Windows LogonUser 功能可以使用旧密码吗?
我正在使用 LogonUser 函数 (http://msdn. microsoft.com/en-us/library/aa378184(VS.85).aspx) 来对用户进行身份验证。 但是我发现,如果用户更改其密码(即从密码 1 更改为密码 2),那么两个密码都将起作用。 不过我希望只能使用当前密码。 我需要设置什么才能让它像这样工作吗?
我使用以下代码片段:
LogonUser(nt_id, NULL, nt_password, LOGON32_LOGON_NETWORK, 3, &hToken );
nt_id 的格式为 [email protected]
我有 3 个代替 LOGON32_PROVIDER_WINNT50 ,因为我会收到一个编译错误,指出 LOGON32_PROVIDER_WINNT50 未声明的标识符(这可能是一种症状吗?),但我知道它被定义为 3。
谢谢, -皮特
I am using the LogonUser function (http://msdn.microsoft.com/en-us/library/aa378184(VS.85).aspx) to authenticate users. However i have found that if a user changes their password (ie from Password1 to Password2) both passwords will then work. However i would like it so that only the current password can be used. Is there something i need to set to get this to work like that?
I am using the following code snippet:
LogonUser(nt_id, NULL, nt_password, LOGON32_LOGON_NETWORK, 3, &hToken );
nt_id is going in in the format of [email protected]
and i have 3 there in place of LOGON32_PROVIDER_WINNT50, because i would get a compile error saying undeclaired identifier for LOGON32_PROVIDER_WINNT50 (could this be a symptom?) but i know it is defined as 3.
Thanks,
-Pete
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这是一个网络设置。 默认情况下,Windows 密码在更改后一小时内仍然有效。 如果需要,您的网络管理员可以更改此设置。 (请注意,这不会影响交互式登录,但会影响所有编程方法。)
This is a network setting. By default, windows passwords remain valid for one hour after they are changed. Your network admin can change this if required. (Note that this doesn't affect the interactive login, but it does affect all programmatic methods.)
编译时错误可能存在,因为您
之前没有包含 windows.h 或将其添加为编译时设置 (-D_WIN32_WINNT=0x0500)。
但为什么 LogonUser 可以同时使用新密码和旧密码,这超出了我的理解范围。 但由于您想要的是根据 MSDN 对用户进行身份验证(而不是模拟他们),因此使用 SSPI API(此处 推荐方式)。
The compile-time error is probably there because you haven't
before including windows.h or added it as a compile-time setting (-D_WIN32_WINNT=0x0500).
Why LogonUser would work with both the new and the old password is beyond me though. But since what you want is to authenticate users (as opposed to impersonating them) according to MSDN it's more appropriate to use the SSPI API (here's the recommended way).