I'm having problems trying to impersonate an active directory user in a desktop application. Every time I use the LogOn API the result is false.
The user and domain do exist since I can also authenticate the user over the DirectoryServices.AccountManagement on the same application.
Have read the documentation about impersonation in the Microsoft site and even some post here on the stack. Also, have used the SimpleImpersonation library with the same results.
public class Demo
{
private WindowsImpersonationContext impersonationContext = null;
[DllImport("advapi32.dll", SetLastError = true)]
private static extern int LogonUser(string lpszUserName, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern int DuplicateToken(IntPtr hToken, int impersonationLevel, ref IntPtr hNewToken);
private void Enter()
{
try
{
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
string userName = "myValidUser";
string domain = "my.domain.example";
string password = "myValidPassword";
if (LogonUser(userName, domain, password, (int)LogonType.LOGON32_LOGON_INTERACTIVE, (int)LogonProvider.LOGON32_PROVIDER_WINNT35, ref token) != 0)
{
WindowsIdentity WindowsIdentityPrincipal = new WindowsIdentity(token);
if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
{
WindowsIdentity tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
}
else
{
throw new Win32Exception(new Win32Exception(Marshal.GetLastWin32Error()).Message);
}
}
else
{
//throws username or pass incorrect
throw new Win32Exception(new Win32Exception(Marshal.GetLastWin32Error()).Message);
}
}
catch (Exception exc)
{
throw exc;
}
}
public enum LogonProvider
{
LOGON32_PROVIDER_DEFAULT = 0,
LOGON32_PROVIDER_WINNT35 = 1,
LOGON32_PROVIDER_WINNT40 = 2,
LOGON32_PROVIDER_WINNT50 = 3
}
private enum LogonType
{
LOGON32_LOGON_INTERACTIVE = 2,
LOGON32_LOGON_NETWORK = 3,
LOGON32_LOGON_BATCH = 4,
LOGON32_LOGON_SERVICE = 5,
LOGON32_LOGON_UNLOCK = 7,
LOGON32_LOGON_NETWORK_CLEARTEXT = 8,
LOGON32_LOGON_NEW_CREDENTIALS = 9,
}
}
I don't know if the reason it isn't working is that my computer is running on an outside network and connecting/authenticating to the company network over a VPN.
Edit 1. The resulting error code is 1326 (unknown user name or bad
password)
Edit 2. The method is trying to obtain the identity token for later
use on thread impersonation.
You might want to check the documentation for the LogonUser function.
If your username is in the format user#domain.example then you need to pass in:
lpszUserName = "user#domain.example"
lpszDomain = null
If your username is in the format domain\user then you need to pass in:
lpszUserName = "user"
lpszDomain = "domain"
Treating the fully qualified username the wrong way will result in the error code you're seeing.
You cannot use LogonUser to log on to a remote computer. You need to use WNetAddConnection2 api function. Please refer to the msdn documentation.
for LogonUser:
https://learn.microsoft.com/en-us/windows/desktop/api/winbase/nf-winbase-logonuserw
for WNetAddConnection2 :
https://learn.microsoft.com/en-us/windows/desktop/api/winnetwk/nf-winnetwk-wnetaddconnection2w
here is a class that I have written :
public class RemoteNetworkConnector : IDisposable
{
readonly string _networkName;
public RemoteNetworkConnector(string networkName, NetworkCredential credentials)
{
_networkName = networkName;
NetResource netResource = new NetResource
{
Scope = ResourceScope.GlobalNetwork,
ResourceType = ResourceType.Disk,
DisplayType = ResourceDisplaytype.Share,
RemoteName = networkName
};
var userName = string.IsNullOrEmpty(credentials.Domain)
? credentials.UserName
: string.Format(#"{0}\{1}", credentials.Domain, credentials.UserName);
var connectionResult = WNetAddConnection2(
netResource,
credentials.Password,
userName,
0);
if (connectionResult != 0)
{
throw new Win32Exception(connectionResult, "Error connecting to remote share");
}
}
~RemoteNetworkConnector()
{
Dispose(false);
}
public void Dispose()
{
Dispose(true);
GC.SuppressFinalize(this);
}
protected virtual void Dispose(bool disposing)
{
WNetCancelConnection2(_networkName, 0, true);
}
[DllImport("mpr.dll")]
private static extern int WNetAddConnection2(NetResource netResource,
string password, string username, int flags);
[DllImport("mpr.dll")]
private static extern int WNetCancelConnection2(string name, int flags,
bool force);
[StructLayout(LayoutKind.Sequential)]
public class NetResource
{
public ResourceScope Scope;
public ResourceType ResourceType;
public ResourceDisplaytype DisplayType;
public int Usage;
public string LocalName;
public string RemoteName;
public string Comment;
public string Provider;
}
public enum ResourceScope : int
{
Connected = 1,
GlobalNetwork,
Remembered,
Recent,
Context
};
public enum ResourceType : int
{
Any = 0,
Disk = 1,
Print = 2,
Reserved = 8,
}
public enum ResourceDisplaytype : int
{
Generic = 0x0,
Domain = 0x01,
Server = 0x02,
Share = 0x03,
File = 0x04,
Group = 0x05,
Network = 0x06,
Root = 0x07,
Shareadmin = 0x08,
Directory = 0x09,
Tree = 0x0a,
Ndscontainer = 0x0b
}
}
I hope this will help.
