[英]LogonUser Lib “advapi32.dll” strange on non domain cpu when local account exists?
In attempting a Login Form for a VB.NET WinForms app and it needs to only allow domain users in a certain group.在为 VB.NET WinForms 应用程序尝试登录表单时,它只需要允许特定组中的域用户。 On using the API LogonUser for advapi32.dll either I'm not getting the flags right or something else unknown is happening.
在将 API LogonUser 用于 advapi32.dll 时,要么我没有得到正确的标志,要么发生了其他未知的事情。
For Interest, I've known for years that using Local users with the same username and password on multiple computers allowed simple user management without the need of a full domain in sharing files between (ie: at home) There is probably a policy on the computer to turn this off - please note if you know it??对于兴趣,我多年来一直知道在多台计算机上使用具有相同用户名和密码的本地用户允许简单的用户管理,而无需在(即:在家)之间共享文件的完整域计算机关闭此功能-请注意您是否知道??
When used on a domain computer the paramaters of login type (INTERACTIVE,NETWORK,BATCH,NEW_CREDENTIALS) all appear to work fine.在域计算机上使用时,登录类型(INTERACTIVE、NETWORK、BATCH、NEW_CREDENTIALS)的参数似乎都能正常工作。
When used on a Workgroup computer eg: in workgroup "WORKGROUP" on the same network as the domain but isn't on the domain, it doesn't work in any combination I try.当在工作组计算机上使用时,例如:在与域位于同一网络但不在域中的工作组“WORKGROUP”中,它在我尝试的任何组合中都不起作用。 If the account you use eg: MyDomain\\User1 exists as MyComputer\\User1 it returns MyComputer\\User1 regardless of specifying the Domain in the Call as "MyDomain".
如果您使用的帐户例如:MyDomain\\User1 作为 MyComputer\\User1 存在,则无论在调用中将域指定为“MyDomain”,它都会返回 MyComputer\\User1。 This computer can communicate with the domain shares (by logging in) - therefore I would expect to able to login to the domain simply just for a login screen if available.
这台计算机可以与域共享通信(通过登录) - 因此我希望能够登录到域,只是为了登录屏幕(如果可用)。 This isn't for impersonation reasons at all, just to prove who you are regardless of being on a Work Domain PC or BYOD.
这根本不是出于冒充的原因,只是为了证明您是谁,无论是使用 Work Domain PC 还是 BYOD。
Heres some code:继承人一些代码:
Public Class WinSecurity
Private Declare Auto Function LogonUser Lib "advapi32.dll" (
ByVal lpszUsername As String,
ByVal lpszDomain As String,
ByVal lpszPassword As String,
ByVal dwLogonType As Integer,
ByVal dwLogonProvider As Integer,
ByRef phToken As IntPtr) As Boolean
Private Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Boolean
Public Const LOGON32_LOGON_INTERACTIVE As Long = 2
Public Const LOGON32_LOGON_NETWORK As Long = 3
Public Const LOGON32_LOGON_BATCH As Long = 4
Public Const LOGON32_LOGON_SERVICE As Long = 5
Public Const LOGON32_LOGON_CLEARTEXT As Long = 8
Public Const LOGON32_LOGON_NEW_CREDENTIALS As Long = 9
Public Const LOGON32_PROVIDER_DEFAULT As Long = 0
Public Const LOGON32_PROVIDER_WINNT50 As Long = 3
Public Const LOGON32_PROVIDER_WINNT40 As Long = 2
Public Const LOGON32_PROVIDER_WINNT35 As Long = 1
Public Shared Function checkUserLogin(ByVal LoginCode As String, ByVal Password As String, ByVal Domain As String, Login As integer, Provider As integer) As WindowsIdentity
Dim token As IntPtr
LogonUser(LoginCode, Domain, Password, Login, Provider, token)
If (token.ToInt32 > 0) Then
Dim newId As New WindowsIdentity(token)
Track.LogDEBUG(String.Format("Attempto PASS: {0}, Auth: {1}, method: {2}, Provider: {3}", newId.Name, newId.Token, Login, Provider))
