我想针对域控制器验证一组凭据。例如。:
Username: joel
Password: splotchy
Domain: STACKOVERFLOW
在 .NET 3.5 及更高版本中您可以使用PrincipalContext.ValidateCredentials(username, password) https://stackoverflow.com/a/327073/12597.
否则你就有麻烦了。
按照 Microsoft 知识库文章中的代码进行操作如何在 Microsoft 操作系统上验证用户凭据 http://support.microsoft.com/kb/180548,我到了你打电话的地方AcceptSecurityContext http://msdn.microsoft.com/en-us/library/windows/desktop/aa374705(v=vs.85).aspx:
ss = AcceptSecurityContext(
@pAS._hcred, //[in]CredHandle structure
phContext, //[in,out]CtxtHandle structure
@InBuffDesc, //[in]SecBufferDesc structure
0, //[in]context requirement flags
SECURITY_NATIVE_DREP, //[in]target data representation
@pAS._hctxt, //[in,out]CtxtHandle strcture
@OutBuffDesc, //[in,out]SecBufferDesc structure
ContextAttributes, //[out]Context attribute flags
@Lifetime); //[out]Timestamp struture
除非该函数失败并显示:
SEC_E_NO_AUTHENTICATING_AUTHORITY http://msdn.microsoft.com/en-us/library/windows/desktop/aa374705%28v=vs.85%29.aspx(0x80090311)
功能失败。无法联系任何机构进行身份验证。这可能是由于以下条件造成的:
这将是一个有用的错误,除了我可以使用以下方法验证 .NET 3.5 中的相同凭据:
using (PrincipalContext context = new PrincipalContext(ContextType.Domain, domain))
{
valid = context.ValidateCredentials(username, password);
}
可能会发生什么情况,导致 .NET 可以验证一组凭据,而本机代码却不能?
Update: LogonUser
也失败:
LogonUser("[email protected] /cdn-cgi/l/email-protection", null, "splotchy",
LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_WINNT50, out token);
with
1311 - There are currently no logon servers available to service the logon request
更新二: 我已经尝试了两种首选Negotiate
提供程序,以及 Windows NT4 旧版“NTLM”提供程序
String package = "Negotiate"; //"NTLM"
QuerySecurityPackageInfo(package, [out] packageInfo);
...
AcquireCredentialsHandle(
null, //[in] principle
package, //[in] package
SECPKG_CRED_OUTBOUND, //[in] credential use
null, //[in] LogonID
pAuthIdentity, //[in] authData
null, //[in] GetKeyFn, not used and should be null
null, //[in] GetKeyArgument, not used and should be null
credHandle, //[out] CredHandle structure
expires); //[out] expiration TimeStamp structure