Related
Let's start with documentation:
https://man7.org/linux/man-pages/man3/getpwnam.3.html
Having this, I made a following C# code:
using System;
using System.Runtime.InteropServices;
if (args.Length < 1) {
Console.Error.WriteLine("Provide user name.");
Environment.Exit(-1);
}
var name = args[0];
if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) {
Syscall.getpwnam(name, out var passwd);
Console.WriteLine($"User = {name}, UID = {passwd.Uid}, GID = {passwd.Gid}");
passwd = GetPasswd(name);
Console.WriteLine($"User = {name}, UID = {passwd.Uid}, GID = {passwd.Gid}");
}
else {
Console.WriteLine("It supposed to be run on Linux.");
}
static Passwd GetPasswd(string name) {
var bufsize = 16384;
var buf = new byte[bufsize];
var passwd = new Passwd();
Syscall.getpwnam_r(name, passwd, buf, (uint)bufsize, out var result);
return result;
}
public struct Passwd {
public string Name;
public string Password;
public uint Uid;
public uint Gid;
public string Gecos;
public string Directory;
public string Shell;
}
static class Syscall {
[DllImport("libc", SetLastError = true)]
public static extern void getpwnam(string name, out Passwd passwd);
[DllImport("libc", SetLastError = true)]
public static extern void getpwnam_r(string name, Passwd passwd, byte[] buf, uint bufsize, out Passwd result);
}
It doesn't work.
Here's what I get:
User = service, UID = 0, GID = 0
Segmentation fault (core dumped)
What am I doing wrong?
How should I call it to get the actual structure? I'm not interested in returned strings. All I care of are Uid and Gid values.
As linked documentation mentions - this function accepts one parameter - name, and returns pointer to structure with data. So signature should be:
[DllImport("libc", SetLastError = true)]
public static extern IntPtr getpwnam(string name);
And then:
// we have pointer here
var passwdPtr = Syscall.getpwnam(name);
// don't forget to check if pointer is not IntPtr.Zero.
// interpret data at pointer as structure
var passwd = Marshal.PtrToStructure<Passwd>(passwdPtr);
Console.WriteLine($"User = {passwd.Name}, UID = {passwd.Uid}, GID = {passwd.Gid}");
I'am working on a program which has to check if there is a connection to the NAS and if it's possible to write and read data from it. Checking the connection is not a problem.
I'am running on a Windows Server 2012 and know the credentials from the NAS.
I tried impersonating with those credentials but this did not work. I'am always getting the same error. The user name or password is incorrect. But when I connection with the windows explorer with the same credentials it works.
