WindowsIdentityMembers.LogonUser() No Documentation  
Author Message
William McIlroy

PostPosted: .NET Base Class Library, WindowsIdentityMembers.LogonUser() No Documentation Top

The subject method appears in sample code for WindowsIdentity.  I cannot find information about the method WindowsIdentityMembers.LogonUser() in Help (i.e. MSDN for Whidby).  The method is a real aid to developers who previously were required to do a P/Invoke to unmanaged code to obtain the token.  See code from sample...

// Retrieve the Windows account token for the current user.

IntPtr logonToken = WindowsIdentityMembers.LogonUser();

// Constructor implementations.







// Property implementations.


// Method implementations.



Console.WriteLine("This sample completed successfully; " +

"press Enter to exit.");


.NET Development24  

PostPosted: .NET Base Class Library, WindowsIdentityMembers.LogonUser() No Documentation Top

Hi William,

I believe you are referring to the class WindowsIdentityMembers which has been provided as a sample on this page.

That class is not part of the .NET Framework, its just a sample. Even in .NET 2.0, PInvoke is used to call LogonUser. As for the LogonUser method in the sample - thats just returning the token for the current logged on user.

For a code sample on using LogonUser Unmanaged API, take a look here.


Mark the best answers as replies...!


PostPosted: .NET Base Class Library, WindowsIdentityMembers.LogonUser() No Documentation Top


I am building two applications, one on a file server, the other for clients.
I would like to control on the file server the files read permissions for the currently connected user.
I have only find how to make it using logonuser with the pasword but i don't like so much...

code :

using System;
using System.Collections.Generic;
using System.Text;
using System.Security.Principal;
using System.Runtime.InteropServices;
using System.Security.AccessControl;
using System.IO;
using System.Security.Permissions;
namespace ConsoleApplication2
class Class1
//Cette fonction prends le jeton de securite pour un utilisateur.
private static extern int LogonUser(string lpszUsername ,
string lpszDomain ,string lpszPassword ,int dwLogonType,
int dwLogonProvider ,ref IntPtr phToken);

public enum Logon :int
Interactive = 2 ,
NetworkCleartext = 8

public enum Provider :int
WindowsNT35 = 1,
WindowsNT40 = 2,
Windows2000 = 3

// cette fonction duplique le jeton
[DllImport("advapi32.dll",CharSet=CharSet.Auto, SetLastError=true)]
private static extern int DuplicateToken (IntPtr ExistingTokenHandle, int ImpersonationLevel, ref IntPtr DuplicateTokenHandle);

static void Main(string[] args)
Console.WriteLine("//- Utilisateur courant -\\ ");

// prend les informations de l'utilisateur.
Console.WriteLine("Entrer les informations pour vous indentifier :");
string UserName;
string Domaine;
string Password;

Console.Write("Domaine: ");
Domaine = Console.ReadLine();
Console.Write("Nom utilisateur: ");
UserName = Console.ReadLine();
Console.Write("Mot de passe : ");
Password = Console.ReadLine();

// indentifier la nouvelle personne

WindowsIdentity NewIdentity;
NewIdentity = GetWindowsIdentity(UserName, Domaine, Password);

if (NewIdentity == null)
Console.WriteLine("Information invalide");
// deidentification de l'ancienne identite
// au profit de la nouvelle
WindowsImpersonationContext NewContext;
NewContext = NewIdentity.Impersonate();

Console.WriteLine("//- LOGIN -\\ ");

// revient a l'identite d'origine

Console.WriteLine("//- LOGOUT-\\");



// cette fonction affiche les informations de l'utilisateur courant

public static void DisplayIdentityInfo()
WindowsIdentity Identity = WindowsIdentity.GetCurrent();

Console.WriteLine("Cette application se lance avec " + Identity.Name);

// cette fonction utilise les API pour obtenir le WindowsIdentity
// pour le donner a l'utilisateur
public static WindowsIdentity GetWindowsIdentity(string UserName ,
string Domaine,string Password)
IntPtr SecurityToken= new IntPtr(0);
IntPtr TokenDuplicate= new IntPtr(0);

if (LogonUser(UserName, Domaine, Password, (int)Logon.Interactive,0,ref SecurityToken) > 0)
DuplicateToken(SecurityToken, 2, ref TokenDuplicate);
return new WindowsIdentity(TokenDuplicate);
return null;
private static bool CanRead(string fname, WindowsIdentity WinIdentity)

WindowsPrincipal WinPrincipal = new WindowsPrincipal(WinIdentity);
bool AllowRead = false;
FileInfo fi = new FileInfo(fname);
FileSecurity sec = fi.GetAccessControl();
foreach (FileSystemAccessRule rule in sec.GetAccessRules(true, true, typeof(NTAccount)))
if (WinPrincipal.IsInRole(rule.IdentityReference.Value))
if (((int)rule.FileSystemRights & (int)FileSystemRights.Read) > 0)
if (rule.AccessControlType == AccessControlType.Allow)
AllowRead = true;
else if (rule.AccessControlType == AccessControlType.Deny)
return false;
catch (Exception e)
AllowRead = false;
return AllowRead;


Could you help me



Lucian Bargaoanu

PostPosted: .NET Base Class Library, WindowsIdentityMembers.LogonUser() No Documentation Top

You need impersonation. You can get it with remoting or web services.