断开连接时使用.Net对Active Directory进行身份验证 [英] Using .Net to authenticate against Active Directory when disconnected
问题描述
我有一个使用System.DirectoryServices和LDAP进行身份验证的.Net客户端WPF应用程序.在应用程序启动时,我想强制用户使用其域帐户(这就是他们登录Windows的方式)进行重新认证.我知道可以使用以下命令在连接可用时执行身份验证.
I have a .Net client WPF application using System.DirectoryServices and LDAP for authentication. On start of the app, I want to force users to re-authenticate using their domain account (which is how they logged into windows). I understand I can use the following to perform the authentication when a connection is available.
DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain,
userName, password);
令人不安的是,该应用程序有时由可能没有连接的远程用户使用. Windows本身仍然允许域用户即使断开连接也可以登录.是否有类似的方法可以使用.Net Framework在断开连接的环境中对用户进行身份验证?
The wrinkle is that the application is at times used by remote users who may not have a connection. Windows itself still allows domain users to sign on even when disconnected. Is there a similar means of authenticating users in a disconnected environment using the .Net Framework?
推荐答案
相信我发现了一种使用advapi32.dll的LogonUser函数来做到这一点的方法.
Believe I found a way to do this using the LogonUser function of advapi32.dll.
Dim tokenHandle As New IntPtr(0)
Const LOGON32_PROVIDER_DEFAULT As Integer = 0
Const LOGON32_LOGON_INTERACTIVE As Integer = 2
tokenHandle = IntPtr.Zero
Dim returnValue As Boolean = LogonUser("<username>", "<domain>", "<password>", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, tokenHandle)
Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As [String], _
ByVal lpszDomain As [String], ByVal lpszPassword As [String], _
ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _
ByRef phToken As IntPtr) As Boolean
断开连接后,这似乎可以根据上次登录的本地缓存版本进行验证.
When disconnected this appears to validate against the local cached version of the last log on.
这篇关于断开连接时使用.Net对Active Directory进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!