The LogonUser function http://msdn.microsoft.com/en-us/library/aa378184(VS.85).aspx returns a handle that you can use to impersonate the user, when you are done using it you call CloseHandle to close it. My question is, do you need to close the handle if the logon attempt fails (ie wrong username or password)?
+1
A:
No. LogonUser returns zero if it fails and no handle is created. Though, if you do call CloseHandle on it, CloseHandle should just return ERROR_INVALID_HANDLE.
James McNellis
2009-10-14 14:00:14
thanks, yeah i was getting ERROR_INVALID_HANDLE when getting the last error to check why the user wasnt able to login, and suspected it was because i was closing an invalid handle. Thanks.
Petey B
2009-10-14 14:01:27
A:
The location pointed to by phToken is an "out" parameter, so if LogonUser() fails you should not count on it storing any reasonable value. You don't need to call CloseHandle() in such case.
sharptooth
2009-10-14 14:01:54