CloseHandle(token)
Else
Track.LogDEBUG(String.Format("Attempto FAIL: {0}, Auth: {1}, method: {2}, Provider: {3}", LoginCode, Domain, Login, Provider))
End If
End Function
End Class
''Calling Code
dim sDomain as string = "MyDomain"
WinSecurity.checkUserLogin(txtUserName.Text, txtPassword.Text, sDomain, WinSecurity.LOGON32_LOGON_INTERACTIVE, WinSecurity.LOGON32_PROVIDER_DEFAULT)
WinSecurity.checkUserLogin(txtUserName.Text, txtPassword.Text, sDomain, WinSecurity.LOGON32_LOGON_NETWORK, WinSecurity.LOGON32_PROVIDER_DEFAULT)
WinSecurity.checkUserLogin(txtUserName.Text, txtPassword.Text, sDomain, WinSecurity.LOGON32_LOGON_BATCH, WinSecurity.LOGON32_PROVIDER_DEFAULT)
WinSecurity.checkUserLogin(txtUserName.Text, txtPassword.Text, sDomain, WinSecurity.LOGON32_LOGON_NEW_CREDENTIALS, WinSecurity.LOGON32_PROVIDER_DEFAULT)
WinSecurity.checkUserLogin(txtUserName.Text, txtPassword.Text, sDomain, WinSecurity.LOGON32_LOGON_INTERACTIVE, WinSecurity.LOGON32_PROVIDER_DEFAULT)
Note: Test WorkGroup Computer is running "Windows Server 2012 RC2" but assuming same result for a Win10, etc not on domain.注意:测试工作组计算机正在运行“Windows Server 2012 RC2”,但假设 Win10 等不在域上的结果相同。
My Results on the WorkGroup Computer - Local User Active:我在工作组计算机上的结果 - 本地用户活动:
Attempto PASS: MyComputer\User1, Auth: 1088, method: 2, Provider: 0
Attempto PASS: MyComputer\User1, Auth: 1100, method: 3, Provider: 0
Attempto PASS: MyComputer\User1, Auth: 1060, method: 4, Provider: 0
Attempto PASS: MyComputer\LoggedOnUser, Auth: 1108, method: 9, Provider: 0
Attempto PASS: MyComputer\User1, Auth: 1076, method: 2, Provider: 0
Results on WorkGroup Computer - Local User Disabled/doesn't exits:工作组计算机上的结果 - 本地用户已禁用/不退出:
Attempto FAIL: User1, Auth: MyDomain, method: 2, Provider: 0
Attempto FAIL: User1, Auth: MyDomain, method: 3, Provider: 0
Attempto FAIL: User1, Auth: MyDomain, method: 4, Provider: 0
Attempto FAIL: User1, Auth: MyDomain, method: 9, Provider: 0
Attempto FAIL: User1, Auth: MyDomain, method: 2, Provider: 0
Results on Domain Computer:域计算机上的结果:
Attempto PASS: MyDomain\User1, Auth: 1340, method: 2, Provider: 0
Attempto PASS: MyDomain\User1, Auth: 1724, method: 3, Provider: 0
Attempto PASS: MyDomain\User1, Auth: 1736, method: 4, Provider: 0
Attempto PASS: MyDomain\User1, Auth: 1648, method: 9, Provider: 0
Attempto PASS: MyDomain\User1, Auth: 1744, method: 2, Provider: 0
Obviously I don't have a Trust setup to this Computer, but I'm assuming something like this should still work if I can browse to network shares?显然我没有对这台计算机的信任设置,但我假设如果我可以浏览到网络共享,这样的事情应该仍然有效?
guess I'll have to use the directoryservices method instead.我想我将不得不改用 directoryservices 方法。
Validate a username and password against Active Directory? 针对 Active Directory 验证用户名和密码?
https://social.msdn.microsoft.com/Forums/vstudio/en-US/3c825b3a-824b-4a43-9424-8afa2e875b3a/logonuser-lib-quotadvapi32dllquot-strange-on-non-domain-cpu-when-local-exists?forum=vbgeneral#3c825b3a-824b-4a43-9424-8afa2e875b3a https://social.msdn.microsoft.com/Forums/vstudio/en-US/3c825b3a-824b-4a43-9424-8afa2e875b3a/logonuser-lib-quotadvapi32dllquot-strange-on-non-domain-cpu-when-local-存在吗?论坛=vbgeneral#3c825b3a-824b-4a43-9424-8afa2e875b3a
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.