//
        // we need to do this to handle proxies in the correct way before
        // calling into the AuthenticationManager APIs
        //
        private void PrepareState(HttpWebRequest httpWebRequest)
        {
            Uri newUri = IsProxyAuth ? httpWebRequest.ServicePoint.InternalAddress : httpWebRequest.GetRemoteResourceUri();

            if ((object)ChallengedUri != (object)newUri)
            {
                if ((object)ChallengedUri == null || (object)ChallengedUri.Scheme != (object)newUri.Scheme || ChallengedUri.Host != newUri.Host || ChallengedUri.Port != newUri.Port)
                {
                    //
                    // must be a new server/port/scheme for this auth state, can happen on a redirect
                    //
                    ChallengedSpn = null;
                }
                ChallengedUri = newUri;
            }
            httpWebRequest.CurrentAuthenticationState = this;
        }
        //
        // .Ctors
        //

        //
        // Use only for client HTTP authentication
        //
        internal NTAuthentication(string package, NetworkCredential networkCredential, SpnToken spnToken, 
                WebRequest request, ChannelBinding channelBinding) :
            this(false, package, networkCredential, spnToken.Spn, GetHttpContextFlags(request, spnToken.IsTrusted), 
                request.GetWritingContext(), channelBinding)
        {
            //
            //  In order to prevent a race condition where one request could
            //  steal a connection from another request, before a handshake is
            //  complete, we create a new Group for each authentication request.
            //
            if (package == NtlmClient.AuthType || package == NegotiateClient.AuthType) {
                m_UniqueUserId = (Interlocked.Increment(ref s_UniqueGroupId)).ToString(NumberFormatInfo.InvariantInfo) + m_UniqueUserId;
            }
        }
        //
        //
        //
        internal SpnToken GetComputeSpn(HttpWebRequest httpWebRequest)
        {
            if (ChallengedSpn != null)
                return ChallengedSpn;

            bool trustNewHost = true; // Assume trusted unless proven otherwise

            string spnKey = httpWebRequest.ChallengedUri.GetParts(UriComponents.Scheme | UriComponents.Host | UriComponents.Port | UriComponents.Path, UriFormat.SafeUnescaped);
            SpnToken spnToken = AuthenticationManager.SpnDictionary.InternalGet(spnKey);
            if (spnToken == null || spnToken.Spn == null)
            {
                string host;
                if (!IsProxyAuth && (httpWebRequest.ServicePoint.InternalProxyServicePoint || httpWebRequest.UseCustomHost))
                {
                    // Here the NT-Security folks need us to attempt a DNS lookup to figure out
                    // the FQDN. only do the lookup for short names (no IP addresses or DNS names)
                    //
                    // Initialize a backup value
                    host = httpWebRequest.ChallengedUri.Host;
                    // This host comes from the request/user, assume Trusted unless proven otherwise.

                    if (httpWebRequest.ChallengedUri.HostNameType != UriHostNameType.IPv6 
                        && httpWebRequest.ChallengedUri.HostNameType != UriHostNameType.IPv4 
                        && host.IndexOf('.') == -1)
                    {
                        try {
                            // 



                            IPHostEntry result;
                            if (Dns.TryInternalResolve(host, out result))
                            {
                                host = result.HostName;
                                trustNewHost &= result.isTrustedHost; // Can only lose trust
                            }
                        }
                        catch (Exception exception) {
                            if (NclUtilities.IsFatal(exception)) throw;
                            GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::GetComputeSpn() GetHostByName(host) failed:" + ValidationHelper.ToString(exception));
                        }
                    }
                }
                else
                {
                    // For this cases we already did a DNS lookup

                    // 



                    host = httpWebRequest.ServicePoint.Hostname;
                    trustNewHost &= httpWebRequest.ServicePoint.IsTrustedHost; // Can only lose trust                    
                }
                string spn = "HTTP/" + host;
                spnKey = httpWebRequest.ChallengedUri.GetParts(UriComponents.SchemeAndServer, UriFormat.SafeUnescaped) + "/";
                spnToken = new SpnToken(spn, trustNewHost);
                AuthenticationManager.SpnDictionary.InternalSet(spnKey, spnToken);
            }
            ChallengedSpn = spnToken;
            return ChallengedSpn;
        }
Beispiel #4
0
 internal void InternalSet(string canonicalKey, SpnToken spnToken)
 {
     _syncTable[canonicalKey] = spnToken;
 }