Weirdness in LogonUser

Discussion in 'ASP .Net Security' started by David Thielen, Dec 22, 2006.

  1. If I call

    IntPtr tokenHandle = new IntPtr(0);
    bool returnValue = LogonUser("dave", "windward", "bogus",
    LOGON32_LOGON_NEW_CREDENTIALS, LOGON32_PROVIDER_DEFAULT, ref tokenHandle);

    The returnValue == true and I can successfully create a WindowsIdentity from
    the passed in tokenHandle, impersonate it, etc. The thing is - that is not my
    password.

    Any ideas?

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm
     
    David Thielen, Dec 22, 2006
    #1
    1. Advertising

  2. Hello Dave,

    What did you mean "that is not my password."? The password value you
    specify in LogonUser() is "bogus". Is it not your actual password?

    Sincerely,

    Luke Zhang

    Microsoft Online Community Support
    ==================================================
    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications.

    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at
    http://msdn.microsoft.com/subscriptions/support/default.aspx.
    ==================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Luke Zhang [MSFT], Dec 22, 2006
    #2
    1. Advertising

  3. correct - that is not my password. That's what is so weird to me.

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "Luke Zhang [MSFT]" wrote:

    > Hello Dave,
    >
    > What did you mean "that is not my password."? The password value you
    > specify in LogonUser() is "bogus". Is it not your actual password?
    >
    > Sincerely,
    >
    > Luke Zhang
    >
    > Microsoft Online Community Support
    > ==================================================
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > ications.
    >
    > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    > where an initial response from the community or a Microsoft Support
    > Engineer within 1 business day is acceptable. Please note that each follow
    > up response may take approximately 2 business days as the support
    > professional working with you may need further investigation to reach the
    > most efficient resolution. The offering is not appropriate for situations
    > that require urgent, real-time or phone-based interactions or complex
    > project analysis and dump analysis issues. Issues of this nature are best
    > handled working with a dedicated Microsoft Support Engineer by contacting
    > Microsoft Customer Support Services (CSS) at
    > http://msdn.microsoft.com/subscriptions/support/default.aspx.
    > ==================================================
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    >
    >
     
    David Thielen, Dec 22, 2006
    #3
  4. Hello,

    this is the normal bevhavior with LOGON32_LOGON_NEW_CREDENTIALS, as Windows
    can not validate the credential.

    But remote access will fail if the password is wrong.

    Best regards,
    Henning Krause

    "David Thielen" <> wrote in message
    news:...
    > correct - that is not my password. That's what is so weird to me.
    >
    > --
    > thanks - dave
    > david_at_windward_dot_net
    > http://www.windwardreports.com
    >
    > Cubicle Wars - http://www.windwardreports.com/film.htm
    >
    >
    >
    >
    > "Luke Zhang [MSFT]" wrote:
    >
    >> Hello Dave,
    >>
    >> What did you mean "that is not my password."? The password value you
    >> specify in LogonUser() is "bogus". Is it not your actual password?
    >>
    >> Sincerely,
    >>
    >> Luke Zhang
    >>
    >> Microsoft Online Community Support
    >> ==================================================
    >> Get notification to my posts through email? Please refer to
    >> http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    >> ications.
    >>
    >> Note: The MSDN Managed Newsgroup support offering is for non-urgent
    >> issues
    >> where an initial response from the community or a Microsoft Support
    >> Engineer within 1 business day is acceptable. Please note that each
    >> follow
    >> up response may take approximately 2 business days as the support
    >> professional working with you may need further investigation to reach the
    >> most efficient resolution. The offering is not appropriate for situations
    >> that require urgent, real-time or phone-based interactions or complex
    >> project analysis and dump analysis issues. Issues of this nature are best
    >> handled working with a dedicated Microsoft Support Engineer by contacting
    >> Microsoft Customer Support Services (CSS) at
    >> http://msdn.microsoft.com/subscriptions/support/default.aspx.
    >> ==================================================
    >>
    >> This posting is provided "AS IS" with no warranties, and confers no
    >> rights.
    >>
    >>
    >>
    >>
     
    Henning Krause [MVP - Exchange], Dec 22, 2006
    #4
  5. Thank you - yes you are right on this.

    God security is a PITA to get right.

