"Access is Denied" LOGON32_LOGON_SERVICE

Question

I am trying to impersonate network service using advapi32

LogonUser("NETWORK SERVICE", "NT AUTHORITY", null, LOGON32_LOGON_SERVICE, LOGON32_PROVIDER_DEFAULT, ref token)

But keep getting Access is denied error, on a Windows 8 machine. Any ideas? (I googled a lot but can't find an answer).

<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app" />
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">        
        <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
      </requestedPrivileges>
      <applicationRequestMinimum>
        <defaultAssemblyRequest permissionSetReference="Custom" />
        <PermissionSet class="System.Security.PermissionSet" version="1" ID="Custom" SameSite="site" Unrestricted="true" />
      </applicationRequestMinimum>
    </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application />      
  </compatibility>  
</asmv1:assembly>

EDIT:

So after few attempts the impersonation seems to work, but I cannot ever authenticate as the host's Network Service. How can an application pool run under a network service than?

Using

LOGON32_LOGON_SERVICE

results in:

Unhandled Exception: System.ComponentModel.Win32Exception: Access is denied
   at Tools.Network.Impersonator.Impersonate(String userName, String domainName,
 String password, LogonType logonType, LogonProvider logonProvider)
   at Tools.Network.Impersonator..ctor(String userName, String domainName, Strin
g password, LogonType logonType, LogonProvider logonProvider)
   at Impersonation.Program.Main(String[] args)

Using

LOGON32_LOGON_NEW_CREDENTIALS

results in:

System.IO.IOException: Logon failure: unknown user name or bad password.

   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.File.InternalCopy(String sourceFileName, String destFileName, Bo
olean overwrite)
   at System.IO.File.Copy(String sourceFileName, String destFileName, Boolean ov
erwrite)
   at Impersonation.Program.Main(String[] args)

Puzzled.

Answer 1

Finally! I have found an answer:

How do I 'run as' 'Network Service'?

and

http://geek.hubkey.com/2008/02/impersonating-built-in-service-account.html

On Windows 8.. "Microsoft have changed the default behaviour of this in Windows 8 / Windows Server 2012. To allow interactive services, you need to find the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows and change NoInteractiveServices from 1 to 0."

Answer 2

Here is a really good link that has code and everything I think that this is what you may be looking for . Let me know if this link does the trick

.NET (C#) Impersonation with Network Credentials works for LOGON32_LOGON_NEW_CREDENTIALS as your logon type, which requires that you select LOGON32_PROVIDER_WINNT50 as the logon provider type.