/// <summary>
/// Remove a credentials object
/// </summary>
/// <param name="principal">The security principal</param>
public void RemoveCredentials(SecurityPrincipal principal)
{
lock (_cachedCredentials)
{
_cachedCredentials.Remove(principal);
}
}
/// <summary>
/// Add a credentials object
/// </summary>
/// <param name="principal">The security principal</param>
/// <param name="credentials">The credentials object (depends on type)</param>
public void AddCredentials(SecurityPrincipal principal, ICredentialObject credentials)
{
lock (_cachedCredentials)
{
_cachedCredentials[principal] = credentials;
}
}
public GetAuthenticationCredentialsForm(SecurityPrincipal principal)
{
InitializeComponent();
comboBoxSaveType.SelectedIndex = 0;
lblDescription.Text = String.Format(Properties.Resources.GetAuthenticationCredentialsForm_TitleFormat,
principal.Name, principal.Realm);
}
/// <summary>
/// Equals override
/// </summary>
/// <param name="obj">The object to check against</param>
/// <returns>True if equal</returns>
public override bool Equals(object obj)
{
if (obj is SecurityPrincipal)
{
SecurityPrincipal other = obj as SecurityPrincipal;
return(other.Name.Equals(Name) && other.PrincipalType.Equals(PrincipalType) && other.Realm.Equals(Realm));
}
else
{
return(false);
}
}
private ICredentialObject GetCachedCredentials(SecurityPrincipal principal)
{
lock (_cachedCredentials)
{
if (_cachedCredentials.ContainsKey(principal))
{
return(_cachedCredentials[principal]);
}
else
{
return(null);
}
}
}
/// <summary>
/// Request credentials for a particular purpose
/// </summary>
/// <param name="type">The type of credentials, for example X509CertificateContainer</param>
/// <param name="name">Principal name, e.g. a username, can be empty</param>
/// <param name="realm">The principal realm, used to determine the target of the credentials, e.g. a domain</param>
/// <param name="details">A textual description in case the user has to pick</param>
/// <param name="validateCredentials">A callback method to validate the credentials before placing them in the store, only called
/// when new credentials are requested, not cached (as they are assumed to be valid). Can be null</param>
/// <param name="context">An arbitrary context, passed in to the function for use by the authenticator and the gathering of credentials</param>
/// <returns>The credentials object (depends on type)</returns>
/// <exception cref="ArgumentException">Thrown if type not derived from ICredentialObject</exception>
public ICredentialObject RequestCredentials(Type type, string name, string realm, string details, Func <ICredentialObject, object, bool> validateCredentials, object context)
{
if (type == null)
{
throw new ArgumentNullException("type");
}
if (!typeof(ICredentialObject).IsAssignableFrom(type))
{
throw new ArgumentException(Properties.Resources.CredentialsManagerService_TypeMustDeriveFromICredentialObject);
}
SecurityPrincipal principal = new SecurityPrincipal(type, name, realm);
ICredentialObject ret = GetCachedCredentials(principal);
if (ret == null)
{
ret = GetCredentials(principal, details, validateCredentials, context);
}
return(ret);
}
/// <summary>
/// Prompts for password.
