我有一个使用System.DirectoryServices和LDAP进行身份验证的.Net客户端WPF应用程序.在应用程序启动时,我想强制用户使用其域帐户(这就是他们登录Windows的方式)进行重新认证.我知道可以使用以下命令在连接可用时执行身份验证.
I have a .Net client WPF application using System.DirectoryServices and LDAP for authentication. On start of the app, I want to force users to re-authenticate using their domain account (which is how they logged into windows). I understand I can use the following to perform the authentication when a connection is available.
DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain, userName, password);令人不安的是,该应用程序有时由可能没有连接的远程用户使用. Windows本身仍然允许域用户即使断开连接也可以登录.是否有类似的方法可以使用.Net Framework在断开连接的环境中对用户进行身份验证?
The wrinkle is that the application is at times used by remote users who may not have a connection. Windows itself still allows domain users to sign on even when disconnected. Is there a similar means of authenticating users in a disconnected environment using the .Net Framework?
推荐答案相信我发现了一种使用advapi32.dll的LogonUser函数来做到这一点的方法.
Believe I found a way to do this using the LogonUser function of advapi32.dll.
Dim tokenHandle As New IntPtr(0) Const LOGON32_PROVIDER_DEFAULT As Integer = 0 Const LOGON32_LOGON_INTERACTIVE As Integer = 2 tokenHandle = IntPtr.Zero Dim returnValue As Boolean = LogonUser("<username>", "<domain>", "<password>", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, tokenHandle) Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As [String], _ ByVal lpszDomain As [String], ByVal lpszPassword As [String], _ ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _ ByRef phToken As IntPtr) As Boolean断开连接后,这似乎可以根据上次登录的本地缓存版本进行验证.
When disconnected this appears to validate against the local cached version of the last log on.
更多推荐
断开连接时使用.Net对Active Directory进行身份验证
发布评论