Actually, I found the problem. The true error code was being overridden by
some code that I hadn't noticed. This was causing any failure to
authenticate to be reported as "Access Denied".
The problem was an actual failure to authenticate due to attempting to pass
the domain and username as "domain\username" while leaving the domain
argument null. The docs state that this is an acceptable practice, but it
wasn't able to authenticate this way.
I suspect that the slash's escaped form "\\" may have been passed to
LogonUser without being unescaped, and may have been the source of the
problem. Though I haven't had time to confirm that yet.
"Dominick Baier" wrote:
> which OS?
>
> before XP/2k3 LogonUser needed basically SYSTEM privileges...
>
> ---
> Dominick Baier, DevelopMentor
> http://www.leastprivilege.com
>
> > I'm also having problems with impersonation. Or rather, I'm not quite
> > getting that far.
> >
> > I need to be able to manually authenticate users. However, every
> > attempt to make the Win32 call to LogonUser returns an "Access Denied"
> > exception.
> >
> > I've attempted this from both web and windows forms apps, with
> > identical results. I've tried demanding full trust to no effect.
> >
> > I'm running the 2.0 framework.
> >
> > Anyone have any ideas?
> >
> > Thanks.
> >
>
>
>
Similar Threads
