我在使用LogonUser中的vb.net来验证用户时遇到问题。我使用的是LogonType(3)的LOGON32_LOGON_NETWORK。
该文档指定使用此选项进行简单身份验证,并且不会缓存凭据。
我遇到的问题是,如果用户刚刚更改了密码,他们可以使用旧密码或新密码登录。
LogonType对于进行简单身份验证是正确的吗?
以下是我目前使用的代码:
Public Shared Function login(ByVal domain As String, ByVal userid As String, ByVal pwd As String, ByVal logonType As Integer, ByRef errorMessage As String) As Boolean
'The Windows NT user token.
Dim token As IntPtr = IntPtr.Zero
Dim LOGON32_PROVIDER_DEFAULT As Integer = 0
'Get the user token for the specified user, machine, and password using the unmanaged LogonUser method.
If LogonUserA(userid, domain, pwd, logonType, LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If Not token.Equals(IntPtr.Zero) Then
CloseHandle(token)
End If
Return True
End If
'Call GetLastError to try to determine why logon failed if it did not succeed.
Dim ret As Integer = GetLastError()
Select Case ret
Case 1326
errorMessage = "Logon failure: unknown user name or bad password."
Case 1331
errorMessage = "Logon failure: account currently disabled."
Case 1330
errorMessage = "Logon failure: the specified account password has expired."
Case 1907
errorMessage = "The user's password must be changed before logging on the first time."
Case 1909
errorMessage = "The referenced account is currently locked out and may not be logged on to."
Case Else
errorMessage = "Logon failure: unknown code = " & ret
End Select
If Not token.Equals(IntPtr.Zero) Then
CloseHandle(token)
End If
Return False
End Function