问题
I'm having some problems with the LogonUser() API function in C++. The computer I'm testing this on is not on a domain. The account I'm testing with exists on the computer, but when i supply an invalid domain, it authenticates the login.
This does not seem right to me.
HANDLE token;
if (!LogonUser("LocalUser", "InvalidDomain", "Password",
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &token))
{
unsigned long error = GetLastError();
}
Is this the right behavior?
回答1:
I believe that workgroup members don't support domain logons so the domain parameter is ignored. This explains what you are seeing.
You can confirm this. Try to authenticate using a real domain user (ensuring there isn't a local account with the same name). The logon should fail.
There is an exception. If you use the LOGON32_LOGON_NEW_CREDENTIALS flag (which amends the existing logon rather than creating a new one) then a domain logon will always succeed because it isn't authenticated until you attempt to access a remote resource.
回答2:
According to this site, you should use a "." (or "", but this is not documented) as domain to only use the local database. I believe the undocumented behaviour of "" explains your login. If it fails to identify the user in the domain, it will try to identify it locally.
I based my answer on this page: http://msdn.microsoft.com/en-us/library/windows/desktop/aa378184(v=vs.85).aspx
来源:https://stackoverflow.com/questions/21451417/logonuser-not-authenticating-user-for-invalid-domain-when-computer-is-not-on-a