The key to successfully calling LogonUser is by ensuring that the user
account the code is executing under (normally the interctively logged on
user) has the SE_TCB_NAME privilege assigned to his/her account. You see,
there is a difference between having a privilege and enabling a privilege
(you're code only attempts to do the latter). You can assign this privilege
through either the LSA
API or using the Local Security Policy MMC snapin
(Start | Programs | Adminstrative Tools). After you've done that you must
logout/login again for the privilege to become available. After that calling
LogonUser should succeed (even without explicitly enabling the privilege).
As an aside a word of caution, the SE_TCB_NAME privilege is an enormously
powerfull privilege. Unless there really is no other way to achieve way
you're attempting to do, you should not assign this privilege to just any
user - it effectively makes the user even more powerfull than the
Administrator user itself!