AcceptSecurityContext random SEC_E_LOGON_DENIED

你说的曾经没有我的故事 提交于 2020-05-16 22:20:26

问题


I'm trying to implement Single Sign On in an http.sys-based server (using IOCP), and I'm having weird issues with AcceptSecurityContext, which will randomly fail with SEC_E_LOGON_DENIED.

I'm getting the failure randomly when connecting from the same client machine to the same server machine (about 50% of the time), even when there is only one client with only one http connection. Both machines are in the same domain, neither of them are domain controlers.

The call that fails is the 2nd (and last) one in the challenge-response sequence, the first one always succeeds.

When I have a breakpoint in the IDE before the AcceptSecurityContext call (with nothing else changed), authentication always succeeds (as far as I could test).

Suspecting a timing issue, I placed a Sleep() before the call, but that didn't improve success rate.

Also when connecting from the same machine the http server runs on, authentication always succeeds.

Behavior is the same regardless of the client browser (IE and Chrome).

Any ideas?


回答1:


Issue found and solved, it was related to a decoding issue of the base64 data, with one character ('+') being mistakenly converted to space ' ', so the issue only occurred when that character was present.

Why it didn't occur when the debugger breakpoint was set or from local connection is unclear though... maybe some timing element stored there.



来源:https://stackoverflow.com/questions/13720556/acceptsecuritycontext-random-sec-e-logon-denied

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!