Solved

LogonUser API Function fails. Help me please

Posted on 2002-07-08
8
270 Views
Last Modified: 2007-12-19
My system is a Member Windows 2000 Advance Server (not PDC). I want to

use API LogonUser function to validate user Account with Visual Basic

6.0. But the function is always return 0 (fail)

VB Code as following. The TuVD Account is a local Account in my machine;

it is a member of Administrators group.

'----------In *.bas file-----------

Option Explicit

Public Const LOGON32_LOGON_INTERACTIVE = 2
Public Const LOGON32_PROVIDER_DEFAULT = 0


Public Declare Function LogonUser Lib "advapi32.dll" Alias "LogonUserA"

(ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal

lpszPassword As String, ByVal dwLogonType As Long, ByVal

dwLogonProvider As Long, phToken As Long) As Long
Public Declare Function RevertToSelf Lib "advapi32.dll" () As Long
Public Declare Function GetLastError Lib "kernel32" () As Long
'----------------------------------

'----------In Form1.frm------------
Private Sub Command1_Click()
Dim htok As Long
Dim RetVal As Long
Dim UserName As String
Dim Password As String
Dim DoMain As String
UserName = "TuVD" '& vbNullChar
Password = "123" '& vbNullChar
DoMain = "." '& vbNullChar
RetVal = RevertToSelf()
RetVal = LogonUser(UserName, DoMain, Password,

LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, htok)
If RetVal = 0 Then
    MsgBox "Error " & Str(GetLastError())
End If
MsgBox Str(htok)
RetVal = RevertToSelf()
End Sub
'----------------------------------

Please help me to find out where is the mistake. Thank you.
0
Comment
Question by:tujvd
8 Comments
 
LVL 43

Expert Comment

by:TimCottee
ID: 7137214
You need to make sure the the "Act as Part of the operating system" extended permission is granted to the user that you want to authenticate in this way.

http://p2p.wrox.com/archive/vb_howto/2001-07/40.asp
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 7138426
hearing...
0
 

Author Comment

by:tujvd
ID: 7139431
Thank TimCottee.
I've followed the instruction but it still does not work well. Thank again and hear your help.
0
 
LVL 5

Expert Comment

by:RainUK
ID: 7143718
Hi there,

Can you tell me what parameters you are actually passing the API?

Also paste this into your module and call the Sub after you call the API. This will give you a more descriptive error.

Private Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, lpSource As Any, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, Arguments As Long) As Long
Private Const FORMAT_MESSAGE_FROM_SYSTEM = &H1000
Private strAPIError As String

Private Sub LastSystemError(Optional strAPICallName As String)

Dim sError As String * 500
Dim lErrNum As Long
Dim lErrMsg As Long

    lErrNum = Err.LastDllError
    lErrMsg = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, ByVal 0&, lErrNum, 0, sError, Len(sError), 0)
    If Not (InStr(1, Trim(sError), "The operation completed successfully.", vbTextCompare) > 0) Then
        strAPIError = Trim(sError)
        Call App.LogEvent(App.EXEName & " Could not " & strAPICallName & " , due to: " & Trim(sError))
    End If

End Sub

' Call api then paste below

Call LastSystemError("LogonUser")
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:tujvd
ID: 7145021
I've followed TimCottee's instruction at
http://p2p.wrox.com/archive/vb_howto/2001-07/40.asp.

I logon to my system with account VPB\vdtu and want to validate my system local account TuVD.
Both Accounts is in local Administrators group and all are in these local policies:

1) Act as part of the operating system
2)Create a tooken object
3) Log on as a service
4) Log on as a batch job
5) Replace a process lvel token

This is new version code; ErrCode always return ERROR_PRIVILEGE_NOT_HELD. I don't know how.
Thank for your help.

'----------- *.bas----------
Option Explicit

Public Const LOGON32_LOGON_INTERACTIVE = 2
Public Const LOGON32_PROVIDER_DEFAULT = 0

Public Const ERROR_ACCESS_DENIED = 5&
Public Const ERROR_PRIVILEGE_NOT_HELD = 1314&


Public Declare Function LogonUser Lib "advapi32.dll" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long

Public Declare Function RevertToSelf Lib "advapi32.dll" () As Long

'--------------in *.frm -------------

Private Sub Command1_Click()
Dim htok As Long
Dim RetVal As Long
Dim UserName As String
Dim Password As String
Dim Domain As String
Dim ErrCode As Long
UserName = "TuVD" '& vbNullChar
Password = "123" '& vbNullChar
Domain = "" '& vbNullChar
RetVal = RevertToSelf()
If RetVal = 0 Then
    MsgBox "RevertToSelf fail"
End If
htok =0
RetVal = LogonUser(UserName, Domain, Password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, htok)
If RetVal = 0 Then
    ErrCode = Err.LastDllError()
    Select Case ErrCode
        Case ERROR_PRIVILEGE_NOT_HELD
            MsgBox "ERROR_PRIVILEGE_NOT_HELD"
        Case ERROR_ACCESS_DENIED
            MsgBox "ERROR_ACCESS_DENIED"
        Case Else
            MsgBox "Unknown"
    End Select
End If
MsgBox Str(htok)
RetVal = RevertToSelf()
End Sub
0
 

Author Comment

by:tujvd
ID: 7156204
Help me
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 7991177
Hi tujvd,
It appears that you have forgotten this question. I will ask Community Support to close it unless you finalize it within 7 days. I will ask a Community Support Moderator to:

    Refund points and save as a 0-pt PAQ.

tujvd, Please DO NOT accept this comment as an answer.
EXPERTS: Post a comment if you are certain that an expert deserves credit.  Explain why.
==========
DanRollins -- EE database cleanup volunteer
0
 

Accepted Solution

by:
SpideyMod earned 0 total points
ID: 8053147
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Have you ever wanted to restrict the users input in a textbox to numbers, and while doing that make sure that they can't 'cheat' by pasting in non-numeric text? Of course you can do that with code you write yourself but it's tedious and error-prone …
Most everyone who has done any programming in VB6 knows that you can do something in code like Debug.Print MyVar and that when the program runs from the IDE, the value of MyVar will be displayed in the Immediate Window. Less well known is Debug.Asse…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now