When you are developing windows or web applications and there is need for validating user credentials (either local or domain), the 'LogonUser' API helps alot and it makes developers life much easier.
This API function accepts five parameters and one of them is 'out' parameter.
Public Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As [String], _ ByVal lpszDomain As [String], ByVal lpszPassword As [String], _ ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _ ByRef phToken As IntPtr) As Boolean
This function returns 'true' if the authentication was success and 'false' if failed. The good part about it is that, it returns a valid exception with relevant error message when it fails to authenticate provided credentials.
After successful authentication, the phToken parameter(ByRef phToken As IntPtr)would give handle to the token and it can be used to create any process from that context. If you just want to use this API for authentication, you can ignore it.
Here is the usage.
Public Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As [String], _ ByVal lpszDomain As [String], ByVal lpszPassword As [String], _ ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _ ByRef phToken As IntPtr) As Boolean Private Function LoginUser(ByVal UserName As String, ByVal Password As String, ByVal Domain As String) As Boolean Try Dim tokenHandle As New IntPtr(0) ' Call LogonUser to obtain a handle to an access token. Dim returnValue As Boolean = Authorization.LogonUser(UserName, Password, Domain, 2, 0, tokenHandle) 'check if logon successful If returnValue = False Then Dim ret As Integer = Marshal.GetLastWin32Error() Throw New System.ComponentModel.Win32Exception(ret) Exit Function End If Return True Catch ex As Exception 'Here is where it returns relevant error message when the API fails to authenticate user. 'ex.Message End Try Return False End Function
2 comments:
Correct me if I'm wrong, but you're Public Declare auto function arge are username, domain, then Password and so on, but when you call "authorization.logonuser" the args passed are username, password, then domain. aren't they in the wrong order?
Post a Comment