This is my DLL Import and the necessary variables
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
// Variables
private IntPtr m_Token;
private WindowsImpersonationContext m_Context = null;
private string m_Domain;
private string m_Password;
private string m_Username;
m_Domain is different to the local domain
This is the actual Impersonation
m_Token = IntPtr.Zero;
bool logonSuccessfull = LogonUser(
m_Username,
m_Domain,
m_Password,
(int)LOGON32_TYPE_NETWORK,
(int)LOGON32_PROVIDER_WINNT50,
ref m_Token);
if (logonSuccessfull == false)
{
int error = Marshal.GetLastWin32Error();
throw new Win32Exception(error);
}
WindowsIdentity identity = new WindowsIdentity(m_Token);
m_Context = identity.Impersonate();
LOGON32_TYPE_NETWORK is equal to 3,
LOGON32_PROVIDER_WINNT50 is equal to 3
This code is executed with administrator rights.
This is the error which gets thrown:
System.ComponentModel.Win32Exception (0x80004005): The user name or password is incorrect
This error get's thrown at
if (logonSuccessfull == false)
{
int error = Marshal.GetLastWin32Error();
throw new Win32Exception(error);
}
Is there another way?
Or do have to use other LogonType's or LogonProvider?
These I have also tried but also did not work for me.
private const int LOGON32_PROVIDER_DEFAULT = 0;
private const int LOGON32_LOGON_INTERACTIVE = 2;
private const int LOGON32_TYPE_NEW_CREDENTIALS = 9;
When using the LOGON32_TYPE_NEW_CREDENTIALS it doesn't throw an error but
the impersonated user does not change at all.
I could solve the isse by using the Network Credentials and by using the mpr.dll
[DllImport("mpr.dll")]
private static extern int WNetAddConnection2(NetResource netResource,
string password, string username, int flags);
[DllImport("mpr.dll")]
private static extern int WNetCancelConnection2(string name, int flags, bool force);
[StructLayout(LayoutKind.Sequential)]
public class NetResource
{
public ResourceScope Scope;
public ResourceType ResourceType;
public ResourceDisplaytype DisplayType;
public int Usage;
public string LocalName;
public string RemoteName;
public string Comment;
public string Provider;
}
public enum ResourceScope : int
{
Connected = 1,
GlobalNetwork,
Remembered,
Recent,
Context
};
public enum ResourceType : int
{
Any = 0,
Disk = 1,
Print = 2,
Reserved = 8,
}
public enum ResourceDisplaytype : int
{
Generic = 0x0,
Domain = 0x01,
Server = 0x02,
Share = 0x03,
File = 0x04,
Group = 0x05,
Network = 0x06,
Root = 0x07,
Shareadmin = 0x08,
Directory = 0x09,
Tree = 0x0a,
Ndscontainer = 0x0b
}
void ConnectToNas(string username, string password, string networkName){
NetworkCredential cred = new NetworkCredential(username, password);
var netResource = new NetResource
{
Scope = ResourceScope.GlobalNetwork,
ResourceType = ResourceType.Disk,
DisplayType = ResourceDisplaytype.Share,
RemoteName = networkName
};
var result = WNetAddConnection2(netResource, credentials.Password,userName,0);
if (result != 0)
{
throw new Win32Exception(result, "Error while connection to NAS");
}
}
For closing the connection:
void CloseConnection(string networkName){
WNetCancelConnection2(networkName, 0, true);
}
With this way I was able to connect to the NAS and check if it's readable and writeable by writing a file to it, reading it and afterwards deleting it.
I am running a remote application on w2008r2 and would like to retrieve the virtual ip it is running from.
Already tried cassia, but it gives me the client ip, not the ip handed out by the dhcp server.
