/// <summary>
/// Checks there's a Kerberos Ticket in current user's Windows Ticket Cache matched with the service principal name.
/// If there's a valid ticket, then show the Ticket Information on the console.
/// </summary>
/// <returns></returns>
public bool ShowCachedTicket()
{
try
{
byte[] ticket
= KerberosSupplementalTicketManager.GetKerberosTicketFromWindowsTicketCache(_kerberosServicePrincipalName, _logonId);
if (ticket != null && ticket.Length > 32)
{
var encode = Convert.ToBase64String(ticket);
AADKerberosLogger.PrintLines(2);
AADKerberosLogger.Save($"---Find cached Ticket: {ticket.Length} bytes");
AADKerberosLogger.PrintBinaryData(ticket);
TicketDecoder decoder = new TicketDecoder();
decoder.ShowApReqTicket(encode);
return(true);
}
Console.WriteLine($"There's no ticket associated with '{_kerberosServicePrincipalName}'");
}
catch (Win32Exception ex)
{
Console.WriteLine($"ERROR while finding Kerberos Ticket for '{_kerberosServicePrincipalName}': {ex.Message}");
}
return(false);
}
/// <summary>
/// Checks there's a valid Kerberos Ticket information within the received authentication token.
/// If there's a valid one, show the ticket information and cache it into current user's
/// Windows Ticket Cache so that it can be shared with other Kerberos-aware applications.
/// </summary>
/// <param name="result">The <see cref="AuthenticationResult"/> from token request.</param>
private void ProcessKerberosTicket(AuthenticationResult result)
{
KerberosSupplementalTicket ticket;
if (_ticketContainer == KerberosTicketContainer.IdToken)
{
// 1. Get the Kerberos Ticket contained in the Id Token.
ticket = KerberosSupplementalTicketManager.FromIdToken(result.IdToken);
if (ticket == null)
{
AADKerberosLogger.Save("ERROR: There's no Kerberos Ticket information within the IdToken.");
return;
}
AADKerberosLogger.PrintLines(2);
try
{
// 2. Save the Kerberos Ticket into current user's Windows Ticket Cache.
KerberosSupplementalTicketManager.SaveToWindowsTicketCache(ticket, _logonId);
AADKerberosLogger.Save("---Kerberos Ticket cached into user's Ticket Cache\n");
}
catch (Win32Exception ex)
{
AADKerberosLogger.Save("---Kerberos Ticket caching failed: " + ex.Message);
}
AADKerberosLogger.PrintLines(2);
AADKerberosLogger.Save("KerberosSupplementalTicket {");
AADKerberosLogger.Save(" Client Key: " + ticket.ClientKey);
AADKerberosLogger.Save(" Key Type: " + ticket.KeyType);
AADKerberosLogger.Save(" Errorr Message: " + ticket.ErrorMessage);
AADKerberosLogger.Save(" Realm: " + ticket.Realm);
AADKerberosLogger.Save(" Service Principal Name: " + ticket.ServicePrincipalName);
AADKerberosLogger.Save(" Client Name: " + ticket.ClientName);
AADKerberosLogger.Save(" KerberosMessageBuffer: " + ticket.KerberosMessageBuffer);
AADKerberosLogger.Save("}\n");
// shows detailed ticket information.
TicketDecoder decoder = new TicketDecoder();
decoder.ShowKrbCredTicket(ticket.KerberosMessageBuffer);
}
else
{
AADKerberosLogger.PrintLines(2);
AADKerberosLogger.Save("Kerberos Ticket handling is not supported for access token.");
}
}
