LogonUser returns true for a wrong password

时光怂恿深爱的人放手 提交于 2021-02-20 19:02:29

问题


bool bRet=LogonUser(strUserName, L"", strPassword, LOGON32_LOGON_TYPE_NEW_CREDENTIALS, LOGON32_PROVIDER_WINNT50, &phToken)     

bRet always returns true even if I enter a wrong password when there is no domain. Is there any work around like if I enter a valid password it returns true and false for a wrong password when there is no domain.


回答1:


I assume that by LOGON32_LOGON_TYPE_NEW_CREDENTIALS you actually mean LOGON32_LOGON_NEW_CREDENTIALS. In which case the behaviour is exactly as would be expected. The documentation for that flag says:

This logon type allows the caller to clone its current token and specify new credentials for outbound connections. The new logon session has the same local identifier but uses different credentials for other network connections.

For local connections, the token that is returned is a clone of the current token. The credentials that you provided are only used for outbound connections. When you attempt such connections, the credentials will be checked at that point and you can expect failure then.



来源:https://stackoverflow.com/questions/35338656/logonuser-returns-true-for-a-wrong-password

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!