Looking up the address through dns lookup up doesn't work either; it returns the servers IP address instead of the virtual IP address
I have setup Remote Desktop IP Virtualization per program as described here
Seems I get results I needed with WTS_INFO_CLASS --> WTSSessionAddressV4
together with solution from C# Get RDC/RDP and “Console” Session information ( which lacked the full enumeration on WTS_INFO_CLASS)
using System;
using PreEmptive.SoSAttributes;
using Cassia;
using System.Runtime.InteropServices;
using System.Net;
Namespace SomeNameSpace
{
internal static class SomeProgram
{
//Check if we have a virtual IP address
TerminalSessionInfo SessionInfo = TermServicesManager.GetSessionInfo(Dns.GetHostName(), _manager.CurrentSession.SessionId);
string LocalIPAddress = "127.0.0.1";
if (SessionInfo.ClientAddress != null)
{
LocalIPAddress = SessionInfo.ClientAddress;
}
MessageBox.Show(LocalIPAddress);
}
#region Get TerminalServer info
public class TermServicesManager
{
[DllImport("wtsapi32.dll")]
static extern IntPtr WTSOpenServer([MarshalAs(UnmanagedType.LPStr)] String pServerName);
[DllImport("wtsapi32.dll")]
static extern void WTSCloseServer(IntPtr hServer);
[DllImport("Wtsapi32.dll")]
public static extern bool WTSQuerySessionInformation(IntPtr hServer, int sessionId, WTS_INFO_CLASS wtsInfoClass,out System.IntPtr ppBuffer, out uint pBytesReturned);
[DllImport("wtsapi32.dll")]
static extern void WTSFreeMemory(IntPtr pMemory);
[StructLayout(LayoutKind.Sequential)]
public struct WTS_SESSION_ADDRESS
{
public uint AddressFamily;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 20)]
public byte[] Address;
}
public enum WTS_INFO_CLASS
{
InitialProgram = 0,
ApplicationName = 1,
WorkingDirectory = 2,
OEMId = 3,
SessionId = 4,
UserName = 5,
WinStationName = 6,
DomainName = 7,
ConnectState = 8,
ClientBuildNumber = 9,
ClientName = 10,
ClientDirectory = 11,
ClientProductId = 12,
ClientHardwareId = 13,
ClientAddress = 14,
ClientDisplay = 15,
ClientProtocolType = 16,
WTSIdleTime = 17,
WTSLogonTime = 18,
WTSIncomingBytes = 19,
WTSOutgoingBytes = 20,
WTSIncomingFrames = 21,
WTSOutgoingFrames = 22,
WTSClientInfo = 23,
WTSSessionInfo = 24,
WTSSessionInfoEx = 25,
WTSConfigInfo = 26,
WTSValidationInfo = 27,
WTSSessionAddressV4 = 28,
WTSIsRemoteSession = 29
}
private static IntPtr OpenServer(string Name)
{
IntPtr server = WTSOpenServer(Name);
return server;
}
private static void CloseServer(IntPtr ServerHandle)
{
WTSCloseServer(ServerHandle);
}
public static TerminalSessionInfo GetSessionInfo(string ServerName, int SessionId)
{
IntPtr server = IntPtr.Zero;
server = OpenServer(ServerName);
System.IntPtr buffer = IntPtr.Zero;
uint bytesReturned;
TerminalSessionInfo data = new TerminalSessionInfo();
try
{
bool worked = WTSQuerySessionInformation(server, SessionId,
WTS_INFO_CLASS.WTSSessionAddressV4, out buffer, out bytesReturned);
if (!worked)
return data;
WTS_SESSION_ADDRESS si = (WTS_SESSION_ADDRESS)Marshal.PtrToStructure((System.IntPtr)buffer, typeof(WTS_SESSION_ADDRESS));
data.ClientAddress = si.Address[2] + "." +si.Address[3] + "." + si.Address[4] + "." + si.Address[5];
}
finally
{
WTSFreeMemory(buffer);
buffer = IntPtr.Zero;
CloseServer(server);
}
return data;
}
}
public class TerminalSessionInfo
{
public string ClientAddress;
}
}
#endregion
You mean you want to get the local IP, right?
If yes, here is how to do it:
public static string GetLocalIPAddress()
{
var host = Dns.GetHostEntry(Dns.GetHostName());
foreach (var ip in host.AddressList)
{
if (ip.AddressFamily == AddressFamily.InterNetwork)
{
return ip.ToString();
}
}
throw new Exception("Local IP Address Not Found!");
}
I try to get all domains in a forest.
I can connect to one specific domain and get its DirectoryEntry like this:
DirectoryContext dc =
new DirectoryContext(DirectoryContextType.DirectoryServer, "xx.x.xxx.40", "w28\\administrator", "pwd");
Domain domain = Domain.GetDomain(dc);
DirectoryEntry entry = domain.GetDirectoryEntry();
foreach (DirectoryEntry child in entry.Children)
{
Console.WriteLine(" - " + child.Name);
}
However, when I try to get other domains via the Forest properity.
