Ejemplo n.º 1
0
        public static void Execute()
        {
            var ntlmManager = new KendarNtlmNet("SrvNonce");

            //Receive type
            var type1messageFromClient = ReceiveType1Message();

            ntlmManager.ReadFirstResponse(TYPE_2_MESSAGE.Substring(5));
            var type2messageForClient = "NTLM " + ntlmManager.SetupChallenge(type1messageFromClient.Substring(5));
            //SendType2Message(type2messageForClient);

            var type3messageFromClient = ReceiveType3Message();

            ntlmManager.ReadResponse(type3messageFromClient.Substring(5));
            if (!ntlmManager.VerifyResponse(PASSWORD))
            {
                throw new Exception("Invalid credentials");
            }

            if (ntlmManager.User != USER_NAME)
            {
                throw new Exception("Invalid username");
            }
            if (ntlmManager.Domain != DOMAIN.ToUpperInvariant())
            {
                throw new Exception("Invalid domain");
            }
            if (ntlmManager.Host != HOST.ToUpperInvariant())
            {
                throw new Exception("Invalid host");
            }

            Console.WriteLine("Success!!");
        }
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            if (filterContext == null)
            {
                throw new ArgumentNullException("filterContext");
            }
            const string nonce       = "SrvNonce";
            var          context     = filterContext.HttpContext;
            var          ntlmManager = new KendarNtlmNet(nonce, "domain");

            if (context.Request.Headers["Authorization"] == null)
            {
                context.Response.Clear();
                context.Response.Headers.Add("WWW-Authenticate", "NTLM");
                context.Response.Headers.Add("Connection", "Keep-Alive");
                context.Response.StatusCode = 401;
                filterContext.Result        = new EmptyResult();
                context.Response.End();
            }
            else if (context.Request.Headers["Authorization"] != null)
            {
                var auth = context.Request.Headers["Authorization"];
                if (auth.ToUpperInvariant().StartsWith("NTLM "))
                {
                    var ntlmAuth = auth.Substring(5);
                    var blob     = Convert.FromBase64String(ntlmAuth);
                    if (blob[8] == 0x01)
                    {
                        var type2Message = ntlmManager.SetupChallenge(ntlmAuth);
                        context.Response.Clear();
                        context.Response.Headers.Add("WWW-Authenticate", "NTLM " + type2Message);
                        context.Response.Headers.Add("Connection", "Keep-Alive");
                        context.Response.StatusCode = 401;
                        filterContext.Result        = new EmptyResult();
                        context.Response.End();
                    }
                    else if (blob[8] == 0x03)
                    {
                        ntlmManager.ReadResponse(ntlmAuth);
                        var password = GetUserPassword(ntlmManager.User);
                        if (ntlmManager.VerifyResponse(password))
                        {
                            context.Response.StatusCode = 200;
                        }
                        else
                        {
                            //Switch to basic
                            context.Response.Clear();
                            context.Response.Headers.Add("WWW-Authenticate", "Basic realm=\"Secure Area\"");
                            context.Response.Headers.Add("Connection", "Keep-Alive");
                            context.Response.StatusCode = 401;
                            filterContext.Result        = new EmptyResult();
                            context.Response.End();
                        }
                    }
                }
                else if (auth.ToUpperInvariant().StartsWith("BASIC "))
                {
                    byte[] encodedDataAsBytes = Convert.FromBase64String(auth.Replace("Basic ", ""));
                    string value            = Encoding.ASCII.GetString(encodedDataAsBytes);
                    string username         = value.Substring(0, value.IndexOf(':'));
                    string passwordReceived = value.Substring(value.IndexOf(':') + 1);
                    var    passwordExpected = GetUserPassword(username);
                    if (passwordExpected == passwordReceived)
                    {
                        context.Response.StatusCode = 200;
                    }
                    else
                    {
                        filterContext.Result = new HttpStatusCodeResult(401);
                    }
                }
            }
        }