断开连接时使用.Net对Active Directory进行身份验证 [英] Using .Net to authenticate against Active Directory when disconnected

问题描述

我有一个使用System.DirectoryServices和LDAP进行身份验证的.Net客户端WPF应用程序.在应用程序启动时，我想强制用户使用其域帐户(这就是他们登录Windows的方式)进行重新认证.我知道可以使用以下命令在连接可用时执行身份验证.

I have a .Net client WPF application using System.DirectoryServices and LDAP for authentication. On start of the app, I want to force users to re-authenticate using their domain account (which is how they logged into windows). I understand I can use the following to perform the authentication when a connection is available.

DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain,
            userName, password);

令人不安的是，该应用程序有时由可能没有连接的远程用户使用. Windows本身仍然允许域用户即使断开连接也可以登录.是否有类似的方法可以使用.Net Framework在断开连接的环境中对用户进行身份验证?

The wrinkle is that the application is at times used by remote users who may not have a connection. Windows itself still allows domain users to sign on even when disconnected. Is there a similar means of authenticating users in a disconnected environment using the .Net Framework?

推荐答案

相信我发现了一种使用advapi32.dll的LogonUser函数来做到这一点的方法.

Believe I found a way to do this using the LogonUser function of advapi32.dll.

 Dim tokenHandle As New IntPtr(0)
 Const LOGON32_PROVIDER_DEFAULT As Integer = 0
 Const LOGON32_LOGON_INTERACTIVE As Integer = 2
 tokenHandle = IntPtr.Zero
 Dim returnValue As Boolean = LogonUser("<username>", "<domain>", "<password>", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, tokenHandle)

 Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As [String], _
                        ByVal lpszDomain As [String], ByVal lpszPassword As [String], _
                        ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _
                        ByRef phToken As IntPtr) As Boolean

断开连接后，这似乎可以根据上次登录的本地缓存版本进行验证.

When disconnected this appears to validate against the local cached version of the last log on.

这篇关于断开连接时使用.Net对Active Directory进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！