远程桌面网关(RDG)PAA的事件日志用户名不正确。 [英] Remote Desktop Gateway (RDG) The event log user name by PAA is incorrect.
问题描述
我正在使用远程桌面网关PAA(RDG PAA)构建RDG自定义身份验证。
PAA正在使用以下Microsoft示例源(C ++ Project)。
远程桌面网关的可插入身份验证和授权
Https://code.msdn.microsoft.com/windowsdesktop/Remote-Desktop-Gateway-517d6273
I am building RDG custom authentication using Remote Desktop Gateway PAA (RDG PAA).
PAA is using the following Microsoft sample source (C ++ Project).
Pluggable authentication and authorization of Remote Desktop Gateway
Https://code.msdn.microsoft.com/windowsdesktop/Remote-Desktop-Gateway-517d6273
RDG是安全使用远程桌面的一个非常好的功能。
PAA是一个有趣的功能,可以独立地在RDG中实现身份验证处理。
但是,使用PAA时,Windows事件日志中记录的用户名不正确。
此外,在对应的程序部分中Ë发泄日志,用户名异常。
我们将在下面解释这两个问题的问题。
■不正确事件日志中的用户名
PAA有四种类型的事件日志,如下所示:
(1)事件日志ID = 200 / 201
允许或拒绝用户连接到RDG服务器。
(2)事件日志ID = 300/301
允许或拒绝用户使用RDP连接到连接的PC。
(3)事件日志ID = 302
连接到目标PC的用户。
(4)事件日志ID = 303
用户与目的地之间的连接PC已断开连接。
虽然用户名记录在事件日志中,但上述(2)以外的事件日志中的用户名不正确。
$
·RDG服务启动后,第一个连接
用户名在事件日志中正确记录。
·RDG服务启动后,第二次连接后$
在(2)的事件日志中,正确记录用户名。 br />
对于(2)以外的事件日志,记录第一个用户名。
■在事件日志对应的程序部分中,关于用户名中的异常
·事件日志中的用户名不正确
·程序中的用户名不正确
这两个发生的情况相反。
·PAA确定的用户名
RDGTestAuthenticationEngineImpl.cpp
通过AuthenticateUser方法,
$
完成用户认证(用户名确定)。
OnUserAuthenticated方法将用户名通知给RDG部分。
此处理在PAA处理过程中唯一通知RDG部分用户名。
没有与此方法对应的事件日志。
(1)Pr对应于事件日志的ocess ID = 200/201
允许或拒绝用户连接到RDG服务器。
RDGTestAuthorizationEngineImpl.cpp
执行AuthorizeConnection方法时记录事件日志。
此方法具有"用户名"作为参数。
事件日志始终记录正确的用户名,
"用户名"传递给方法的参数始终是第一个用户名,它是不正确的。
(2)与事件日志ID = 300/301对应的进程
允许或拒绝用户使用RDP连接到连接的PC。
RDGTestAuthorizationEngineImpl.cpp
当执行AuthorizeResource方法,记录事件日志。
此方法具有"用户名"作为参数。
事件日志始终记录第一个用户名并且不正确。
"用户名"传递给方法的参数始终是正确的用户名。
RDG is a very nice feature to securely use Remote Desktop.
PAA is an interesting function that can independently implement authentication processing in RDG.
However, when using PAA, the user name recorded in the Windows event log is incorrect.
Also, in the program parts corresponding to the event log, the user name is abnormal.
We will explain the problem to these two problems below.
■ Incorrect user name in the event log
There are four types of event logs by PAA as follows.
(1) Event log ID = 200/201
Allow or deny the user to connect to the RDG server.
(2) Event log ID = 300/301
Allow or deny the user to connect to the connected PC with RDP.
(3) Event log ID = 302
The user connected to the destination PC.
(4) Event log ID = 303
The connection between the user and the destination PC was disconnected.
Although the user name is recorded in the event log, the user name in the event logs other than (2) above is incorrect.
· After the RDG service is started, the first connection
The user name is recorded correctly in the event log.
· After the RDG service is started, connection after the second time
In the event log of (2), the user name is recorded correctly.
For the event logs other than (2), the first user name is recorded.
■ In the program parts corresponding to the event log, regarding the abnormality in the user name
· Incorrect user name in the event log
· Incorrect user name in the program
The place where these two occur is reversed.
· User name determination by PAA
RDGTestAuthenticationEngineImpl.cpp
By the AuthenticateUser method,
User authentication (user name determination) is done.
The OnUserAuthenticated method notifies the user name to the RDG part.
This processing is the only thing that notifies the RDG part of the user name during PAA processing.
There is no event log corresponding to this method.
(1) Process corresponding to event log ID = 200/201
Allow or deny the user to connect to the RDG server.
RDGTestAuthorizationEngineImpl.cpp
The event log is recorded when the AuthorizeConnection method is executed.
This method has "username" as its argument.
Event log always records the correct user name,
The "username" argument passed to the method is always the first user name, it is incorrect.
(2) Process corresponding to event log ID = 300/301
Allow or deny the user to connect to the connected PC with RDP.
RDGTestAuthorizationEngineImpl.cpp
When the AuthorizeResource method is executed, the event log is recorded.
This method has "username" as its argument.
The event log always records the first user name and is incorrect.
The "username" argument passed to the method is always the correct user name.
推荐答案
嗨sgk_mitsuru,
Hi sgk_mitsuru,
感谢您在此处发布。
>>如何在PAA中正确处理用户名?
您是否检查过RDGPluginPolicy.xml文件中的Username参数?
Have you checked the Username parameter in RDGPluginPolicy.xml file?
RD网关PAA示例插件需要验证和授权策略才能验证反对用户信息。此XML文件包含插件将在连接时评估的一组示例身份验证和授权条件。在
客户端能够连接之前,您必须编辑此文件以使用以下参数配置插件。此文件必须放在%SystemDrive%\ RDGPlugins中。
The RD Gateway PAA sample plugin needs an authentication and authorization policy to validate against user information. This XML file contains a sample set of authentication and authorization criteria that the plugin will evaluate at connection time. Before clients will be able to connect, you must edit this file to configure the plugin using the parameters below. This file must be placed in %SystemDrive%\RDGPlugins.
希望这可以帮到你。
最好的问候,
Sera Yu
这篇关于远程桌面网关(RDG)PAA的事件日志用户名不正确。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
