我正在尝试使用 NetValidatePasswordPolicy API 评估是否满足密码复杂性规则。我为此找到了很多样本,但没有一个对我有用。
我尝试了不同的方法来使用 APINetValidatePasswordReset
和NetValidatePasswordChange
Parameter,但结果总是一样的。
我的问题是,API 只测试密码长度。如果密码太短,我会收到错误 2245(这意味着密码太短),但是当我输入一个完全不符合复杂性规则的较长密码时,我会返回一个成功代码(而不是PasswordNotComplexEnough
)。
有没有人得到这个 API 功能的工作?请帮助并感谢您的支持。
下面是不起作用的代码。我在两个不同的系统上尝试过。一种是连接到 Active Directory 域的 Windows 8。另一个是同域的域服务器(运行 Windows Server 2008 R2)。
#pragma once
#include <windows.h>
#include <lm.h>
#include <stdio.h>
#include <vcclr.h>
#pragma comment(lib, "Netapi32.lib")
using namespace System;
using namespace System::Runtime::InteropServices;
namespace PasswordPolicyCheck {
public ref class srPasswordValidator
{
//public : static const int PasswordValidationSuccess = NERR_Success;
//public: static const int PasswordAccountLockedOut = NERR_AccountLockedOut;
//public: static const int PasswordTooRecent = NERR_PasswordTooRecent;
//public: static const int PasswordBadPassword = NERR_BadPassword;
//public: static const int PasswordHistConfilct = NERR_PasswordHistConflict;
//public: static const int PasswordTooShort = NERR_PasswordTooShort;
//public: static const int PasswordTooLong = NERR_PasswordTooLong;
//public: static const int PasswordNotComplexEnough = NERR_PasswordNotComplexEnough;
//public: static const int PasswordFlterError = NERR_PasswordFilterError;
public :int ValidatePassword(String^ userName, String^ password, String^ domainController)
{
LPWSTR wzPwd = static_cast<LPWSTR>(Marshal::StringToBSTR(password).ToPointer());
LPWSTR wzUser = static_cast<LPWSTR>(Marshal::StringToBSTR(userName).ToPointer());
LPWSTR wzServer = static_cast<LPWSTR>(Marshal::StringToBSTR(domainController).ToPointer());
NET_VALIDATE_OUTPUT_ARG* Output = NULL;
NET_VALIDATE_PASSWORD_RESET_INPUT_ARG Input = {0};
//NET_VALIDATE_PASSWORD_CHANGE_INPUT_ARG Input = {0};
Input.ClearLockout = true;
Input.PasswordMustChangeAtNextLogon = false;
Input.UserAccountName = wzUser;
Input.ClearPassword = wzPwd;
//Input.PasswordMatch = TRUE;
/*NET_VALIDATE_PASSWORD_HASH PasswordHistory;
size_t lLength = wcslen(wPassword);
PasswordHistory.Length = lLength;
PasswordHistory.Hash = new BYTE[lLength];
memcpy(PasswordHistory.Hash, wPassword, lLength);
Input.HashedPassword = PasswordHistory;
Input.InputPersistedFields.PresentFields = NET_VALIDATE_PASSWORD_HISTORY | NET_VALIDATE_PASSWORD_HISTORY_LENGTH;*/
DWORD dwErr = NetValidatePasswordPolicy (wzServer, NULL, _NET_VALIDATE_PASSWORD_TYPE::NetValidatePasswordReset, &Input, (void **) &Output);
int ReturnValue = Output->ValidationStatus;
NetValidatePasswordPolicyFree ((void **) &Output);
return ReturnValue;
}
};
}