Solved

LogonUser API Function fails. Help me please

Posted on 2002-07-08
8
281 Views
Last Modified: 2007-12-19
My system is a Member Windows 2000 Advance Server (not PDC). I want to

use API LogonUser function to validate user Account with Visual Basic

6.0. But the function is always return 0 (fail)

VB Code as following. The TuVD Account is a local Account in my machine;

it is a member of Administrators group.

'----------In *.bas file-----------

Option Explicit

Public Const LOGON32_LOGON_INTERACTIVE = 2
Public Const LOGON32_PROVIDER_DEFAULT = 0


Public Declare Function LogonUser Lib "advapi32.dll" Alias "LogonUserA"

(ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal

lpszPassword As String, ByVal dwLogonType As Long, ByVal

dwLogonProvider As Long, phToken As Long) As Long
Public Declare Function RevertToSelf Lib "advapi32.dll" () As Long
Public Declare Function GetLastError Lib "kernel32" () As Long
'----------------------------------

'----------In Form1.frm------------
Private Sub Command1_Click()
Dim htok As Long
Dim RetVal As Long
Dim UserName As String
Dim Password As String
Dim DoMain As String
UserName = "TuVD" '& vbNullChar
Password = "123" '& vbNullChar
DoMain = "." '& vbNullChar
RetVal = RevertToSelf()
RetVal = LogonUser(UserName, DoMain, Password,

LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, htok)
If RetVal = 0 Then
    MsgBox "Error " & Str(GetLastError())
End If
MsgBox Str(htok)
RetVal = RevertToSelf()
End Sub
'----------------------------------

Please help me to find out where is the mistake. Thank you.
0
Comment
Question by:tujvd
8 Comments
 
LVL 43

Expert Comment

by:TimCottee
ID: 7137214
You need to make sure the the "Act as Part of the operating system" extended permission is granted to the user that you want to authenticate in this way.

http://p2p.wrox.com/archive/vb_howto/2001-07/40.asp
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 7138426
hearing...
0
 

Author Comment

by:tujvd
ID: 7139431
Thank TimCottee.
I've followed the instruction but it still does not work well. Thank again and hear your help.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 5

Expert Comment

by:RainUK
ID: 7143718
Hi there,

Can you tell me what parameters you are actually passing the API?

Also paste this into your module and call the Sub after you call the API. This will give you a more descriptive error.

Private Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, lpSource As Any, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, Arguments As Long) As Long
Private Const FORMAT_MESSAGE_FROM_SYSTEM = &H1000
Private strAPIError As String

Private Sub LastSystemError(Optional strAPICallName As String)

Dim sError As String * 500
Dim lErrNum As Long
Dim lErrMsg As Long

    lErrNum = Err.LastDllError
    lErrMsg = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, ByVal 0&, lErrNum, 0, sError, Len(sError), 0)
    If Not (InStr(1, Trim(sError), "The operation completed successfully.", vbTextCompare) > 0) Then
        strAPIError = Trim(sError)
        Call App.LogEvent(App.EXEName & " Could not " & strAPICallName & " , due to: " & Trim(sError))
    End If

End Sub

' Call api then paste below

Call LastSystemError("LogonUser")
0
 

Author Comment

by:tujvd
ID: 7145021
I've followed TimCottee's instruction at
http://p2p.wrox.com/archive/vb_howto/2001-07/40.asp.

I logon to my system with account VPB\vdtu and want to validate my system local account TuVD.
Both Accounts is in local Administrators group and all are in these local policies:

1) Act as part of the operating system
2)Create a tooken object
3) Log on as a service
4) Log on as a batch job
5) Replace a process lvel token

This is new version code; ErrCode always return ERROR_PRIVILEGE_NOT_HELD. I don't know how.
Thank for your help.

'----------- *.bas----------
Option Explicit

Public Const LOGON32_LOGON_INTERACTIVE = 2
Public Const LOGON32_PROVIDER_DEFAULT = 0

Public Const ERROR_ACCESS_DENIED = 5&
Public Const ERROR_PRIVILEGE_NOT_HELD = 1314&


Public Declare Function LogonUser Lib "advapi32.dll" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long

Public Declare Function RevertToSelf Lib "advapi32.dll" () As Long

'--------------in *.frm -------------

Private Sub Command1_Click()
Dim htok As Long
Dim RetVal As Long
Dim UserName As String
Dim Password As String
Dim Domain As String
Dim ErrCode As Long
UserName = "TuVD" '& vbNullChar
Password = "123" '& vbNullChar
Domain = "" '& vbNullChar
RetVal = RevertToSelf()
If RetVal = 0 Then
    MsgBox "RevertToSelf fail"
End If
htok =0
RetVal = LogonUser(UserName, Domain, Password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, htok)
If RetVal = 0 Then
    ErrCode = Err.LastDllError()
    Select Case ErrCode
        Case ERROR_PRIVILEGE_NOT_HELD
            MsgBox "ERROR_PRIVILEGE_NOT_HELD"
        Case ERROR_ACCESS_DENIED
            MsgBox "ERROR_ACCESS_DENIED"
        Case Else
            MsgBox "Unknown"
    End Select
End If
MsgBox Str(htok)
RetVal = RevertToSelf()
End Sub
0
 

Author Comment

by:tujvd
ID: 7156204
Help me
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 7991177
Hi tujvd,
It appears that you have forgotten this question. I will ask Community Support to close it unless you finalize it within 7 days. I will ask a Community Support Moderator to:

    Refund points and save as a 0-pt PAQ.

tujvd, Please DO NOT accept this comment as an answer.
EXPERTS: Post a comment if you are certain that an expert deserves credit.  Explain why.
==========
DanRollins -- EE database cleanup volunteer
0
 

Accepted Solution

by:
SpideyMod earned 0 total points
ID: 8053147
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction While answering a recent question about filtering a custom class collection, I realized that this could be accomplished with very little code by using the ScriptControl (SC) library.  This article will introduce you to the SC library a…
If you have ever used Microsoft Word then you know that it has a good spell checker and it may have occurred to you that the ability to check spelling might be a nice piece of functionality to add to certain applications of yours. Well the code that…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question