Joe,
This should do as well, but is not needed on W2K or higher (needs the kerberos provider). Much better is to use "split token identity", as provided by using LOGON32_LOGON_N EW_CREDENTIALS as logontype.
Willy.
"Joe Kaplan (MVP - ADSI)" <jo************ *@removethis.ac centure.com> wrote in message news:%2******** ********@tk2msf tngp13.phx.gbl. ..
Have you tried logging in with an account local to the server that has the same username and password as the user on the remote machine and impersonating that instead? My understanding is that this "trick" will work with NTLM in a situation where you can't use domain accounts/Kerberos.
Joe K.
"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:ey******** ******@TK2MSFTN GP10.phx.gbl...
IntPtr tokenHandle = new IntPtr(0), duplicateTokenH andle = new IntPtr(0);
bool result = advapi32.LogonU ser(userName, domain, password, advapi32.LogonT ype.Interactive , advapi32.LogonP rovider.Default , ref tokenHandle);
LogonType.Inter active = 2, LogonProvider.D efault = 0
Sorry; error code is 1326 - "Logon failure: unknown user name or bad password" even though the details are correct (I created the account specifically).
"Willy Denoyette [MVP]" <wi************ *@telenet.be> wrote in message news:Ox******** ******@TK2MSFTN GP15.phx.gbl...
Not accepted is a little vague isn't it? What is the return code of the LogonUser call? Some code would help also.
LogonUser doesn't "log on", it retuns an access token that can be used to access the remote server, so when you specify the credentials, as valid on a remote server, this server 'security system' returns a token that can be used to access the remote server when "impersonating" .
Willy.
"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:e7******** ******@TK2MSFTN GP10.phx.gbl...
I have; it is not accepted.
LogonUser will only work when specifying the local machine name or a domain name that is valid for the local machine as you are effectively logging a new user onto that machine (and of course a local user on another machine would not be able to log onto the local machine).
Cheers.
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard .caspershouse.c om> wrote in message news:uf******** ******@TK2MSFTN GP15.phx.gbl...
Martin,
Have you tried using the machine name in the domain parameter?
--
- Nicholas Paldino [.NET/C# MVP]
-
mv*@spam.guard. caspershouse.co m
"Martin Robins" <martin dot robins at technicaldirect dot co dot uk> wrote in message news:e9******** ******@TK2MSFTN GP14.phx.gbl...
I need to access the scheduler service on a network computer in order to manipulate it remotely from .NET; I have all of the necessary code to perform the manipulation and it works - great - but I am having problems with authentication.
I have tried using LogonUser and this works fine with a domain account, however it is not possible to use this with an account that is defined only on the remote computer - it only works with local or domain accounts.
Any suggestions as to how I can authenticate my connection to the remote PC using a logon and password local to that machine?
