ASP.NET 单点登录可能遇到的问题

1、函数的参数选择有问题,和自己的环境不相符。

  比如

  public static extern int LogonUser(String lpszUserName,

  String lpszDomain,

  String lpszPassword,

  int dwLogonType,

  int dwLogonProvider,

  ref IntPtr phToken);

  中的dwLogonType,要访问远程资源就要用LOGON32_LOGON_NEW_CREDENTIALS,

  要模拟本机用户就要用LOGON32_LOGON_INTERACTIVE。

  2、函数的参数格式有问题。

  a、比如

  public static extern int LogonUser(String lpszUserName,

  String lpszDomain,

  String lpszPassword,

  int dwLogonType,

  int dwLogonProvider,

  ref IntPtr phToken);

  中的lpszUserName、lpszDomain、lpszPassword就要写清楚。

  我就在这遇到过问题,第一次测试时,远程服务器就是一台独立的文件服务器,这是我的调用方式:

  LogonUser("myname", "192.168.1.48", "password", LOGON32_LOGON_NEW_CREDENTIALS,

  LOGON32_PROVIDER_DEFAULT, ref token);

  第二次测试时,远程服务器是域MyDomain中的一个成员服务器,提供文件服务。这时代码就应该是:

  LogonUser("myname", "MyDomain", "password", LOGON32_LOGON_NEW_CREDENTIALS,

  LOGON32_PROVIDER_DEFAULT, ref token);

  注意,代码中是MyDomain而不是IP地址。

  b、再如:

  参考上面代码

  string remote = @"\\192.168.1.48\generals";

  string local = @"P:";

  string username = @"Domain\UserName";

  string password = @"Password";

  如果@"\\192.168.1.48\generals"变成@"\\192.168.1.48\generals\”就会出错;

  如果是域中的用户,那么把@"Domain\UserName"变成@"UserName"就会出错

--/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

public enum LogonType
    {
        /// <summary>
        /// This logon type is intended for users who will be interactively using the computer, such as a user being logged on  
        /// by a terminal server, remote shell, or similar process.
        /// This logon type has the additional expense of caching logon information for disconnected operations; 
        /// therefore, it is inappropriate for some client/server applications,
        /// such as a mail server.
        /// </summary>
        LOGON32_LOGON_INTERACTIVE = 2,

        /// <summary>
        /// This logon type is intended for high performance servers to authenticate plaintext passwords.

        /// The LogonUser function does not cache credentials for this logon type.
        /// </summary>
        LOGON32_LOGON_NETWORK = 3,

        /// <summary>
        /// This logon type is intended for batch servers, where processes may be executing on behalf of a user without 
        /// their direct intervention. This type is also for higher performance servers that process many plaintext
        /// authentication attempts at a time, such as mail or Web servers. 
        /// The LogonUser function does not cache credentials for this logon type.
        /// </summary>
        LOGON32_LOGON_BATCH = 4,

        /// <summary>
        /// Indicates a service-type logon. The account provided must have the service privilege enabled. 
        /// </summary>
        LOGON32_LOGON_SERVICE = 5,

        /// <summary>
        /// This logon type is for GINA DLLs that log on users who will be interactively using the computer. 
        /// This logon type can generate a unique audit record that shows when the workstation was unlocked. 
        /// </summary>
        LOGON32_LOGON_UNLOCK = 7,

        /// <summary>
        /// This logon type preserves the name and password in the authentication package, which allows the server to make 
        /// connections to other network servers while impersonating the client. A server can accept plaintext credentials 
        /// from a client, call LogonUser, verify that the user can access the system across the network, and still 
        /// communicate with other servers.
        /// NOTE: Windows NT:  This value is not supported. 
        /// </summary>
        LOGON32_LOGON_NETWORK_CLEARTEXT = 8,

        /// <summary>
        /// This logon type allows the caller to clone its current token and specify new credentials for outbound connections.
        /// The new logon session has the same local identifier but uses different credentials for other network connections. 
        /// NOTE: This logon type is supported only by the LOGON32_PROVIDER_WINNT50 logon provider.
        /// NOTE: Windows NT:  This value is not supported. 
        /// </summary>
        LOGON32_LOGON_NEW_CREDENTIALS = 9,
    }

    public enum LogonProvider
    {
        /// <summary>
        /// Use the standard logon provider for the system. 
        /// The default security provider is negotiate, unless you pass NULL for the domain name and the user name 
        /// is not in UPN format. In this case, the default provider is NTLM. 
        /// NOTE: Windows 2000/NT:   The default security provider is NTLM.
        /// </summary>
        LOGON32_PROVIDER_DEFAULT = 0,
    }

--/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

const int LOGON32_LOGON_INTERACTIVE       = 2;
const int LOGON32_LOGON_NETWORK       = 3;
const int LOGON32_LOGON_BATCH         = 4;
const int LOGON32_LOGON_SERVICE       = 5;
const int LOGON32_LOGON_UNLOCK        = 7;
const int LOGON32_LOGON_NETWORK_CLEARTEXT = 8;
const int LOGON32_LOGON_NEW_CREDENTIALS   = 9;

const int LOGON32_PROVIDER_DEFAULT    = 0; 

 

你可能感兴趣的:(asp.net)