问题
I need to impersonate a user using C#. I use the LogonUser Win32 API. This works fine when impersonating users from the same domain as the currently logged-in user. However I get "false" as response when I try to impersonate users from other domains.
What can cause this?
回答1:
You should try calling GetLastError right after LogonUser fail to see if any error information is given.
http://msdn.microsoft.com/en-us/library/ms679360(VS.85).aspx
There may be some issue with calling GetLastError from c#.
Look here for more information on this : http://blogs.msdn.com/adam_nathan/archive/2003/04/25/56643.aspx
Is there a trust between your two domains? If not, LogonUser will fail.
回答2:
As Joel says you need trust between the domains.
You also need to be carefull with respect to the security context of the process doing the delegation, and which domain the machine you are running on is in.
Both the machine and the user account of the process must be trusted for delegation, by the domain that you are trying to access.
This means that your code should be running on the domain that you are trying to access.
Hope this helps
Shiraz
来源:https://stackoverflow.com/questions/993418/logonuser-works-only-for-my-domain