Forest forest = domain.Forest;
Console.WriteLine("Count: " + forest.Domains.Count); //It crashes here
DomainCollection domains = forest.Domains;
My app crashes and the exception message is shown below:
System.DirectoryServices.ActiveDirectory.ActiveDirectoryServerDownException:
The specified domain either does not exist or could not be contacted.
at
System.DirectoryServices.ActiveDirectory.Locator.GetDomainControllerInfo(String
computerName, String domainName, String siteName, Int64 flags) at
System.DirectoryServices.ActiveDirectory.DirectoryContext.isCurrentForest()
at
System.DirectoryServices.ActiveDirectory.DirectoryContext.GetServerName()
at
System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.GetNewDirectoryEntry(String
dn) at
System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.GetCachedDirectoryEntry(String
distinguishedName) at
System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.ExpandWellKnownDN(WellKnownDN
dn) at
System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.ExpandWellKnownDN(WellKnownDN
dn) at System.DirectoryServices.ActiveDirectory.Forest.GetDomains()
at System.DirectoryServices.ActiveDirectory.Forest.get_Domains()
Please help me.
Thanks in advance.
I ran similar code in my forest (by GetCurrentDomain() and query its Forest) and they worked well. I think the problem was just as the exception and callstack presented - it tries to get info about your forest by querying the forest root server which is a DC, and it cannot be contacted. I think you need to check your topology and then look at the server's status.
I have this same problem. I'm outside the domain and I always will be because we're network security testers.
I found this is a good way to work around
class PInvoke {
[DllImport("Netapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern int DsGetDcName
(
[MarshalAs(UnmanagedType.LPTStr)]
string ComputerName,
[MarshalAs(UnmanagedType.LPTStr)]
string DomainName,
[In] int DomainGuid,
[MarshalAs(UnmanagedType.LPTStr)]
string SiteName,
[MarshalAs(UnmanagedType.U4)]
DSGETDCNAME_FLAGS flags,
out IntPtr pDOMAIN_CONTROLLER_INFO
);
[StructLayout(LayoutKind.Sequential)]
public class GuidClass
{
public Guid TheGuid;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct DOMAIN_CONTROLLER_INFO
{
[MarshalAs(UnmanagedType.LPTStr)]
public string DomainControllerName;
[MarshalAs(UnmanagedType.LPTStr)]
public string DomainControllerAddress;
public uint DomainControllerAddressType;
public Guid DomainGuid;
[MarshalAs(UnmanagedType.LPTStr)]
public string DomainName;
[MarshalAs(UnmanagedType.LPTStr)]
public string DnsForestName;
public uint Flags;
[MarshalAs(UnmanagedType.LPTStr)]
public string DcSiteName;
[MarshalAs(UnmanagedType.LPTStr)]
public string ClientSiteName;
}
[DllImport("Netapi32.dll", SetLastError = true)]
public static extern int NetApiBufferFree(IntPtr Buffer);
[Flags]
public enum DSGETDCNAME_FLAGS : uint
{
DS_FORCE_REDISCOVERY = 0x00000001,
DS_DIRECTORY_SERVICE_REQUIRED = 0x00000010,
DS_DIRECTORY_SERVICE_PREFERRED = 0x00000020,
DS_GC_SERVER_REQUIRED = 0x00000040,
DS_PDC_REQUIRED = 0x00000080,
DS_BACKGROUND_ONLY = 0x00000100,
DS_IP_REQUIRED = 0x00000200,
DS_KDC_REQUIRED = 0x00000400,
DS_TIMESERV_REQUIRED = 0x00000800,
DS_WRITABLE_REQUIRED = 0x00001000,
DS_GOOD_TIMESERV_PREFERRED = 0x00002000,
DS_AVOID_SELF = 0x00004000,
DS_ONLY_LDAP_NEEDED = 0x00008000,
DS_IS_FLAT_NAME = 0x00010000,
DS_IS_DNS_NAME = 0x00020000,
DS_RETURN_DNS_NAME = 0x40000000,
DS_RETURN_FLAT_NAME = 0x80000000
}
}
class domain
{
public static void DetectDc(string domain, string username, string password, out string dc, out string dcAddress, out string path)
{
PInvoke.DOMAIN_CONTROLLER_INFO domainInfo;
const int errorSuccess = 0;
var pDci = IntPtr.Zero;
try
{
var val = PInvoke.DsGetDcName(null, domain, 0, "", 0, out pDci);
//check return value for error
if (errorSuccess == val)
{
domainInfo = (PInvoke.DOMAIN_CONTROLLER_INFO)Marshal.PtrToStructure(pDci, typeof(PInvoke.DOMAIN_CONTROLLER_INFO));
}
else
{
dc = "";
dcAddress = "";
path = "";
namingContext = "";
return;
}
}
finally
{
PInvoke.NetApiBufferFree(pDci);
}
dc = domainInfo.DomainControllerName;
dc = dc.Replace("\\\\", "");
dcAddress = domainInfo.DomainControllerAddress;
dcAddress = dcAddress.Replace("\\\\", "");
var ldap = new Ldap(domain, dcAddress, username, password);
}
}
I'm trying to use CredWrite, but get an ERROR_INVALID_PARAMETER 87 (0x57) error. The intent is to have a secure place to save the user's password for my .net WPF application.
