ASP.NET 單點登入可能遇到的問題

來源:互聯網
上載者:User

1、函數的參數選擇有問題,和自己的環境不相符。

  比如

  public static extern int LogonUser(String lpszUserName,

  String lpszDomain,

  String lpszPassword,

  int dwLogonType,

  int dwLogonProvider,

  ref IntPtr phToken);

  中的dwLogonType,要訪問遠端資源就要用LOGON32_LOGON_NEW_CREDENTIALS,

  要類比本機使用者就要用LOGON32_LOGON_INTERACTIVE。

  2、函數的參數格式有問題。

  a、比如

  public static extern int LogonUser(String lpszUserName,

  String lpszDomain,

  String lpszPassword,

  int dwLogonType,

  int dwLogonProvider,

  ref IntPtr phToken);

  中的lpszUserName、lpszDomain、lpszPassword就要寫清楚。

  我就在這遇到過問題,第一次測試時,遠程伺服器就是一台獨立的檔案伺服器,這是我的調用方式:

  LogonUser("myname", "192.168.1.48", "password", LOGON32_LOGON_NEW_CREDENTIALS,

  LOGON32_PROVIDER_DEFAULT, ref token);

  第二次測試時,遠程伺服器是域MyDomain中的一個成員伺服器,提供檔案服務。這時代碼就應該是:

  LogonUser("myname", "MyDomain", "password", LOGON32_LOGON_NEW_CREDENTIALS,

  LOGON32_PROVIDER_DEFAULT, ref token);

  注意,代碼中是MyDomain而不是IP地址。

  b、再如:

  參考上面代碼

  string remote = @"\\192.168.1.48\generals";

  string local = @"P:";

  string username = @"Domain\UserName";

  string password = @"Password";

  如果@"\\192.168.1.48\generals"變成@"\\192.168.1.48\generals\”就會出錯;

  如果是域中的使用者,那麼把@"Domain\UserName"變成@"UserName"就會出錯

--/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

public enum LogonType
    {
        /// <summary>
        /// This logon type is intended for users who will be interactively using the computer, such as a user being logged on  
        /// by a terminal server, remote shell, or similar process.
        /// This logon type has the additional expense of caching logon information for disconnected operations; 
        /// therefore, it is inappropriate for some client/server applications,
        /// such as a mail server.
        /// </summary>
        LOGON32_LOGON_INTERACTIVE = 2,

        /// <summary>
        /// This logon type is intended for high performance servers to authenticate plaintext passwords.

        /// The LogonUser function does not cache credentials for this logon type.
        /// </summary>
        LOGON32_LOGON_NETWORK = 3,

        /// <summary>
        /// This logon type is intended for batch servers, where processes may be executing on behalf of a user without 
        /// their direct intervention. This type is also for higher performance servers that process many plaintext
        /// authentication attempts at a time, such as mail or Web servers. 
        /// The LogonUser function does not cache credentials for this logon type.
        /// </summary>
        LOGON32_LOGON_BATCH = 4,

        /// <summary>
        /// Indicates a service-type logon. The account provided must have the service privilege enabled. 
        /// </summary>
        LOGON32_LOGON_SERVICE = 5,

        /// <summary>
        /// This logon type is for GINA DLLs that log on users who will be interactively using the computer. 
        /// This logon type can generate a unique audit record that shows when the workstation was unlocked. 
        /// </summary>
        LOGON32_LOGON_UNLOCK = 7,

        /// <summary>
        /// This logon type preserves the name and password in the authentication package, which allows the server to make 
        /// connections to other network servers while impersonating the client. A server can accept plaintext credentials 
        /// from a client, call LogonUser, verify that the user can access the system across the network, and still 
        /// communicate with other servers.
        /// NOTE: Windows NT:  This value is not supported. 
        /// </summary>
        LOGON32_LOGON_NETWORK_CLEARTEXT = 8,

        /// <summary>
        /// This logon type allows the caller to clone its current token and specify new credentials for outbound connections.
        /// The new logon session has the same local identifier but uses different credentials for other network connections. 
        /// NOTE: This logon type is supported only by the LOGON32_PROVIDER_WINNT50 logon provider.
        /// NOTE: Windows NT:  This value is not supported. 
        /// </summary>
        LOGON32_LOGON_NEW_CREDENTIALS = 9,
    }

    public enum LogonProvider
    {
        /// <summary>
        /// Use the standard logon provider for the system. 
        /// The default security provider is negotiate, unless you pass NULL for the domain name and the user name 
        /// is not in UPN format. In this case, the default provider is NTLM. 
        /// NOTE: Windows 2000/NT:   The default security provider is NTLM.
        /// </summary>
        LOGON32_PROVIDER_DEFAULT = 0,
    }

--/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

const int LOGON32_LOGON_INTERACTIVE       = 2;
const int LOGON32_LOGON_NETWORK       = 3;
const int LOGON32_LOGON_BATCH         = 4;
const int LOGON32_LOGON_SERVICE       = 5;
const int LOGON32_LOGON_UNLOCK        = 7;
const int LOGON32_LOGON_NETWORK_CLEARTEXT = 8;
const int LOGON32_LOGON_NEW_CREDENTIALS   = 9;

const int LOGON32_PROVIDER_DEFAULT    = 0; 

 

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.