/// </summary>
/// <param name="user">The user, can specify an existing value</param>
/// <param name="password">The password.</param>
/// <returns>The authentication credentials result</returns>
public static ResolveCredentialsResult PromptForPassword(SecurityPrincipal principal)
{
// Setup the flags and variables
StringBuilder userPassword = new StringBuilder(100);
StringBuilder userID = new StringBuilder(100);
CREDUI_INFO credUI = new CREDUI_INFO();
credUI.cbSize = Marshal.SizeOf(credUI);
CREDUI_FLAGS flags = CREDUI_FLAGS.ALWAYS_SHOW_UI | CREDUI_FLAGS.GENERIC_CREDENTIALS;
bool save = false;
// Prompt the user
CredUIReturnCodes returnCode = CredUIPromptForCredentials(ref credUI, String.Format("{0}@{1}", principal.Name, principal.Realm),
IntPtr.Zero, 0, userID, 100, userPassword, 100, ref save, flags);
if(returnCode == CredUIReturnCodes.NO_ERROR)
{
AuthenticationCredentials creds = new AuthenticationCredentials();
string domain = String.Empty;
string username = userID.ToString();
string password = userPassword.ToString();
if(username.Contains("\\"))
{
string[] s = username.Split('\\');
username = s[0];
domain = s[1];
}
creds.Username = username;
creds.Domain = domain;
creds.Password = password;
return new ResolveCredentialsResult(creds, save);
}
else
{
return null;
}
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="principal">The security principal to resolve</param>
/// <param name="details">Additional details</param>
/// <param name="context">Context object for the request</param>
public ResolveCredentialsEventArgs(SecurityPrincipal principal, string details, object context)
{
Principal = principal;
Details = details;
Context = context;
}
private void btnOK_Click(object sender, EventArgs e)
{
if (String.IsNullOrWhiteSpace(textBoxPrincipalRealm.Text))
{
MessageBox.Show(this,
Properties.Resources.CredentialsEditorForm_MustProvideARealm, Properties.Resources.MessageBox_ErrorString,
MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (String.IsNullOrWhiteSpace(textBoxUsername.Text))
{
MessageBox.Show(this,
Properties.Resources.CredentialsEditorForm_MustProvideAUsername, Properties.Resources.MessageBox_ErrorString,
MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
SecurityPrincipal p = new SecurityPrincipal(typeof(AuthenticationCredentials), textBoxPrincipalName.Text, textBoxPrincipalRealm.Text);
if(_checkPrincipal(p) || (MessageBox.Show(this,
String.Format(Properties.Resources.CredentialsEditorForm_PrincipalAlreadyExists, textBoxPrincipalName.Text, textBoxPrincipalRealm.Text),
Properties.Resources.MessageBox_ErrorString, MessageBoxButtons.YesNo, MessageBoxIcon.Question) == DialogResult.Yes))
{
Principal = p;
Username = textBoxUsername.Text;
Password = textBoxPassword.Text;
Domain = textBoxDomain.Text;
DialogResult = DialogResult.OK;
Close();
}
}
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="principal">The security principal to resolve</param>
/// <param name="details">Additional details</param>
/// <param name="context">Context object for the request</param>
public ResolveCredentialsEventArgs(SecurityPrincipal principal, string details, object context)
{
Principal = principal;
Details = details;
Context = context;
}
private void AddCredential(SecurityPrincipal principal, AuthenticationCredentials creds)
{
ListViewItem item = new ListViewItem(String.Format("{0}@{1}", principal.Name, principal.Realm));
item.SubItems.Add(creds.Username);
item.SubItems.Add(creds.Domain);
}
private bool CheckPrincipal(SecurityPrincipal principal)
{
return !_credentials.ContainsKey(principal);
}
private ICredentialObject GetCredentials(SecurityPrincipal principal, string details, Func <ICredentialObject, object, bool> validateCredentials, object context)
{
ICredentialObject ret = null;
if (ResolveCredentials != null)
{
bool resolved = false;
// Exit if we tried to resolve or ret is not null
while (!resolved)
{
// Resolve a single principal only one at a time
object lockObject = new object();
object currObject = _resolveLock.GetOrAdd(principal, lockObject);
lock (currObject)
{
// This is our object, and we know it is already locked
if (currObject == lockObject)
{
try
{
ResolveCredentialsEventArgs args = new ResolveCredentialsEventArgs(principal, details, context);
ResolveCredentials(this, args);
ResolveCredentialsResult credentials = args.Result;
if ((credentials != null) && (credentials.Credentials != null))
{
if (validateCredentials == null ||
validateCredentials(credentials.Credentials, context))
{
// Perhaps should log this as an error?
if (principal.PrincipalType.IsAssignableFrom(credentials.Credentials.GetType()))
{
if (credentials.Cache)
{
AddCredentials(principal, credentials.Credentials);
}
ret = credentials.Credentials;
break;
}
}
}
resolved = true;
}
finally
{
_resolveLock.TryRemove(principal, out lockObject);
}
}
else // Not our object, but doesn't matter we won't get here until the originator unlocks
{
ret = GetCachedCredentials(principal);
if (ret != null)
{
resolved = true;
}
}
}
}
}
return(ret);
}
