What is LogonUser()'s token returned used for?

Question

Hey Folks,

What can you do with the token LogonUser returns? And what is it used for?

BOOL LogonUser(
  __in      LPTSTR lpszUsername,
  __in_opt  LPTSTR lpszDomain,
  __in      LPTSTR lpszPassword,
  __in      DWORD dwLogonType,
  __in      DWORD dwLogonProvider,
  __out     PHANDLE Token
);

I just need a more general discription and real world uses of what the token is and how it works.

Thanks, -Pete

Answer 1

As MSDN says: "In most cases, the returned handle is a primary token that you can use in calls to the CreateProcessAsUser function". There are no reasons not to believe.

Sample: you could write your own runas.exe. Call LogonUser with username&password from command line. Then call CreateProcessAsUser to start program with selected credentials.