public override async Task PostValidate(IKerberosPrincipal principal, List <KrbPaData> preAuthRequirements)
{
if (preAuthRequirements.Count <= 0)
{
// we don't want to include this if nothing is required otherwise we could
// trigger a pre-auth check later in the flow or by the client in response
return;
}
var cred = await principal.RetrieveLongTermCredential();
var etypeInfo = new KrbETypeInfo2
{
ETypeInfo = new[] {
new KrbETypeInfo2Entry {
EType = cred.EncryptionType,
Salt = cred.Salt
}
}
};
var infoPaData = new KrbPaData
{
Type = PaDataType.PA_ETYPE_INFO2,
Value = etypeInfo.Encode().AsMemory()
};
preAuthRequirements.Add(infoPaData);
}
public override void PostValidate(IKerberosPrincipal principal, List <KrbPaData> preAuthRequirements)
{
if (principal == null)
{
throw new ArgumentNullException(nameof(principal));
}
if (preAuthRequirements == null)
{
throw new ArgumentNullException(nameof(preAuthRequirements));
}
if (preAuthRequirements.Count <= 0)
{
// we don't want to include this if nothing is required otherwise we could
// trigger a pre-auth check later in the flow or by the client in response
return;
}
var entries = new List <KrbETypeInfo2Entry>();
foreach (EncryptionType type in Enum.GetValues(typeof(EncryptionType)))
{
if (!CryptoService.SupportsEType(type, this.Service.Configuration.Defaults.AllowWeakCrypto))
{
continue;
}
var cred = principal.RetrieveLongTermCredential(type);
if (cred != null)
{
entries.Add(new KrbETypeInfo2Entry
{
EType = cred.EncryptionType,
Salt = cred.Salt
});
}
}
var etypeInfo = new KrbETypeInfo2
{
ETypeInfo = entries.ToArray()
};
var infoPaData = new KrbPaData
{
Type = PaDataType.PA_ETYPE_INFO2,
Value = etypeInfo.Encode()
};
preAuthRequirements.Add(infoPaData);
}
