I recently wrote a Windows Service that uses impersonation. A separate program copies files to a directory on the network. My Windows Service looks for these files in the directory, processes them, and then deletes them from the network directory.

I finally got the service to work, but could anyone suggest some resources would explain why some of the other things I tried didn't work?

I used impersonation, customizing an example that I found online which accessed the LogonUser method,

LogonUser(string username, string domain, string password, int logonType, int logonProvider, ref IntPtr token)

in advapi32.dll (unmanaged code outside .NET). My network admin created a user account that had privileges sufficient to read from the network directory and delete files from it.

The logonTypes recognized by LogonUser that I tried were Interactive, Network, Batch, and Service. The service could only read and delete the files from the network directory when I used the Interactive logon type. Since a Service lacks a UI, it seemed like more privilege than the Service should need. Are the other logonTypes ever used in impersonation?

In the autogenerated code for the project installer for my service, in the InitializeComponent method, there were two properties,

ServiceProcessInstaller.Password
ServiceProcessInstaller.Username

When and how should these properties be used? I found that assigning the username and password provided by my network admin did not allow the service to work.

If anyone could explain logons and logonTypes, better still, recommend a good resource that I could reference, I would appreciate it. If the way that I am currently using impersonation is insecure, I would appreciate recommendations. I don't want to specialize in security, but I want to know enough to write secure code.

Thanks.