And my code:
public class CredMan
{
private const string TARGET_PREFIX = "myappname:";
public static void SavePassword(string username, string password)
{
Win32CredMan.Credential cred = new Win32CredMan.Credential();
cred.Flags = 0;
cred.Type = Win32CredMan.CRED_TYPE.GENERIC;
cred.TargetName = TARGET_PREFIX + username;
var encoding = new System.Text.UTF8Encoding();
cred.CredentialBlob = encoding.GetBytes(password);
cred.Persist = Win32CredMan.CRED_PERSIST.LOCAL_MACHINE;
cred.UserName = username;
bool isGood = Win32CredMan.CredWrite(cred, 0);
int lastError = Marshal.GetLastWin32Error();
}
}
This is the win32 wrapper: (mostly grabbed from pinvoke.net)
internal class Win32CredMan
{
[DllImport("Advapi32.dll", EntryPoint = "CredReadW", CharSet = CharSet.Unicode, SetLastError = true)]
public static extern bool CredRead(string target, CRED_TYPE type, int reservedFlag,
[MarshalAs(UnmanagedType.CustomMarshaler, MarshalTypeRef = typeof(CredentialInMarshaler))]out Credential credential);
[DllImport("Advapi32.dll", EntryPoint = "CredFreeW", CharSet = CharSet.Unicode, SetLastError = true)]
public static extern void CredFree(IntPtr buffer);
[DllImport("Advapi32.dll", SetLastError = true, EntryPoint = "CredWriteW", CharSet = CharSet.Unicode)]
public static extern bool CredWrite([In] Credential userCredential, [In] UInt32 flags);
public enum CRED_TYPE : uint
{
GENERIC = 1,
DOMAIN_PASSWORD = 2,
DOMAIN_CERTIFICATE = 3,
DOMAIN_VISIBLE_PASSWORD = 4,
GENERIC_CERTIFICATE = 5,
DOMAIN_EXTENDED = 6,
MAXIMUM = 7, // Maximum supported cred type
MAXIMUM_EX = (MAXIMUM + 1000), // Allow new applications to run on old OSes
}
public enum CRED_PERSIST : uint
{
SESSION = 1,
LOCAL_MACHINE = 2,
ENTERPRISE = 3,
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct CREDENTIAL_ATTRIBUTE
{
string Keyword;
uint Flags;
uint ValueSize;
IntPtr Value;
}
//This type is deliberately not designed to be marshalled.
public class Credential
{
public UInt32 Flags;
public CRED_TYPE Type;
public string TargetName;
public string Comment;
public System.Runtime.InteropServices.ComTypes.FILETIME LastWritten;
public byte[] CredentialBlob;
public CRED_PERSIST Persist;
public CREDENTIAL_ATTRIBUTE[] Attributes;
public string TargetAlias;
public string UserName;
}
}
I ran into this same problem now.
I found that this issue occurred using the DOMAIN_PASSWORD option as credential type.
It turns out the TargetName contained an incorrect value.
you should only specify the dns or ip address (wildcard optional),
but NOT containing a full url or protocol.
e.g. "*.microsoft.com" is correct, but "http://www.microsoft.com/" is INVALID
I'll just post this here in case other people run into this issue. took me a while to find it.