当本地帐户存在时，LogonUser Lib在非域cpu上的“Advappi32.dll”奇怪吗？

Question

在尝试VB.NET WinForms应用程序的登录表单时，它只需要允许某个组中的域用户。在使用API LogonUser进行Advap32.dll时，要么我没有正确地使用标志，要么其他未知的事情正在发生。

出于兴趣，多年来我就知道在多台计算机上使用具有相同用户名和密码的本地用户可以进行简单的用户管理，而不需要在(即:在国内)之间共享文件的完整域--计算机上可能有一项政策来关闭这个机制--请注意，如果您知道吗？

在域计算机上使用时，登录类型(交互式、网络、批处理、NEW_CREDENTIALS)的参数看起来都很好。

当在工作组计算机上使用时，例如:在与域相同的网络上的工作组“工作组”中，但不在域上，我尝试过的任何组合都不能工作。如果您使用的帐户例如:MyDomain 1以MyComputer\ use 1的形式存在，那么它将返回MyComputer\use 1，而不管在调用中将域指定为"MyDomain“。这台计算机可以与域共享进行通信(通过登录)--因此，如果可用的话，我希望能够只为登录屏幕登录到域。这根本不是为了模仿的原因，只是为了证明你是谁，无论是在工作领域的PC或比亚迪。

提供了一些代码：

Public Class WinSecurity

    Private Declare Auto Function LogonUser Lib "advapi32.dll" (
    ByVal lpszUsername As String,
    ByVal lpszDomain As String,
    ByVal lpszPassword As String,
    ByVal dwLogonType As Integer,
    ByVal dwLogonProvider As Integer,
    ByRef phToken As IntPtr) As Boolean

    Private Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Boolean

    Public Const LOGON32_LOGON_INTERACTIVE As Long = 2
    Public Const LOGON32_LOGON_NETWORK As Long = 3
    Public Const LOGON32_LOGON_BATCH As Long = 4
    Public Const LOGON32_LOGON_SERVICE As Long = 5
    Public Const LOGON32_LOGON_CLEARTEXT As Long = 8
    Public Const LOGON32_LOGON_NEW_CREDENTIALS As Long = 9

    Public Const LOGON32_PROVIDER_DEFAULT As Long = 0
    Public Const LOGON32_PROVIDER_WINNT50 As Long = 3
    Public Const LOGON32_PROVIDER_WINNT40 As Long = 2
    Public Const LOGON32_PROVIDER_WINNT35 As Long = 1

    Public Shared Function checkUserLogin(ByVal LoginCode As String, ByVal Password As String, ByVal Domain As String, Login As integer, Provider As integer) As WindowsIdentity
        Dim token As IntPtr
        LogonUser(LoginCode, Domain, Password, Login, Provider, token)
        If (token.ToInt32 > 0) Then
            Dim newId As New WindowsIdentity(token)
            Track.LogDEBUG(String.Format("Attempto PASS: {0}, Auth: {1}, method: {2}, Provider: {3}", newId.Name, newId.Token, Login, Provider))
            CloseHandle(token)
        Else
            Track.LogDEBUG(String.Format("Attempto FAIL: {0}, Auth: {1}, method: {2}, Provider: {3}", LoginCode, Domain, Login, Provider))
        End If

    End Function
End Class

''Calling Code
dim sDomain as string = "MyDomain"
WinSecurity.checkUserLogin(txtUserName.Text, txtPassword.Text, sDomain, WinSecurity.LOGON32_LOGON_INTERACTIVE, WinSecurity.LOGON32_PROVIDER_DEFAULT)
WinSecurity.checkUserLogin(txtUserName.Text, txtPassword.Text, sDomain, WinSecurity.LOGON32_LOGON_NETWORK, WinSecurity.LOGON32_PROVIDER_DEFAULT)
WinSecurity.checkUserLogin(txtUserName.Text, txtPassword.Text, sDomain, WinSecurity.LOGON32_LOGON_BATCH, WinSecurity.LOGON32_PROVIDER_DEFAULT)
WinSecurity.checkUserLogin(txtUserName.Text, txtPassword.Text, sDomain, WinSecurity.LOGON32_LOGON_NEW_CREDENTIALS, WinSecurity.LOGON32_PROVIDER_DEFAULT)
WinSecurity.checkUserLogin(txtUserName.Text, txtPassword.Text, sDomain, WinSecurity.LOGON32_LOGON_INTERACTIVE, WinSecurity.LOGON32_PROVIDER_DEFAULT)

注意:测试WorkGroup计算机正在运行"Windows 2012 RC2“，但假设Win10的结果相同，等等，而不是在域上。

我在WorkGroup计算机上的结果-本地用户Active:

Attempto PASS: MyComputer\User1, Auth: 1088, method: 2, Provider: 0
Attempto PASS: MyComputer\User1, Auth: 1100, method: 3, Provider: 0
Attempto PASS: MyComputer\User1, Auth: 1060, method: 4, Provider: 0
Attempto PASS: MyComputer\LoggedOnUser, Auth: 1108, method: 9, Provider: 0
Attempto PASS: MyComputer\User1, Auth: 1076, method: 2, Provider: 0

结果在WorkGroup计算机上-本地用户禁用/不退出：

Attempto FAIL: User1, Auth: MyDomain, method: 2, Provider: 0
Attempto FAIL: User1, Auth: MyDomain, method: 3, Provider: 0
Attempto FAIL: User1, Auth: MyDomain, method: 4, Provider: 0
Attempto FAIL: User1, Auth: MyDomain, method: 9, Provider: 0
Attempto FAIL: User1, Auth: MyDomain, method: 2, Provider: 0

域计算机上的结果：

Attempto PASS: MyDomain\User1, Auth: 1340, method: 2, Provider: 0
Attempto PASS: MyDomain\User1, Auth: 1724, method: 3, Provider: 0
Attempto PASS: MyDomain\User1, Auth: 1736, method: 4, Provider: 0
Attempto PASS: MyDomain\User1, Auth: 1648, method: 9, Provider: 0
Attempto PASS: MyDomain\User1, Auth: 1744, method: 2, Provider: 0

显然，我没有这台计算机的信任设置，但是如果我能够浏览到网络共享，那么我假设类似的东西应该仍然有效吗？

Answer 1

我想我得用directoryservices方法代替。

Validate a username and password against Active Directory?

https://social.msdn.microsoft.com/Forums/vstudio/en-US/3c825b3a-824b-4a43-9424-8afa2e875b3a/logonuser-lib-quotadvapi32dllquot-strange-on-non-domain-cpu-when-local-exists?forum=vbgeneral#3c825b3a-824b-4a43-9424-8afa2e875b3a