LogonUser对于错误的密码返回true [英] LogonUser returns true for a wrong password

问题描述

bool bRet=LogonUser(strUserName, L"", strPassword, LOGON32_LOGON_TYPE_NEW_CREDENTIALS, LOGON32_PROVIDER_WINNT50, &phToken)     

即使在没有域的情况下输入错误的密码，bRet也始终返回true.是否有任何变通方法，例如，如果我输入有效的密码，则在没有域时，对于错误的密码将返回true和false.

bRet always returns true even if I enter a wrong password when there is no domain. Is there any work around like if I enter a valid password it returns true and false for a wrong password when there is no domain.

推荐答案

我假设通过 LOGON32_LOGON_TYPE_NEW_CREDENTIALS 实际上是指 LOGON32_LOGON_NEW_CREDENTIALS .在这种情况下，行为完全符合预期.该标志的文档说:

I assume that by LOGON32_LOGON_TYPE_NEW_CREDENTIALS you actually mean LOGON32_LOGON_NEW_CREDENTIALS. In which case the behaviour is exactly as would be expected. The documentation for that flag says:

此登录类型允许调用方克隆其当前令牌并为出站连接指定新的凭据.新的登录会话具有相同的本地标识符，但对其他网络连接使用不同的凭据.

This logon type allows the caller to clone its current token and specify new credentials for outbound connections. The new logon session has the same local identifier but uses different credentials for other network connections.

对于本地连接，返回的令牌是当前令牌的克隆.您提供的凭据仅用于出站连接.当您尝试进行此类连接时，将在此时检查凭据，然后可能会失败.

For local connections, the token that is returned is a clone of the current token. The credentials that you provided are only used for outbound connections. When you attempt such connections, the credentials will be checked at that point and you can expect failure then.

这篇关于LogonUser对于错误的密码返回true的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！