通过智能卡验证 Windows 登录 [英] Verify windows log-in via smart card

查看:48
本文介绍了通过智能卡验证 Windows 登录的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我需要在我的 WPF 应用程序中验证用户是否通过密码或智能卡登录到他的计算机.这两个登录选项在我的公司客户中都可用,但我的应用程序只需要在智能卡登录中打开.所有客户端都是 Windows 7 操作系统.

Hi I need to verify in my WPF application if the user log in to his computer via password or via smart-card. Both login options are available in my company clients but my application need to open only in the smart-card login. All the clients are windows 7 OS.

我查看了一些网站:http://technet.microsoft.com/en-us/library/ff404285(v=ws.10).aspxhttp://www.codeproject.com/Articles/240655/Using-a-Smart-Card-Certificate-with-NET-Security-i

我想我需要获取增强型密钥用法 (EKU) 属性字段.如果 EKU 为空 => 则用户是通过密码而不是智能卡登录的.

and I'm thinking I need to get the enhanced key usage (EKU) attribute field. If the EKU is empty => then the user was loged via password and not via smartcard.

我只需要这个简单的检查,我不关心证书 atc 的创建/验证.

I only need this simple check, I do not care for creating/validations on certificates atc.

推荐答案

Windows 不记录用于登录的证书,因此您无法检查 EKU,Windows 也不记录使用的凭据类型,因此没有不是一个简单的解决方案.我有几个建议:

Windows doesn't record what certificate was used to logon so you can't check the EKU, nor does Windows record what type of credentials were used so there isn't a simple solution. I have a a couple of suggestions:

选项 1:使用身份验证机制保证 在用户使用智能卡登录时向用户的访问令牌添加额外的组成员身份,并将您的应用设置为需要该组成员身份.这需要 Windows Server 2008 R2 功能级别的域.

Option 1: Use Authentication Mechanism Assurance to add an extra group membership to the user’s access token when they log on with a smart card, and set up your app to require that group membership. This requires a domain at to Windows Server 2008 R2 functional level.

选项 2:实施凭据管理器并使用 NPLogonNotify 回调以检查 KERB_INTERACTIVE_LOGON 带有 KERB_LOGON_SUBMIT_TYPE 的 KerbSmartCardLogon,然后将其记录在某处供您的应用检查.

Option 2: Implement a credential manager and use the NPLogonNotify callback to check for KERB_INTERACTIVE_LOGON with a KERB_LOGON_SUBMIT_TYPE of KerbSmartCardLogon, then record that somewhere for your app to check.

这篇关于通过智能卡验证 Windows 登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