Discussion:
LogonUser() API blocks with wrong credentials
(too old to reply)
Nick
2009-04-16 20:03:12 UTC
Permalink
Hi,

We are using Windows APIs to impersonate a user in an application that
runs as a service. The service under which the application is running
is started with Logon as Local System Account.

The Local System account has all the privileges required for
impersonation. After providing correct credentials, the application is
able to logon as a service and do successful impersonation.

However, if the password passed to LogonUser() API is incorrect, the
call is blocked/hanging. It is expected that the API returns failure
but it should not hang. Is this a known issue or is something wrong?

We are using OS: Windows XP

Here are the details for impersonation-

For impersonation we are calling LogonUser() API

LogonUser(mailbox,domain,m_szPassword,
LOGON32_LOGON_SERVICE,
LOGON32_PROVIDER_DEFAULT,
&hToken))

Steps followed for impersonation are as follows-

1. LookupPrivilegeValue for SE_TCB_NAME
2. OpenProcessToken
3. AdjustTokenPrivileges
4. LogonUser
5. LoadUserProfile
6. ImpersonateLoggedOnUser

Any pointers will be helpful!

Thanks,
Neha
DeVa
2009-05-26 15:40:01 UTC
Permalink
Had look on this article?

I heard something relevant with Windows NT, not familiar with Windows XP.
http://support.microsoft.com/default.aspx/kb/187936

Relevant article:
PRB: Access Denied error when you call LogonUser API
http://support.microsoft.com/kb/223334
Post by Nick
Hi,
We are using Windows APIs to impersonate a user in an application that
runs as a service. The service under which the application is running
is started with Logon as Local System Account.
The Local System account has all the privileges required for
impersonation. After providing correct credentials, the application is
able to logon as a service and do successful impersonation.
However, if the password passed to LogonUser() API is incorrect, the
call is blocked/hanging. It is expected that the API returns failure
but it should not hang. Is this a known issue or is something wrong?
We are using OS: Windows XP
Here are the details for impersonation-
For impersonation we are calling LogonUser() API
LogonUser(mailbox,domain,m_szPassword,
LOGON32_LOGON_SERVICE,
LOGON32_PROVIDER_DEFAULT,
&hToken))
Steps followed for impersonation are as follows-
1. LookupPrivilegeValue for SE_TCB_NAME
2. OpenProcessToken
3. AdjustTokenPrivileges
4. LogonUser
5. LoadUserProfile
6. ImpersonateLoggedOnUser
Any pointers will be helpful!
Thanks,
Neha
Loading...