static extern uint AcquireCredentialsHandle(
string pszPrincipal, //SEC_CHAR*
string pszPackage, //SEC_CHAR* //"Kerberos","NTLM","Negotiative"
int fCredentialUse,
IntPtr PAuthenticationID, //_LUID AuthenticationID,//pvLogonID, //PLUID
IntPtr pAuthData, //PVOID
IntPtr pGetKeyFn, //SEC_GET_KEY_FN
IntPtr pvGetKeyArgument, //PVOID
ref SECURITY_HANDLE phCredential, //SecHandle //PCtxtHandle ref
ref SECURITY_INTEGER ptsExpiry); //PTimeStamp //TimeStamp ref
static extern uint InitializeSecurityContext(
ref SECURITY_HANDLE phCredential, //PCredHandle
ref SECURITY_HANDLE phContext, //PCtxtHandle
string pszTargetName,
int fContextReq,
int Reserved1,
int TargetDataRep,
ref SecBufferDesc SecBufferDesc, //PSecBufferDesc SecBufferDesc
int Reserved2,
out SECURITY_HANDLE phNewContext, //PCtxtHandle
out SecBufferDesc pOutput, //PSecBufferDesc SecBufferDesc
out uint pfContextAttr, //managed ulong == 64 bits!!!
out SECURITY_INTEGER ptsExpiry); //PTimeStamp
private void InitializeClient(byte[] serverToken, out byte[] clientToken)
{
clientToken = null;
SECURITY_INTEGER ClientLifeTime = new SECURITY_INTEGER(0);
if (!_bGotClientCredentials)
{
uint returnValue = AcquireCredentialsHandle(null, "Kerberos", SECPKG_CRED_OUTBOUND,
IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero,
ref _hOutboundCred, ref ClientLifeTime);
if (returnValue != SEC_E_OK)
{
throw new Exception("Couldn't acquire client credentials");
}
_bGotClientCredentials = true;
}
uint ss;
SecBufferDesc ClientToken = new SecBufferDesc(MAX_TOKEN_SIZE);
try
{
uint ContextAttributes;
if (serverToken == null)
{
ss = InitializeSecurityContext(ref _hOutboundCred,
IntPtr.Zero,
_sRemotePrincipal,
STANDARD_CONTEXT_ATTRIBUTES,
0,
SECURITY_NETWORK_DREP,
IntPtr.Zero,
0,
out _hClientContext,
out ClientToken,
out ContextAttributes,
out ClientLifeTime);
}
else
{
SecBufferDesc ServerToken = new SecBufferDesc(serverToken);
try
{
ss = InitializeSecurityContext(ref _hOutboundCred,
ref _hClientContext,
_sRemotePrincipal,
STANDARD_CONTEXT_ATTRIBUTES,
0,
SECURITY_NETWORK_DREP,
ref ServerToken,
0,
out _hClientContext,
out ClientToken,
out ContextAttributes,
out ClientLifeTime);
}
finally
{
ServerToken.Dispose();
}
}
if (ss == SEC_E_LOGON_DENIED)
{
throw new Exception("Bad username, password or domain.");
}
else if (ss != SEC_E_OK && ss != SEC_I_CONTINUE_NEEDED)
{
throw new Exception("InitializeSecurityContext() failed!!!");
}
clientToken = ClientToken.GetSecBufferByteArray();
}
finally
{
ClientToken.Dispose();
}
InitializeKerberosStage = ss != SEC_E_OK;
}
private void InitializeClient(byte[] serverToken, out byte[] clientToken)
{
clientToken = null;
SECURITY_INTEGER ClientLifeTime = new SECURITY_INTEGER(0);
if (!_bGotClientCredentials)
{
uint returnValue = AcquireCredentialsHandle(null, "Kerberos", SECPKG_CRED_OUTBOUND,
IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero,
ref _hOutboundCred, ref ClientLifeTime);
if (returnValue != SEC_E_OK)
{
throw new Exception("Couldn't acquire client credentials");
}
_bGotClientCredentials = true;
}
uint ss;
SecBufferDesc ClientToken = new SecBufferDesc(MAX_TOKEN_SIZE);
try
{
uint ContextAttributes;
if (serverToken == null)
{
ss = InitializeSecurityContext(ref _hOutboundCred,
IntPtr.Zero,
_sRemotePrincipal,
STANDARD_CONTEXT_ATTRIBUTES,
0,
SECURITY_NETWORK_DREP,
IntPtr.Zero,
0,
out _hClientContext,
out ClientToken,
out ContextAttributes,
out ClientLifeTime);
}
else
{
SecBufferDesc ServerToken = new SecBufferDesc(serverToken);
try
{
ss = InitializeSecurityContext(ref _hOutboundCred,
ref _hClientContext,
_sRemotePrincipal,
STANDARD_CONTEXT_ATTRIBUTES,
0,
SECURITY_NETWORK_DREP,
ref ServerToken,
0,
out _hClientContext,
out ClientToken,
out ContextAttributes,
out ClientLifeTime);
}
finally
{
ServerToken.Dispose();
}
}
if (ss == SEC_E_LOGON_DENIED)
{
throw new Exception("Bad username, password or domain.");
}
else if (ss != SEC_E_OK && ss != SEC_I_CONTINUE_NEEDED)
{
throw new Exception("InitializeSecurityContext() failed!!!");
}
clientToken = ClientToken.GetSecBufferByteArray();
}
finally
{
ClientToken.Dispose();
}
InitializeKerberosStage = ss != SEC_E_OK;
}
static extern uint InitializeSecurityContext(
ref SECURITY_HANDLE phCredential,//PCredHandle
ref SECURITY_HANDLE phContext, //PCtxtHandle
string pszTargetName,
int fContextReq,
int Reserved1,
int TargetDataRep,
ref SecBufferDesc SecBufferDesc, //PSecBufferDesc SecBufferDesc
int Reserved2,
out SECURITY_HANDLE phNewContext, //PCtxtHandle
out SecBufferDesc pOutput, //PSecBufferDesc SecBufferDesc
out uint pfContextAttr, //managed ulong == 64 bits!!!
out SECURITY_INTEGER ptsExpiry);
static extern uint AcquireCredentialsHandle(
string pszPrincipal, //SEC_CHAR*
string pszPackage, //SEC_CHAR* //"Kerberos","NTLM","Negotiative"
int fCredentialUse,
IntPtr PAuthenticationID,//_LUID AuthenticationID,//pvLogonID, //PLUID
IntPtr pAuthData,//PVOID
IntPtr pGetKeyFn, //SEC_GET_KEY_FN
IntPtr pvGetKeyArgument, //PVOID
ref SECURITY_HANDLE phCredential, //SecHandle //PCtxtHandle ref
ref SECURITY_INTEGER ptsExpiry);
