// after receiving response from the client/service
        // encrypt the sent challenge with the stored password hash
        // if the received response and the result are the same, user authentication is complete
        // Logs result
        public bool CheckPassword(UserRequest userRequest, byte[] response)
        {
            byte[] passHash;
            if (!Database.usersDB.TryGetValue(userRequest.Username, out passHash))
            {
                throw new FaultException <SecurityException>(new SecurityException($"Authentication Service: Username '{userRequest.Username}' doesn't exist"));
            }

            ChallengeResponse cr = new ChallengeResponse();

            byte[] expected = cr.Encrypt(passHash, userRequest.Challenge);

            if (Equals(expected, response))
            {
                try
                {
                    Audit.AuthenticationSuccess(userRequest.Username);
                }
                catch (Exception e)
                {
                    Console.WriteLine(e.Message);
                }

                Console.WriteLine($"Authentication service: {userRequest.Username} authenticated.");
                return(true);
            }
            else
            {
                try
                {
                    Audit.AuthenticationFailure(userRequest.Username);
                }
                catch (Exception e)
                {
                    Console.WriteLine(e.Message);
                }

                throw new FaultException <SecurityException>(new SecurityException($"Authentication Service: {userRequest.Username} failed to authenticate. Invalid password."));
            }
        }
Beispiel #2
0
        static void Main(string[] args)
        {
            SHA256 sha256Hash = SHA256.Create();

            // connection with domain controller
            NetTcpBinding binding = new NetTcpBinding();

            binding.Security.Mode = SecurityMode.Transport;
            binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Windows;
            binding.Security.Transport.ProtectionLevel      = System.Net.Security.ProtectionLevel.EncryptAndSign;
            string          address           = "net.tcp://localhost:9999/DomainControllerService";
            EndpointAddress endpointAddressDC = new EndpointAddress(new Uri(address), EndpointIdentity.CreateUpnIdentity("DomainController"));


            string username = Environment.UserName;

            Console.WriteLine("Logging in as " + username + "\n");

            Console.WriteLine("Enter password");
            string password = Console.ReadLine();

            Console.WriteLine("Enter service name:"); //which service to start
            string serviceName = Console.ReadLine();

            // this is only needed for testing since every service instance is run on localhost
            // in production every service instance should have it's unique address
            short port;

            switch (serviceName)
            {
            case "wcfService":
                port = 9900;
                break;

            case "wcfService1":
                port = 9901;
                break;

            default:
                port = 9902;
                break;
            }

            string addressClient = $"net.tcp://localhost:{port}/" + serviceName;


            byte[]            pwBytes = Encoding.ASCII.GetBytes(password);
            ChallengeResponse cr      = new ChallengeResponse();

            bool successful = false;

            using (DCProxy proxy = new DCProxy(binding, endpointAddressDC))
            {
                try
                {
                    serviceSecret = sha256Hash.ComputeHash(pwBytes);
                    short  salt     = proxy.StartServiceAuthentication(serviceName);
                    byte[] response = cr.Encrypt(serviceSecret, salt);

                    successful = proxy.SendResponseService(response); // if not successful it will throw an exception
                    Database.Load(username);
                    Console.WriteLine();
                }
                catch (Exception e)
                {
                    Console.WriteLine(e.Message);
                    Console.WriteLine("Press return to exit.");
                    Console.ReadLine();
                    return;
                }
            }



            Console.WriteLine("Starting service...");

            // connection with the client and the Domain Controller
            NetTcpBinding bindingClient = new NetTcpBinding();

            bindingClient.Security.Mode = SecurityMode.Transport;
            bindingClient.Security.Transport.ClientCredentialType = TcpClientCredentialType.Windows;
            bindingClient.Security.Transport.ProtectionLevel      = System.Net.Security.ProtectionLevel.EncryptAndSign;

            ServiceHost serviceHost = new ServiceHost(typeof(DataManagement));

            serviceHost.AddServiceEndpoint(typeof(IDataManagement), bindingClient, addressClient);

            //for receiving the session key
            serviceHost.AddServiceEndpoint(typeof(IDataManagementDC), bindingClient, addressClient);

            try
            {
                serviceHost.Open();
            }
            catch (Exception e)
            {
                Console.WriteLine("Failed to start service. Error: {0}", e.Message);
                Console.WriteLine("Press return to exit.");
                Console.ReadLine();
                return;
            }

            Console.WriteLine($"Service {serviceName} started. Press return to exit.");

