AcceptSecurityContext随机SEC_E_LOGON_DENIED [英] AcceptSecurityContext random SEC_E_LOGON_DENIED
问题描述
我正在尝试在基于http.sys的服务器上实现单点登录(使用IOCP),并且AcceptSecurityContext出现了奇怪的问题,该问题会因SEC_E_LOGON_DENIED而随机失败.
I'm trying to implement Single Sign On in an http.sys-based server (using IOCP), and I'm having weird issues with AcceptSecurityContext, which will randomly fail with SEC_E_LOGON_DENIED.
从同一台客户端计算机连接到同一台服务器计算机时(大约50%的时间),即使在只有一个客户端只有一个http连接的情况下,我还是会随机出现故障.这两台机器都在同一个域中,它们都不是域控制器.
I'm getting the failure randomly when connecting from the same client machine to the same server machine (about 50% of the time), even when there is only one client with only one http connection. Both machines are in the same domain, neither of them are domain controlers.
失败的呼叫是质询-响应序列中的第二个(也是最后一个),第一个总是成功.
The call that fails is the 2nd (and last) one in the challenge-response sequence, the first one always succeeds.
当我在接受AcceptSecurityContext调用之前在IDE中有一个断点(没有其他更改)时,身份验证始终会成功(据我所能测试的那样).
When I have a breakpoint in the IDE before the AcceptSecurityContext call (with nothing else changed), authentication always succeeds (as far as I could test).
我怀疑是一个计时问题,所以在通话前放置了一个Sleep(),但这并没有提高成功率.
Suspecting a timing issue, I placed a Sleep() before the call, but that didn't improve success rate.
另外,当从运行http服务器的同一台计算机进行连接时,身份验证始终会成功.
Also when connecting from the same machine the http server runs on, authentication always succeeds.
无论客户端浏览器(IE和Chrome)如何,行为都是相同的.
Behavior is the same regardless of the client browser (IE and Chrome).
有什么想法吗?
推荐答案
问题已找到并解决,这与base64数据的解码问题有关,其中一个字符('+')被错误地转换为空格'',因此问题仅在存在该角色时发生.
Issue found and solved, it was related to a decoding issue of the base64 data, with one character ('+') being mistakenly converted to space ' ', so the issue only occurred when that character was present.
为什么在设置调试器断点或通过本地连接时却没有发生这种情况,虽然不清楚...也许有些计时元素存储在其中.
Why it didn't occur when the debugger breakpoint was set or from local connection is unclear though... maybe some timing element stored there.
这篇关于AcceptSecurityContext随机SEC_E_LOGON_DENIED的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
