4

Please can any one help me with this? I was trying to login to portal.microsoftonline.com with the credentials needed but it gets me that error. Is my URL is wrong or what? Because i am trying to impersonate and give a role to a user. Thank you and btw i am new here, please forgive me the way i post my problem. Please see the comment where the error is.

   class SecurityHelpers
   {
     private SecurityHelpers() { }

     [DllImport("advapi32.dll", SetLastError = true)]
     private static extern bool LogonUser(string lpszUsername,
        string lpszDomain, string lpszPassword,
        int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

     [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
     private extern static bool CloseHandle(IntPtr handle);

     public static WindowsIdentity CreateIdentity(
        string userName, string domain, string password)
     {
        IntPtr tokenHandle = new IntPtr(0);

        const int LOGON32_PROVIDER_DEFAULT = 0;
        const int LOGON32_LOGON_NETWORK_CLEARTEXT = 3;

        tokenHandle = IntPtr.Zero;
        bool returnValue = LogonUser(userName, domain, password,
           LOGON32_LOGON_NETWORK_CLEARTEXT,
           LOGON32_PROVIDER_DEFAULT,
           ref tokenHandle);

        if (false == returnValue)
        {
           int ret = Marshal.GetLastWin32Error();
           // THIS WHERE THE ERROR IS - "LogonUser failed with error code: 1326"
           throw new Exception("LogonUser failed with error code: " + ret);
        }

        WindowsIdentity id = new WindowsIdentity(tokenHandle);
        CloseHandle(tokenHandle);
        return id;
     }
  }
mak
  • 350
  • 2
  • 4
  • 11
  • 3
    Error 1326 is `unknown username or bad password`, which means your credentials are wrong. – Ken White Jun 27 '13 at 01:17
  • No, i cant be wrong with my username or password. How that possible? I've been using my account for so long. And i tried the admin or my account or the testing account, still the same error i've got. Is there need of Unicode or what to properly read the username or password? – mak Jun 27 '13 at 01:34
  • 2
    Trying to login to a web site with LogonUser is not going to work. That function is only meant to logon to Windows machines. – Hans Passant Jun 27 '13 at 01:34
  • Oh i see. This aint not working? So what will i do? Any advice from you where do i start? Because i have this project to Impersonate a user using c#, and i found this code trying that if this will work to log in me in using windows c#. I think do you know what i was trying to create a code. – mak Jun 27 '13 at 01:42
  • @mak, Hans is right. Could you perhaps explain the broader context of what you are trying to achieve? What type of application are you writing and what does it use signing in to portal.microsoftonline.com for? – Andrew Savinykh Jun 27 '13 at 01:43
  • @HansPassant: I missed that it was for a web site; I just caught `LogonUser` and `error 1326`. (For mak: Of course it won't work. As Hans said, `LogonUser` is for logging onto a Windows network or local computer account, not logging in to a web site.) – Ken White Jun 27 '13 at 01:44
  • @zespri I am achieving to automate the process of Impersonation User in the Office 365 as we do that manually to each user. So im creating c# windows form. To start with, i have to login by any means using c#(currently), so that i can add a role to user/users like the ApplicationImpersonation in the office 365. To all thank you so much. So i will conclude this will not work. If do you have ideas or suggestions, please do. – mak Jun 27 '13 at 01:56
  • The general approach for this kind of tasks is given here http://stackoverflow.com/questions/13869418/programmatically-logging-in-to-website-with-saved-username-and-password The solution will end up different in your case, but that's the approach. – Andrew Savinykh Jun 27 '13 at 02:05

3 Answers3

3

It's possible xp_cmdshell is executed through the proxy account. Check if the proxy account has the correct credentials.

In Object Explorer go to:

Security > Credentials > ##xp_cmdshell_proxy_account##

Also, check if the user has execute rights to sys.xp_cmdshell

In Object Explorer go to:

Databases > System Databases > master > Security > Users > [user] > Securables

SQL to grant permission:

use [master]
grant execute on xp_cmdshell to [domain\user];
user2601995
  • 6,463
  • 8
  • 37
  • 41
  • I had same issue and proxy account credentials was the problem. Change proxy account credentials in Security->Credentials change the updated password and everything will be fine. I had issue with dtsx package execution when ai changed the password of domain account that connect to database. – Kenan Begić Jan 16 '20 at 14:05
1

It worked for me with LogonType as LOGON32_LOGON_NEW_CREDENTIALS = 9. Please try that.

userName, domain an password need to be passed as Windows Wide Character or Windows Unicode. Please ensure that you are passing them in the correct format.

Community
  • 1
  • 1
Nimisha
  • 39
  • 1
  • 5
0

What Ken White said in the comments is correct. If you don't pass the appropriate string type for your username & password, you'll get a 1326. Modify your API declaration to use UnmanagedType.LPStr for your strings. pinvoke.net has good API call instructions.

[DllImport("advapi32.dll", SetLastError = true, BestFitMapping = false, ThrowOnUnmappableChar = true)]
[return: MarshalAs(UnmanagedType.Bool)]
internal static extern bool LogonUser(
  [MarshalAs(UnmanagedType.LPStr)] string pszUserName,
  [MarshalAs(UnmanagedType.LPStr)] string pszDomain,
  [MarshalAs(UnmanagedType.LPStr)] string pszPassword,
  int dwLogonType,
  int dwLogonProvider,
  ref IntPtr phToken);

Further, you might try LOGON32_LOGON_BATCH = 4 for LogonType, that worked best for me.

//i cut out the rest of the enum for brevity.
enum LogonType
{
 LOGON32_LOGON_BATCH = 4
}
string sUser="";
string sDomain="";
string sPWD="";
IntPtr token = new IntPtr();
bool bLoginSuccess = LogonUser(sUser, sDomain, sPWD, (int)LogonType.LOGON32_LOGON_BATCH, 0, ref token);
mike
  • 2,149
  • 20
  • 29