Security & Identity

This section provides documentation for Windows APIs related to security, authentication, authorization, and identity management.

LogonUser

The LogonUser function logs a user on to the local computer or a domain. The calling thread has the specified token in its impersonation context.

Function Signature:

BOOL LogonUser(LPTSTR lpszUsername, LPTSTR lpszDomain, LPTSTR lpszPassword, DWORD dwLogonType, DWORD dwLogonProvider, PHANDLE phToken);

Parameters:

  • lpszUsername: The user name.
  • lpszDomain: The domain name.
  • lpszPassword: The password for the user.
  • dwLogonType: The type of logon.
  • dwLogonProvider: The logon provider.
  • phToken: A pointer to a variable that receives the handle of the new access token.

Return Value:

  • If the function succeeds, the return value is nonzero.
  • If the function fails, the return value is zero.

CreateProcessWithLogonW

The CreateProcessWithLogonW function creates a new process in the logon session of the specified user.

Function Signature:

BOOL CreateProcessWithLogonW(LPCWSTR lpUsername, LPCWSTR lpDomain, LPCWSTR lpPassword, DWORD dwLogonFlags, LPCWSTR lpApplicationName, LPWSTR lpCommandLine, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation);

Parameters:

  • lpUsername: The user name.
  • lpDomain: The domain name.
  • lpPassword: The password for the user.
  • dwLogonFlags: Flags that control how the process is created.
  • lpApplicationName: The name of the module to be executed.
  • lpCommandLine: The command line.
  • dwCreationFlags: Flags that specify the creation flags.
  • lpEnvironment: The environment block.
  • lpCurrentDirectory: Pointer to a null-terminated string specifying the fully qualified path of the current directory.
  • lpStartupInfo: Pointer to a STARTUPINFO structure.
  • lpProcessInformation: Pointer to a PROCESS_INFORMATION structure.

Return Value:

  • If the function succeeds, it returns a nonzero value.
  • If the function fails, it returns zero.

GetCurrentUserSID

The GetCurrentUserSID function retrieves the Security Identifier (SID) of the current user.

Function Signature:

BOOL GetCurrentUserSID(PSID *ppsid);

Parameters:

  • ppsid: A pointer to a pointer to a SID structure that receives the SID of the current user.

Return Value:

  • If the function succeeds, the return value is nonzero.
  • If the function fails, the return value is zero.

Remarks:

  • The caller is responsible for freeing the memory allocated for the SID.

ImpersonateUser

The ImpersonateUser function enables the calling thread to impersonate a user. The user is identified by a handle to an access token that represents the user.

Function Signature:

BOOL ImpersonateUser(HANDLE hThread, HANDLE hToken);

Parameters:

  • hThread: A handle to the thread to be impersonated.
  • hToken: A handle to the access token that represents the user.

Return Value:

  • If the function succeeds, the return value is nonzero.
  • If the function fails, the return value is zero.