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "Henning Krause [MVP - Exchange]" wrote:

    > Hello,
    >
    > this is the normal bevhavior with LOGON32_LOGON_NEW_CREDENTIALS, as Windows
    > can not validate the credential.
    >
    > But remote access will fail if the password is wrong.
    >
    > Best regards,
    > Henning Krause
    >
    > "David Thielen" <> wrote in message
    > news:...
    > > correct - that is not my password. That's what is so weird to me.
    > >
    > > --
    > > thanks - dave
    > > david_at_windward_dot_net
    > > http://www.windwardreports.com
    > >
    > > Cubicle Wars - http://www.windwardreports.com/film.htm
    > >
    > >
    > >
    > >
    > > "Luke Zhang [MSFT]" wrote:
    > >
    > >> Hello Dave,
    > >>
    > >> What did you mean "that is not my password."? The password value you
    > >> specify in LogonUser() is "bogus". Is it not your actual password?
    > >>
    > >> Sincerely,
    > >>
    > >> Luke Zhang
    > >>
    > >> Microsoft Online Community Support
    > >> ==================================================
    > >> Get notification to my posts through email? Please refer to
    > >> http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > >> ications.
    > >>
    > >> Note: The MSDN Managed Newsgroup support offering is for non-urgent
    > >> issues
    > >> where an initial response from the community or a Microsoft Support
    > >> Engineer within 1 business day is acceptable. Please note that each
    > >> follow
    > >> up response may take approximately 2 business days as the support
    > >> professional working with you may need further investigation to reach the
    > >> most efficient resolution. The offering is not appropriate for situations
    > >> that require urgent, real-time or phone-based interactions or complex
    > >> project analysis and dump analysis issues. Issues of this nature are best
    > >> handled working with a dedicated Microsoft Support Engineer by contacting
    > >> Microsoft Customer Support Services (CSS) at
    > >> http://msdn.microsoft.com/subscriptions/support/default.aspx.
    > >> ==================================================
    > >>
    > >> This posting is provided "AS IS" with no warranties, and confers no
    > >> rights.
    > >>
    > >>
    > >>
    > >>

    >
    >
     
    David Thielen, Dec 30, 2006
    #5
  6. no it is fun ;)


    -----
    Dominick Baier (http://www.leastprivilege.com)

    > Thank you - yes you are right on this.
    >
    > God security is a PITA to get right.
    >
    > Cubicle Wars - http://www.windwardreports.com/film.htm
    >
    > "Henning Krause [MVP - Exchange]" wrote:
    >
    >> Hello,
    >>
    >> this is the normal bevhavior with LOGON32_LOGON_NEW_CREDENTIALS, as
    >> Windows can not validate the credential.
    >>
    >> But remote access will fail if the password is wrong.
    >>
    >> Best regards,
    >> Henning Krause
    >> "David Thielen" <> wrote in message
    >> news:...
    >>
    >>> correct - that is not my password. That's what is so weird to me.
    >>>
    >>> --
    >>> thanks - dave
    >>> david_at_windward_dot_net
    >>> http://www.windwardreports.com
    >>> Cubicle Wars - http://www.windwardreports.com/film.htm
    >>>
    >>> "Luke Zhang [MSFT]" wrote:
    >>>
    >>>> Hello Dave,
    >>>>
    >>>> What did you mean "that is not my password."? The password value
    >>>> you specify in LogonUser() is "bogus". Is it not your actual
    >>>> password?
    >>>>
    >>>> Sincerely,
    >>>>
    >>>> Luke Zhang
    >>>>
    >>>> Microsoft Online Community Support
    >>>> ==================================================
    >>>> Get notification to my posts through email? Please refer to
    >>>> http://msdn.microsoft.com/subscriptions/managednewsgroups/default.a
    >>>> spx#notif
    >>>> ications.
    >>>> Note: The MSDN Managed Newsgroup support offering is for non-urgent
    >>>> issues
    >>>> where an initial response from the community or a Microsoft Support
    >>>> Engineer within 1 business day is acceptable. Please note that each
    >>>> follow
    >>>> up response may take approximately 2 business days as the support
    >>>> professional working with you may need further investigation to
    >>>> reach the
    >>>> most efficient resolution. The offering is not appropriate for
    >>>> situations
    >>>> that require urgent, real-time or phone-based interactions or
    >>>> complex
    >>>> project analysis and dump analysis issues. Issues of this nature
    >>>> are best
    >>>> handled working with a dedicated Microsoft Support Engineer by
    >>>> contacting
    >>>> Microsoft Customer Support Services (CSS) at
    >>>> http://msdn.microsoft.com/subscriptions/support/default.aspx.
    >>>> ==================================================
    >>>> This posting is provided "AS IS" with no warranties, and confers no
    >>>> rights.
    >>>>
     
    Dominick Baier, Dec 31, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mary Chipman

    Re: Impersonation in ASPNET and LogonUser

    Mary Chipman, Sep 3, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    461
    Mary Chipman
    Sep 3, 2003
  2. Jason

    impersonating and LogonUser

    Jason, Dec 30, 2003, in forum: ASP .Net
    Replies:
    7
    Views:
    450
    Jim Cheshire [MSFT]
    Jan 5, 2004
  3. Nimi

    LogonUser failed error

    Nimi, Oct 14, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    2,412
    Martin Dechev
    Oct 14, 2004
  4. Rich
    Replies:
    1
    Views:
    8,084
    Scott Allen
    Nov 2, 2004
  5. steve
    Replies:
    4
    Views:
    535
    Brian van den Broek
    Mar 13, 2005
Loading...

Share This Page