问题描述
因此,两台计算机之间没有信任关系-它们位于不同的域中.
So between the two machines, there is no trust - they are in different domains.
我已使用登录类型 LOGON32_LOGON_NEW_CREDENTIALS 的LogonUser API成功连接到远程计算机.我能够使用UNC共享检索目录的内容,并创建文件流来下载"文件.到目前为止一切顺利.
I've successfully connected to the remote machine using LogonUser API using logon type, LOGON32_LOGON_NEW_CREDENTIALS. I am able to retrieve the content of a directory using the UNC share, and create a file stream to "download" the file. So far so good.
唯一的问题是,除非存在已打开的会话,否则LogonUser似乎失败.让我澄清一下.
The only issue is that it seems, LogonUser fails unless there is an already open session. Let me clarify that.
我发现今天早上ASP.NET MVC页面无法正常工作,特别是使用LogonUser从此远程计算机检索文件列表的页面.我查看了日志,并且在堆栈跟踪中,在 Directory.GetFiles 调用上方的 System.IO .__ Error.WinIOError 中看到了.然后,我远程访问Web服务器,并尝试使用该网站使用的相同登录名/密码在资源管理器中打开远程文件夹.它经历了,我可以看到文件.我打开命令提示符,键入 net use ,然后看到与远程计算机的打开连接.然后我回到页面,突然页面又可以工作了.
I found that the ASP.NET MVC page was not working this morning, specifically the page that retrieves the file list from this remote machine using LogonUser. I look at the log and I see in the stacktrace, System.IO.__Error.WinIOError above Directory.GetFiles call. I then remoted into the web server and tried to open the remote folder in the explorer using the same login/password used by the web site. It went through and I could see the files. I opened up the command prompt, type in net use, and I see that there is an open connection to the remote machine. Then I went back to the page and suddenly the page is working again.
因此,在这一点上,我不能完全确定LogonUser是否按预期工作.如果呼叫要求先通过其他方式打开网络连接,则肯定不能令人满意.
So, at this point, I am not exactly sure if the LogonUser is working as expected or not. If the call requires that a network connection opened first by other means, then this is certainly not satisfactory.
有人知道可能会发生什么或建议解决方法吗?
Does anyone know what may be happening or suggest a workaround?
推荐答案
我不确定我是否理解您为什么使用LogonUser
.如果要使用其他用户凭据在本地计算机上执行某项工作,此功能将为您提供帮助,但它有助于避免与另一台计算机建立远程连接.
I am not sure that I understand why you use LogonUser
. This function help you if you want to do some job on the local machine with another user credentials, but it helps not to establish a remote connection to another computer.
如果要独立于与计算机之间的现有信任关系而从远程计算机获取某些信息,则应使用WNet或Net(网络管理)功能建立与远程计算机的新连接.因此,您应该使用WNetAddConnection2
(请参阅 http://msdn.microsoft.com/en-us/library/aa385413%28VS.85%29.aspx )或NetUseAdd
( http://msdn.microsoft.com/en-us/library/aa370645%28VS.85%29.aspx )功能.此功能将在目标计算机上进行远程登录,并建立一个新的会话(net use \\computer\share /u:domain\user password
的确切作用).您不能将新连接映射到本地驱动器.为此,您应该在结构NETRESOURCE
中用NULL
填充lpLocalName
.作为lpUsername
和lpPassword
,您应该提供任何可以理解目标计算机的值.您还可以使用ipc$
作为目标共享名,然后只需建立与计算机的会话即可.之后,您可以使用任何其他功能来访问远程共享,目录或文件.要关闭会话,您应该使用WNetCancelConnection2
或NetUseDel
.
If you want to get some information from the remote computer independent on existing trust between to the computer you should use WNet or Net (Network Management) functions to establish a new connection to the remote computer. So you should use WNetAddConnection2
(see http://msdn.microsoft.com/en-us/library/aa385413%28VS.85%29.aspx) or NetUseAdd
(http://msdn.microsoft.com/en-us/library/aa370645%28VS.85%29.aspx) functions. This function will makes remote login on the destination computer and establish a new session (exact what net use \\computer\share /u:domain\user password
do). You can don't map a new connection to a local drive. To do so you should fill lpLocalName
with NULL
in the struct NETRESOURCE
. As a lpUsername
and lpPassword
you should give any values which understand the destination computer. You can also use ipc$
as a destination share name, then you just establish a session to the computer and nothing more. After that you can use any other functions to access the remote share, directory or files. To close the session you should use WNetCancelConnection2
or NetUseDel
.
这篇关于使用LOGON32_LOGON_NEW_CREDENTIALS的LogonUser对远程不受信任的域计算机起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!