Solved

LogonUser API Function fails. Help me please

Posted on 2002-07-08
8
276 Views
Last Modified: 2007-12-19
My system is a Member Windows 2000 Advance Server (not PDC). I want to

use API LogonUser function to validate user Account with Visual Basic

6.0. But the function is always return 0 (fail)

VB Code as following. The TuVD Account is a local Account in my machine;

it is a member of Administrators group.

'----------In *.bas file-----------

Option Explicit

Public Const LOGON32_LOGON_INTERACTIVE = 2
Public Const LOGON32_PROVIDER_DEFAULT = 0


Public Declare Function LogonUser Lib "advapi32.dll" Alias "LogonUserA"

(ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal

lpszPassword As String, ByVal dwLogonType As Long, ByVal

dwLogonProvider As Long, phToken As Long) As Long
Public Declare Function RevertToSelf Lib "advapi32.dll" () As Long
Public Declare Function GetLastError Lib "kernel32" () As Long
'----------------------------------

'----------In Form1.frm------------
Private Sub Command1_Click()
Dim htok As Long
Dim RetVal As Long
Dim UserName As String
Dim Password As String
Dim DoMain As String
UserName = "TuVD" '& vbNullChar
Password = "123" '& vbNullChar
DoMain = "." '& vbNullChar
RetVal = RevertToSelf()
RetVal = LogonUser(UserName, DoMain, Password,

LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, htok)
If RetVal = 0 Then
    MsgBox "Error " & Str(GetLastError())
End If
MsgBox Str(htok)
RetVal = RevertToSelf()
End Sub
'----------------------------------

Please help me to find out where is the mistake. Thank you.
0
Comment
Question by:tujvd
8 Comments
 
LVL 43

Expert Comment

by:TimCottee
ID: 7137214
You need to make sure the the "Act as Part of the operating system" extended permission is granted to the user that you want to authenticate in this way.

http://p2p.wrox.com/archive/vb_howto/2001-07/40.asp
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 7138426
hearing...
0
 

Author Comment

by:tujvd
ID: 7139431
Thank TimCottee.
I've followed the instruction but it still does not work well. Thank again and hear your help.
0
 
LVL 5

Expert Comment

by:RainUK
ID: 7143718
Hi there,

Can you tell me what parameters you are actually passing the API?

Also paste this into your module and call the Sub after you call the API. This will give you a more descriptive error.

Private Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, lpSource As Any, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, Arguments As Long) As Long
Private Const FORMAT_MESSAGE_FROM_SYSTEM = &H1000
Private strAPIError As String

Private Sub LastSystemError(Optional strAPICallName As String)

Dim sError As String * 500
Dim lErrNum As Long
Dim lErrMsg As Long

    lErrNum = Err.LastDllError
    lErrMsg = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, ByVal 0&, lErrNum, 0, sError, Len(sError), 0)
    If Not (InStr(1, Trim(sError), "The operation completed successfully.", vbTextCompare) > 0) Then
        strAPIError = Trim(sError)
        Call App.LogEvent(App.EXEName & " Could not " & strAPICallName & " , due to: " & Trim(sError))
    End If

End Sub

' Call api then paste below

Call LastSystemError("LogonUser")
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:tujvd
ID: 7145021
I've followed TimCottee's instruction at
http://p2p.wrox.com/archive/vb_howto/2001-07/40.asp.

I logon to my system with account VPB\vdtu and want to validate my system local account TuVD.
Both Accounts is in local Administrators group and all are in these local policies:

1) Act as part of the operating system
2)Create a tooken object
3) Log on as a service
4) Log on as a batch job
5) Replace a process lvel token

This is new version code; ErrCode always return ERROR_PRIVILEGE_NOT_HELD. I don't know how.
Thank for your help.

'----------- *.bas----------
Option Explicit

Public Const LOGON32_LOGON_INTERACTIVE = 2
Public Const LOGON32_PROVIDER_DEFAULT = 0

Public Const ERROR_ACCESS_DENIED = 5&
Public Const ERROR_PRIVILEGE_NOT_HELD = 1314&


Public Declare Function LogonUser Lib "advapi32.dll" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long

Public Declare Function RevertToSelf Lib "advapi32.dll" () As Long

'--------------in *.frm -------------

Private Sub Command1_Click()
Dim htok As Long
Dim RetVal As Long
Dim UserName As String
Dim Password As String
Dim Domain As String
Dim ErrCode As Long
UserName = "TuVD" '& vbNullChar
Password = "123" '& vbNullChar
Domain = "" '& vbNullChar
RetVal = RevertToSelf()
If RetVal = 0 Then
    MsgBox "RevertToSelf fail"
End If
htok =0
RetVal = LogonUser(UserName, Domain, Password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, htok)
If RetVal = 0 Then
    ErrCode = Err.LastDllError()
    Select Case ErrCode
        Case ERROR_PRIVILEGE_NOT_HELD
            MsgBox "ERROR_PRIVILEGE_NOT_HELD"
        Case ERROR_ACCESS_DENIED
            MsgBox "ERROR_ACCESS_DENIED"
        Case Else
            MsgBox "Unknown"
    End Select
End If
MsgBox Str(htok)
RetVal = RevertToSelf()
End Sub
0
 

Author Comment

by:tujvd
ID: 7156204
Help me
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 7991177
Hi tujvd,
It appears that you have forgotten this question. I will ask Community Support to close it unless you finalize it within 7 days. I will ask a Community Support Moderator to:

    Refund points and save as a 0-pt PAQ.

tujvd, Please DO NOT accept this comment as an answer.
EXPERTS: Post a comment if you are certain that an expert deserves credit.  Explain why.
==========
DanRollins -- EE database cleanup volunteer
0
 

Accepted Solution

by:
SpideyMod earned 0 total points
ID: 8053147
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction I needed to skip over some file processing within a For...Next loop in some old production code and wished that VB (classic) had a statement that would drop down to the end of the current iteration, bypassing the statements that were c…
You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now