|
private InitializeSecurityContext ( |
||
| phCredential | ||
| phContext | ||
| pszTargetName | string | |
| fContextReq | uint | |
| Reserved1 | int | |
| TargetDataRep | uint | |
| pInput | ||
| Reserved2 | int | |
| phNewContext | ||
| pOutput | ||
| pfContextAttr | uint | |
| ptsTimeStamp | ||
| return | int | |
/// <summary>
/// Initialize authentication sequence for the client
/// </summary>
/// <param name="clientToken">Payload received from the server</param>
/// <returns>Token to be sent to the server</returns>
public SSPIResponse ContinueClientAuthentication(byte[] clientToken)
{
// Wrap client token with the security buffer
SecBufferDesc serverSecBuffer = new SecBufferDesc(clientToken);
try
{
// Allocate a new instance of the client security buffer of the specified size
SecBufferDesc clientSecBuffer = new SecBufferDesc(_maxTokenBufferSize);
try
{
// Return code from the security API call
int secReturnCode = 0;
// New context attribute
uint contextAttribute = 0;
// Initialize token lifetime container
SecurityInteger lifeTime = new SecurityInteger();
// Delegate into security API
secReturnCode = SecurityWrapper.InitializeSecurityContext(ref _outboundCredential,
ref _clientContext,
_targetMachineSPN,
(int)(SecContextRequirements.MutualAuthentication | SecContextRequirements.Delegate | SecContextRequirements.ExtendedError),
0,
(int)SecDataRepresentation.Native,
ref serverSecBuffer,
0,
out _clientContext,
out clientSecBuffer,
out contextAttribute,
out lifeTime);
// Check the return code
if (secReturnCode != (int)SecResult.Ok && secReturnCode != (int)SecResult.ContinueNeeded && secReturnCode != (int)SecResult.CompleteAndContinue)
{
// Operation failed
throw new Win32Exception(secReturnCode, "Failed to generate security context");
}
// NOTE: Digest SSP call to "CompleteAuthToken" is intentionally omitted because we don't support Digest today.
// Convert to byte array and indication whether this is a last call
return(new SSPIResponse(clientSecBuffer.ToArray(), secReturnCode != (int)SecResult.ContinueNeeded && secReturnCode != (int)SecResult.CompleteAndContinue));
}
finally
{
// Dispose client security buffer
clientSecBuffer.Dispose();
}
}
finally
{
// Dispose server security buffer
serverSecBuffer.Dispose();
}
}
/// <summary>
/// Initialize authentication sequence for the client
/// </summary>
/// <returns>Token to be sent to the server</returns>
public SSPIResponse StartClientAuthentication(string targetMachine, uint targetPort)
{
// Save the server we're authenticating against
_targetMachineSPN = string.Format("MSSQLSvc/{0}:{1}", targetMachine, targetPort);
// Allocate a new instance of the client security buffer of the specified size
SecBufferDesc clientSecBuffer = new SecBufferDesc(_maxTokenBufferSize);
try
{
// Return code from the security API call
int secReturnCode = 0;
// New context attribute
uint contextAttribute = 0;
// Initialize token lifetime container
SecurityInteger lifeTime = new SecurityInteger();
// Delegate into security API
secReturnCode = SecurityWrapper.InitializeSecurityContext(ref _outboundCredential,
IntPtr.Zero,
_targetMachineSPN,
(int)(SecContextRequirements.MutualAuthentication | SecContextRequirements.Delegate | SecContextRequirements.ExtendedError),
0,
(int)SecDataRepresentation.Native,
IntPtr.Zero,
0,
out _clientContext,
out clientSecBuffer,
out contextAttribute,
out lifeTime);
// Check the return code
if (secReturnCode != (int)SecResult.Ok && secReturnCode != (int)SecResult.ContinueNeeded)
{
// Operation failed
throw new Win32Exception(secReturnCode, "Failed to generate initial security context");
}
// Convert to byte array and indication whether this is a last call
return(new SSPIResponse(clientSecBuffer.ToArray(), secReturnCode != (int)SecResult.ContinueNeeded && secReturnCode != (int)SecResult.CompleteAndContinue));
}
finally
{
// Dispose server security buffer
clientSecBuffer.Dispose();
}
}