            Console.ReadLine();

            Console.WriteLine("Closing...");

            Database.Save(username);
            serviceHost.Close();
            Thread.Sleep(2000);
        }
Beispiel #3
0
        static void Main(string[] args)
        {
            NetTcpBinding binding = new NetTcpBinding();
            string        address = "net.tcp://localhost:9999/DomainControllerClient";

            binding.Security.Mode = SecurityMode.Transport;
            binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Windows;
            binding.Security.Transport.ProtectionLevel      = System.Net.Security.ProtectionLevel.EncryptAndSign;
            EndpointAddress endpointAddressDC = new EndpointAddress(new Uri(address), EndpointIdentity.CreateUpnIdentity("DomainController"));

            SHA256            sha256Hash = SHA256.Create();
            ChallengeResponse cr         = new ChallengeResponse();
            ClientSessionData sessionData;

            string username = Environment.UserName;
            string password;

            Console.WriteLine("Logging in as " + username);

            //user account password
            Console.WriteLine("Enter password:"******"Enter service name: ");
            string serviceName = Console.ReadLine();


            byte[] pwBytes = Encoding.ASCII.GetBytes(password);
            byte[] secret;

            try
            {
                using (DCProxy proxy = new DCProxy(binding, endpointAddressDC))
                {
                    secret = sha256Hash.ComputeHash(pwBytes);

                    short  salt     = proxy.StartClientAuthentication(serviceName);
                    byte[] response = cr.Encrypt(secret, salt);

                    sessionData = proxy.SendResponse(response);
                    Console.WriteLine($"Found service address: {sessionData.ServiceAddress}");
                    Console.WriteLine("--------------------------------------------------------------------------------");
                }
            }
            catch (Exception e)
            {
                Console.WriteLine(e.Message);
                Console.WriteLine("Press return to exit.");
                Console.ReadLine();
                return;
            }

            NetTcpBinding bindingService = new NetTcpBinding();

            try
            {
                using (ServiceProxy proxy = new ServiceProxy(bindingService, sessionData.ServiceAddress))
                {
                    char   c;
                    string key;
                    byte[] encryptedKey;
                    string value;
                    byte[] encryptedValue;
                    byte[] sessionKey = _3DESAlgorithm.Decrypt(sessionData.SessionKey, secret);

                    do
                    {
                        Console.WriteLine();
                        Console.WriteLine("Choose an action:");
                        Console.WriteLine("\t- 'w' to write");
                        Console.WriteLine("\t- 'r' to read");
                        Console.WriteLine("\t- 'x' to exit");
                        c = char.ToLower(Console.ReadKey().KeyChar);
                        Console.WriteLine();

                        switch (c)
                        {
                        case 'r':
                            Console.WriteLine("Key of value to read:");
                            key = Console.ReadLine();

                            Console.WriteLine("Encrypting and sending READ request...");
                            encryptedKey   = _3DESAlgorithm.Encrypt(key, sessionKey);
                            encryptedValue = proxy.Read(encryptedKey);
                            if (encryptedValue == null)
                            {
                                Console.WriteLine("Encryption error...");
                                break;
                            }
                            value = Encoding.ASCII.GetString(_3DESAlgorithm.Decrypt(encryptedValue, sessionKey));
                            Console.WriteLine("Received value: " + value);
                            break;

                        case 'w':
                            Console.WriteLine("Key of value to write:");
                            key = Console.ReadLine();
                            Console.WriteLine("Value to write:");
                            value = Console.ReadLine();

                            Console.WriteLine("Encrypting and sending WRITE request...");
                            encryptedKey   = _3DESAlgorithm.Encrypt(key, sessionKey);
                            encryptedValue = _3DESAlgorithm.Encrypt(value, sessionKey);
                            if (encryptedValue == null || encryptedKey == null)
                            {
                                Console.WriteLine("Encryption error...");
                                break;
                            }

                            if (proxy.Write(encryptedKey, encryptedValue))
                            {
                                Console.WriteLine("Value written successfully.");
                            }

                            break;

                        default:
                            break;
                        }
                        Console.WriteLine("--------------------------------------------------------------------------------");
                    } while (c != 'x');
                }
            }
            catch (CommunicationException e)
            {
                Console.WriteLine($"Communication error. Please restart. ");
                Console.ReadLine();
            }
            catch (Exception e)
            {
                Console.WriteLine($"Error: {e.Message}");
                Console.WriteLine("Please restart.");
                Console.ReadLine();
            }
        }