// Does the actual impersonation.
        /// </summary>
        /// <param name="userName">The name of the user to act as.</param>
        /// <param name="domainName">The domain name of the user to act as.</param>
        /// <param name="password">The password of the user to act as.</param>
        private void ImpersonateValidUser(
            string userName, 
            string domain, 
            string password )
        {
            WindowsIdentity tempWindowsIdentity = null;
            IntPtr token = IntPtr.Zero;
            IntPtr tokenDuplicate = IntPtr.Zero;

            try
            {
                if ( RevertToSelf() )
                {
                    if ( LogonUser(
                        userName, 
                        domain, 
                        password, 
                        LOGON32_LOGON_INTERACTIVE,
                        LOGON32_PROVIDER_DEFAULT, 
                        ref token ) != 0 )
                    {
                        if ( DuplicateToken( token, 2, ref tokenDuplicate ) != 0 )
                        {
                            tempWindowsIdentity = new WindowsIdentity( tokenDuplicate );
                            impersonationContext = tempWindowsIdentity.Impersonate();
                        }
                        else
                        {
                            throw new Win32Exception( Marshal.GetLastWin32Error() );
                        }
                    }
                    else
                    {
                        throw new Win32Exception( Marshal.GetLastWin32Error() );
                    }
                }
                else
                {
                    throw new Win32Exception( Marshal.GetLastWin32Error() );
                }
            }
            finally
            {
                if ( token!= IntPtr.Zero )
                {
                    CloseHandle( token );
                }
                if ( tokenDuplicate!=IntPtr.Zero )
                {
                    CloseHandle( tokenDuplicate );
                }
            }
        }

I use the above code to perform impersonation

Then I pass the parameters as follows userName: the account of the machine to access domainName: IP of the machine to access password: the password of the device to be accessed

The result I get is the error: "The user name or password is incorrect". I want to ask if the parameters are set correctly. Is there anything else that needs to be changed?

adam
  • 9
  • 1

1 Answers1

0

You said you pass the IP Address as the domain name. You need to pass the actual domain name, not the IP address. If it is a local user you can pass the computer name. If it is a user local to your own computer, you can pass ".". You can also leave the domain field null and pass the full user name including the domain.

You don't need to call DuplicateToken. That is only needed if you use LOGON32_LOGON_NETWORK, which you don't.

You should also use a SecureString for the password if you think that the computer you are running this on could be in danger of being compromised. An example can be found here: How to use LogonUser properly to impersonate domain user from workgroup client

Finally, if you want to know what is really going on, don't read third party sites that write about an API they have wrapped. Read about the actual API you call.

In this case: The documentation for the Windows API LogonUser

nvoigt
  • 75,013
  • 26
  • 93
  • 142
  • - I understood the parameter "domainName" is not an IP address. - Does that mean that 2 computers on the same network must join the same domain? - Currently, I have 2 computers on the same network, but both machines do not join any domain, so what will I have to set the "domainName" parameter? – adam Apr 26 '23 at 07:13
  • What is the authority that determines whether it is the right user/password? Where was the user created if those two PCs are not in a domain? If it is a local user on PC1, then the domain is PC1. User1/PC1 might not be able to log in on PC2 though. – nvoigt Apr 26 '23 at 07:55
  • - My PC1 and PC2 are solving the same LAN. Don't install DOMAIN, just install Workgroup as WORKGROUP. The account is the login account of each computer. - In addition, when I set LOGON32_LOGON_INTERACTIVE = 9, I can enter the "domainName" parameter as the IP address without setting the other 2 parameters. Currently, I use this to work temporarily. – adam Apr 26 '23 at 08:29
  • On which PC are you running your program, and which user and password do you use? – nvoigt Apr 26 '23 at 08:39
  • Thank you for following my question. I run the program on PC1. Setting the userName and password parameters is of PC2, and the domain parameter I don't know what the setting is because both PC1 and PC2 do not join any domain. Currently, I set LOGON32_LOGON_INTERACTIVE = 9, parameter "domain" is the IP address of PC2, it works without setting 2 parameters userName and password of PC2. I don't know why but I'm using this way to make my program work. – adam Apr 26 '23 at 08:56
  • Well, if the user was created on PC2, then the "domain" of that user is "PC2". – nvoigt Apr 26 '23 at 09:06