我有一个应用程序,我想验证一个请求是否来自目前签名到(a)特定域或(b)特定Microsoft 365用户的用户。
我可以调用某种类型的Windows API函数以获得我可以用户验证用户身份的令牌或其他访问证明吗?
例如,有人声称为他们如何提供证据?或\ mydomain \ bob
,然后是否有API可以使用M365或域服务器验证该证明?
我不想要的是已经签名的用户必须在任何地方键入用户名和密码,但是我看到的一切都会导致这一点。
从我可以看出的话,这是类似“单一签名”的东西。
我有一台服务器,该服务器正在从签名用户的桌面应用程序中接收请求。只想确保它是合适的用户。
I have an application where i want to verify that a request is coming from a user that's currently signed-in to (A) a particular Domain or is (B) a particular Microsoft 365 user.
Can I call a windows api function of some kind to get a token or some other proof of access that I can user to verify the identity of the user?
For example someone claims to be [email protected] signed into M365... how can they provide proof that they are? OR \mydomain\bob
And then is there an API for verifying that proof with M365 or the domain server?
What I don't want is an already-signed-in-user to have to type a username and password in anywhere, but everything i see leads to that.
This is something like "single signon" from what I can tell.
I have a server that's receiving requests from a desktop application of a signed-in user. Just want to be sure it's the right user.
发布评论
评论(1)
好吧,很确定我需要什么是。
初始化的eCurityContexta:连接客户端上的应用程序通过使用SSPI函数AcceptSercurityContext将凭据发送到服务器
:让传输应用程序的服务器组件在服务器和远程客户端之间建立安全性上下文。
OK, pretty sure what I need are SSPI functions.
InitializeSecurityContextA : Application on the client side of a connection sends credentials to the server by using the SSPI function
AcceptSecurityContext : lets the server component of a transport application establish a security context between the server and a remote client.