问题
I'm trying to implement Single Sign On in an http.sys-based server (using IOCP), and I'm having weird issues with AcceptSecurityContext, which will randomly fail with SEC_E_LOGON_DENIED.
I'm getting the failure randomly when connecting from the same client machine to the same server machine (about 50% of the time), even when there is only one client with only one http connection. Both machines are in the same domain, neither of them are domain controlers.
The call that fails is the 2nd (and last) one in the challenge-response sequence, the first one always succeeds.
When I have a breakpoint in the IDE before the AcceptSecurityContext call (with nothing else changed), authentication always succeeds (as far as I could test).
Suspecting a timing issue, I placed a Sleep() before the call, but that didn't improve success rate.
Also when connecting from the same machine the http server runs on, authentication always succeeds.
Behavior is the same regardless of the client browser (IE and Chrome).
Any ideas?
回答1:
Issue found and solved, it was related to a decoding issue of the base64 data, with one character ('+') being mistakenly converted to space ' ', so the issue only occurred when that character was present.
Why it didn't occur when the debugger breakpoint was set or from local connection is unclear though... maybe some timing element stored there.
来源:https://stackoverflow.com/questions/13720556/acceptsecuritycontext-random-sec-e-logon-denied