[Lumenii]

I'm on Vista. I tried myself, but couldn't come up with reasonable code myself to authenticate an entered password with the currently logged in Windows user. I'm speaking locally here - this will never need to be done remotely/over a network.

The code I've ended up with is as follows:

Imports System.Security.Principal

Module Auth

    Declare Function LogonUserA Lib "advapi32.dll" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, ByRef phToken As IntPtr) As Integer
    Declare Auto Function DuplicateToken Lib "advapi32.dll" (ByVal ExistingTokenHandle As IntPtr, ByVal ImpersonationLevel As Integer, ByRef DuplicateTokenHandle As IntPtr) As Integer
    Declare Auto Function RevertToSelf Lib "advapi32.dll" () As Long
    Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Long
    Private LOGON32_LOGON_INTERACTIVE As Integer = 2
    Private LOGON32_PROVIDER_DEFAULT As Integer = 0
    Private impersonationContext As WindowsImpersonationContext

    Public Function Valid(ByVal Entry As String) As Boolean
        Dim Result As Boolean = False
        Dim tempWindowsIdentity As WindowsIdentity
        Dim token As IntPtr = IntPtr.Zero
        Dim tokenDuplicate As IntPtr = IntPtr.Zero
        If RevertToSelf() <> 0 Then
            If LogonUserA(My.User.Name, "", Entry, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
                If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
                    tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
                    impersonationContext = tempWindowsIdentity.Impersonate()
                    If Not impersonationContext Is Nothing Then
                        Result = True
                    End If
                End If
            End If
        End If
        If Not tokenDuplicate.Equals(IntPtr.Zero) Then
            CloseHandle(tokenDuplicate)
        End If
        If Not token.Equals(IntPtr.Zero) Then
            CloseHandle(token)
        End If
        Return Result
    End Function

    Public Sub EndValidation()
        impersonationContext.Undo()
    End Sub

End Module

I am calling it as shown here:

    Private Sub TrySubmit()
        If Auth.Valid(txtPass.Text) Then
            'I have code here that runs upon successful validation.  I have omitted it in the interest of space.'
            Auth.EndValidation()
            Application.Exit() 'This line to be replaced by code to run app in background while waiting for next launch, rather than exit.'
        Else
            'Similarly, I have code here that will run upon an unsuccessful validation.'
        End If
    End Sub

The code for an unsuccessful validation is called each time. I have tried multiple variations on the code in the first block; nothing seems to change. Any ideas?

On a side note, if I monitor ports 80 and one other (having issues recalling the number right now.. typical), using Winsock, do you think I could effectively trap incoming traffic to the point of monitoring all files connected to (pages, directly loaded files, images, etc... every separate file accessed via the internet)? Sorry for the tangent..

This post has been edited by Lumenii: 27 February 2010 - 08:49 PM

[Lumenii]

I should probably note that I've tried hard-coding in my actual Windows username and password for testing, and it did not work.