Ejemplo n.º 1
0
        public void TryGettingSspiTicketTest()
        {
            using (var contextSender = new SspiContext($"host/{Environment.MachineName}", "negotiate"))
                using (var contextReceiver = new SspiContext($"host/{Environment.MachineName}", "negotiate"))
                {
                    byte[] token          = null;
                    byte[] serverResponse = null;

                    do
                    {
                        token = contextSender.RequestToken(serverResponse);

                        Assert.IsNotNull(token);

                        if (token != null && token.Length > 0)
                        {
                            contextReceiver.AcceptToken(token, out serverResponse);
                            Assert.IsNotNull(serverResponse);
                        }
                    }while (token != null && token.Length > 0);

                    var serverContext = NegotiationToken.Decode(serverResponse);

                    Assert.IsNotNull(serverContext);
                    Assert.IsNotNull(serverContext.ResponseToken);
                    Assert.IsNull(serverContext.InitialToken);

                    Assert.IsNotNull(contextSender.SessionKey);

                    Assert.IsTrue(KerberosCryptoTransformer.AreEqualSlow(contextSender.SessionKey, contextReceiver.SessionKey));
                }
        }
Ejemplo n.º 2
0
        // https://github.com/SteveSyfuhs/Kerberos.NET/issues/89
        //
        // "However, if you're looking to create a KerberosClient and just grab credentials
        // off the currently logged on user in Windows then you should just use SSPI.
        // There's no way to extract the credentials from Windows (by design) to use in the initial
        // authentication of the client, and it's not intended to be a wrapper around SSPI."
        //
        // and that same code works both for .NET Framework and .NET Core

        public byte[] GetToken(string spn, string username, string password, string domain)
        {
            SspiContext context;

            if (username == null)
            {
                context = new SspiContext(spn);
            }
            else
            {
                var credential = new SuppliedCredential(username, password, domain);
                context = new SspiContext(spn, credential);
            }

            using (context)
            {
                return(context.RequestToken());
            }

            // kept for reference below, the way to do it that *only* works with .NET Framework

            /*
             *
             * using System.IdentityModel.Selectors;
             * using System.IdentityModel.Tokens;
             * using System.Net;
             * using System.Security;
             * using System.Security.Principal;
             *
             * var tokenProvider = _username == null
             *  ? new KerberosSecurityTokenProvider(_spn, TokenImpersonationLevel.Identification)
             *  : new KerberosSecurityTokenProvider(_spn, TokenImpersonationLevel.Identification, new NetworkCredential(_username, _password, _domain));
             *
             * var timeout = TimeSpan.FromSeconds(30);
             *
             * byte[] tokenBytes;
             * try
             * {
             *  if (!(tokenProvider.GetToken(timeout) is KerberosRequestorSecurityToken token))
             *      throw new InvalidOperationException("Token is not KerberosRequestorSecurityToken.");
             *  tokenBytes = token.GetRequest();
             * }
             * catch (Exception e)
             * {
             *  throw new SecurityException("Failed to get a Kerberos token.", e);
             * }
             *
             * return _credentials = new KerberosCredentials(tokenBytes);
             *
             */
        }
Ejemplo n.º 3
0
        private static void RetrieveAndVerifyTicket()
        {
            using (SspiContext context = new SspiContext(RequestedSpn))
            {
                var ticket = context.RequestToken();

                var token = MessageParser.ParseKerberos(ticket);

                var decryptedToken = token.DecryptApReq(new KeyTable(Key));

                Assert.AreEqual("*****@*****.**", decryptedToken.Ticket.CName.FullyQualifiedName);
                Assert.AreEqual("test.com", decryptedToken.Ticket.CRealm);
            }
        }
Ejemplo n.º 4
0
        private void RequestLocalTicket()
        {
            if (string.IsNullOrWhiteSpace(hostName))
            {
                SetHost();

                txtHost.Text = hostName;
            }

            SspiContext context = new SspiContext(spn: hostName);

            byte[] tokenBytes = context.RequestToken();

            txtTicket.Text = Convert.ToBase64String(tokenBytes);
        }
Ejemplo n.º 5
0
        public void TryGettingSspiTicketTest()
        {
            using (var contextSender = new SspiContext($"host/{Environment.MachineName}", "Negotiate"))
                using (var contextReceiver = new SspiContext($"host/{Environment.MachineName}", "Negotiate"))
                {
                    var token = contextSender.RequestToken();

                    Assert.IsNotNull(token);

                    var contextToken = MessageParser.Parse <NegotiateContextToken>(token);

                    Assert.IsNotNull(contextToken);

                    contextReceiver.AcceptToken(token, out byte[] serverResponse);

                    Assert.IsNotNull(serverResponse);

                    var serverContext = NegotiationToken.Decode(serverResponse);

                    Assert.IsNotNull(serverContext);
                    Assert.IsNotNull(serverContext.ResponseToken);
                    Assert.IsNull(serverContext.InitialToken);
                }
        }