• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 312
  • Last Modified:

LogonUser API Function fails. Help me please

My system is a Member Windows 2000 Advance Server (not PDC). I want to

use API LogonUser function to validate user Account with Visual Basic

6.0. But the function is always return 0 (fail)

VB Code as following. The TuVD Account is a local Account in my machine;

it is a member of Administrators group.

'----------In *.bas file-----------

Option Explicit

Public Const LOGON32_LOGON_INTERACTIVE = 2
Public Const LOGON32_PROVIDER_DEFAULT = 0


Public Declare Function LogonUser Lib "advapi32.dll" Alias "LogonUserA"

(ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal

lpszPassword As String, ByVal dwLogonType As Long, ByVal

dwLogonProvider As Long, phToken As Long) As Long
Public Declare Function RevertToSelf Lib "advapi32.dll" () As Long
Public Declare Function GetLastError Lib "kernel32" () As Long
'----------------------------------

'----------In Form1.frm------------
Private Sub Command1_Click()
Dim htok As Long
Dim RetVal As Long
Dim UserName As String
Dim Password As String
Dim DoMain As String
UserName = "TuVD" '& vbNullChar
Password = "123" '& vbNullChar
DoMain = "." '& vbNullChar
RetVal = RevertToSelf()
RetVal = LogonUser(UserName, DoMain, Password,

LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, htok)
If RetVal = 0 Then
    MsgBox "Error " & Str(GetLastError())
End If
MsgBox Str(htok)
RetVal = RevertToSelf()
End Sub
'----------------------------------

Please help me to find out where is the mistake. Thank you.
0
tujvd
Asked:
tujvd
1 Solution
 
TimCotteeCommented:
You need to make sure the the "Act as Part of the operating system" extended permission is granted to the user that you want to authenticate in this way.

http://p2p.wrox.com/archive/vb_howto/2001-07/40.asp
0
 
Richie_SimonettiIT OperationsCommented:
hearing...
0
 
tujvdAuthor Commented:
Thank TimCottee.
I've followed the instruction but it still does not work well. Thank again and hear your help.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
RainUKCommented:
Hi there,

Can you tell me what parameters you are actually passing the API?

Also paste this into your module and call the Sub after you call the API. This will give you a more descriptive error.

Private Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, lpSource As Any, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, Arguments As Long) As Long
Private Const FORMAT_MESSAGE_FROM_SYSTEM = &H1000
Private strAPIError As String

Private Sub LastSystemError(Optional strAPICallName As String)

Dim sError As String * 500
Dim lErrNum As Long
Dim lErrMsg As Long

    lErrNum = Err.LastDllError
    lErrMsg = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, ByVal 0&, lErrNum, 0, sError, Len(sError), 0)
    If Not (InStr(1, Trim(sError), "The operation completed successfully.", vbTextCompare) > 0) Then
        strAPIError = Trim(sError)
        Call App.LogEvent(App.EXEName & " Could not " & strAPICallName & " , due to: " & Trim(sError))
    End If

End Sub

' Call api then paste below

Call LastSystemError("LogonUser")
0
 
tujvdAuthor Commented:
I've followed TimCottee's instruction at
http://p2p.wrox.com/archive/vb_howto/2001-07/40.asp.

I logon to my system with account VPB\vdtu and want to validate my system local account TuVD.
Both Accounts is in local Administrators group and all are in these local policies:

1) Act as part of the operating system
2)Create a tooken object
3) Log on as a service
4) Log on as a batch job
5) Replace a process lvel token

This is new version code; ErrCode always return ERROR_PRIVILEGE_NOT_HELD. I don't know how.
Thank for your help.

'----------- *.bas----------
Option Explicit

Public Const LOGON32_LOGON_INTERACTIVE = 2
Public Const LOGON32_PROVIDER_DEFAULT = 0

Public Const ERROR_ACCESS_DENIED = 5&
Public Const ERROR_PRIVILEGE_NOT_HELD = 1314&


Public Declare Function LogonUser Lib "advapi32.dll" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long

Public Declare Function RevertToSelf Lib "advapi32.dll" () As Long

'--------------in *.frm -------------

Private Sub Command1_Click()
Dim htok As Long
Dim RetVal As Long
Dim UserName As String
Dim Password As String
Dim Domain As String
Dim ErrCode As Long
UserName = "TuVD" '& vbNullChar
Password = "123" '& vbNullChar
Domain = "" '& vbNullChar
RetVal = RevertToSelf()
If RetVal = 0 Then
    MsgBox "RevertToSelf fail"
End If
htok =0
RetVal = LogonUser(UserName, Domain, Password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, htok)
If RetVal = 0 Then
    ErrCode = Err.LastDllError()
    Select Case ErrCode
        Case ERROR_PRIVILEGE_NOT_HELD
            MsgBox "ERROR_PRIVILEGE_NOT_HELD"
        Case ERROR_ACCESS_DENIED
            MsgBox "ERROR_ACCESS_DENIED"
        Case Else
            MsgBox "Unknown"
    End Select
End If
MsgBox Str(htok)
RetVal = RevertToSelf()
End Sub
0
 
tujvdAuthor Commented:
Help me
0
 
DanRollinsCommented:
Hi tujvd,
It appears that you have forgotten this question. I will ask Community Support to close it unless you finalize it within 7 days. I will ask a Community Support Moderator to:

    Refund points and save as a 0-pt PAQ.

tujvd, Please DO NOT accept this comment as an answer.
EXPERTS: Post a comment if you are certain that an expert deserves credit.  Explain why.
==========
DanRollins -- EE database cleanup volunteer
0
 
SpideyModCommented:
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now