LogonUser Access Denied

Discussion in 'ASP .Net Security' started by Dominick Baier, Oct 10, 2006.

  1. which OS?

    before XP/2k3 LogonUser needed basically SYSTEM privileges...

    ---
    Dominick Baier, DevelopMentor
    http://www.leastprivilege.com

    > I'm also having problems with impersonation. Or rather, I'm not quite
    > getting that far.
    >
    > I need to be able to manually authenticate users. However, every
    > attempt to make the Win32 call to LogonUser returns an "Access Denied"
    > exception.
    >
    > I've attempted this from both web and windows forms apps, with
    > identical results. I've tried demanding full trust to no effect.
    >
    > I'm running the 2.0 framework.
    >
    > Anyone have any ideas?
    >
    > Thanks.
    >
     
    Dominick Baier, Oct 10, 2006
    #1
    1. Advertising

  2. I'm also having problems with impersonation. Or rather, I'm not quite
    getting that far.

    I need to be able to manually authenticate users. However, every attempt to
    make the Win32 call to LogonUser returns an "Access Denied" exception.

    I've attempted this from both web and windows forms apps, with identical
    results. I've tried demanding full trust to no effect.

    I'm running the 2.0 framework.

    Anyone have any ideas?


    Thanks.
     
    Bill Alexander, Oct 10, 2006
    #2
    1. Advertising

  3. Actually, I found the problem. The true error code was being overridden by
    some code that I hadn't noticed. This was causing any failure to
    authenticate to be reported as "Access Denied".

    The problem was an actual failure to authenticate due to attempting to pass
    the domain and username as "domain\username" while leaving the domain
    argument null. The docs state that this is an acceptable practice, but it
    wasn't able to authenticate this way.

    I suspect that the slash's escaped form "\\" may have been passed to
    LogonUser without being unescaped, and may have been the source of the
    problem. Though I haven't had time to confirm that yet.

    "Dominick Baier" wrote:

    > which OS?
    >
    > before XP/2k3 LogonUser needed basically SYSTEM privileges...
    >
    > ---
    > Dominick Baier, DevelopMentor
    > http://www.leastprivilege.com
    >
    > > I'm also having problems with impersonation. Or rather, I'm not quite
    > > getting that far.
    > >
    > > I need to be able to manually authenticate users. However, every
    > > attempt to make the Win32 call to LogonUser returns an "Access Denied"
    > > exception.
    > >
    > > I've attempted this from both web and windows forms apps, with
    > > identical results. I've tried demanding full trust to no effect.
    > >
    > > I'm running the 2.0 framework.
    > >
    > > Anyone have any ideas?
    > >
    > > Thanks.
    > >

    >
    >
    >
     
    Bill Alexander, Oct 10, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mary Chipman

    Re: Impersonation in ASPNET and LogonUser

    Mary Chipman, Sep 3, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    461
    Mary Chipman
    Sep 3, 2003
  2. Jason

    impersonating and LogonUser

    Jason, Dec 30, 2003, in forum: ASP .Net
    Replies:
    7
    Views:
    450
    Jim Cheshire [MSFT]
    Jan 5, 2004
  3. Nimi

    LogonUser failed error

    Nimi, Oct 14, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    2,412
    Martin Dechev
    Oct 14, 2004
  4. Johannes Hammersen
    Replies:
    1
    Views:
    186
    Dave F.
    Jun 12, 2005
  5. Lee

    LogonUser access denied

    Lee, Aug 16, 2006, in forum: ASP .Net Security
    Replies:
    9
    Views:
    589
Loading...

Share This Page