| public static GetDefaultKerberosCredentials ( string username, string password ) : void | ||
| username | string | |
| password | string | |
| return | void | |
public async Task NegotiateStream_StreamToStream_KerberosAuthDefaultCredentials_Success()
{
if (!_isKrbAvailable)
{
_output.WriteLine("skipping NegotiateStream_StreamToStream_KerberosAuthDefaultCredentials_Success");
return;
}
VirtualNetwork network = new VirtualNetwork();
using (var clientStream = new VirtualNetworkStream(network, isServer: false))
using (var serverStream = new VirtualNetworkStream(network, isServer: true))
using (var client = new NegotiateStream(clientStream))
using (var server = new UnixGssFakeNegotiateStream(serverStream))
{
Assert.False(client.IsAuthenticated, "client is not authenticated before AuthenticateAsClient call");
string user = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm);
string target = string.Format("{0}@{1}", TestConfiguration.HostTarget, TestConfiguration.Realm);
// Seed the default Kerberos cache with the TGT
UnixGssFakeNegotiateStream.GetDefaultKerberosCredentials(user, _fixture.password);
Task[] auth = new Task[] {
client.AuthenticateAsClientAsync(CredentialCache.DefaultNetworkCredentials, target),
server.AuthenticateAsServerAsync()
};
await TestConfiguration.WhenAllOrAnyFailedWithTimeout(auth);
AssertClientPropertiesForTarget(client, target);
}
}
public void NegotiateStream_StreamToStream_KerberosAuthDefaultCredentials_Success()
{
if (!_isKrbAvailable)
{
_output.WriteLine("skipping NegotiateStream_StreamToStream_KerberosAuthDefaultCredentials_Success");
return;
}
VirtualNetwork network = new VirtualNetwork();
using (var clientStream = new VirtualNetworkStream(network, isServer: false))
using (var serverStream = new VirtualNetworkStream(network, isServer: true))
using (var client = new NegotiateStream(clientStream))
using (var server = new UnixGssFakeNegotiateStream(serverStream))
{
Assert.False(client.IsAuthenticated, "client is not authenticated before AuthenticateAsClient call");
Task[] auth = new Task[2];
string user = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm);
string target = string.Format("{0}@{1}", TestConfiguration.HostTarget, TestConfiguration.Realm);
// Seed the default Kerberos cache with the TGT
UnixGssFakeNegotiateStream.GetDefaultKerberosCredentials(user, _fixture.password);
auth[0] = client.AuthenticateAsClientAsync(CredentialCache.DefaultNetworkCredentials, target);
auth[1] = server.AuthenticateAsServerAsync();
bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds);
Assert.True(finished, "Handshake completed in the allotted time");
// Expected Client property values:
Assert.True(client.IsAuthenticated, "client.IsAuthenticated");
Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel);
Assert.True(client.IsEncrypted, "client.IsEncrypted");
Assert.True(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated");
Assert.False(client.IsServer, "client.IsServer");
Assert.True(client.IsSigned, "client.IsSigned");
Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStreamOpen");
IIdentity serverIdentity = client.RemoteIdentity;
Assert.Equal("Kerberos", serverIdentity.AuthenticationType);
Assert.True(serverIdentity.IsAuthenticated, "serverIdentity.IsAuthenticated");
IdentityValidator.AssertHasName(serverIdentity, target);
}
}