|
private CredRead ( string TargetName, CredTypes Type, int Flags, |
||
| TargetName | string | |
| Type | CredTypes | |
| Flags | int | |
| Credential | ||
| return | bool | |
private static CredUi.SimpleCredentials ReadCredential(string key)
{
IntPtr nCredPtr;
var read = CredUi.CredRead(key, CredUi.CredTypes.CRED_TYPE_GENERIC, 0, out nCredPtr);
var lastError = Marshal.GetLastWin32Error();
if (!read)
{
if (lastError == (int)CredUi.CredUIReturnCodes.ERROR_NOT_FOUND)
{
return(null);
}
else
{
throw new CredentialException(lastError);
}
}
var credential = new CredUi.SimpleCredentials();
using (var criticalCredentialHandle = new CredUi.CriticalCredentialHandle(nCredPtr))
{
var cred = criticalCredentialHandle.GetCredential();
credential.UserName = cred.UserName;
credential.Password = cred.CredentialBlob;
}
return(credential);
}
private CredUi.SimpleCredentials ReadCredential(string key, bool allowConfigurationFallback)
{
Log.Debug("Trying to read credentials for key '{0}'", key);
// Immediately return if saved credentials disabled by policy
if (_credentialStoragePolicy == CredentialStoragePolicy.None)
{
return(null);
}
var credential = new CredUi.SimpleCredentials();
if (_credentialStoragePolicy == CredentialStoragePolicy.Configuration)
{
ReadCredentialFromConfiguration(key, credential);
return(credential);
}
var read = CredUi.CredRead(key, CredUi.CredTypes.CRED_TYPE_GENERIC, 0, out var nCredPtr);
var lastError = Marshal.GetLastWin32Error();
if (!read)
{
if (lastError == (int)CredUi.CredUIReturnCodes.ERROR_NOT_FOUND)
{
Log.Debug("Failed to read credentials, credentials are not found");
return(null);
}
throw Log.ErrorAndCreateException(x => new CredentialException(lastError), "Failed to read credentials, error code is '{0}'", lastError);
}
using (var criticalCredentialHandle = new CredUi.CriticalCredentialHandle(nCredPtr))
{
var cred = criticalCredentialHandle.GetCredential();
Log.Debug("Retrieved credentials: {0}", cred);
credential.UserName = cred.UserName;
credential.Password = cred.CredentialBlob;
// Some company policies don't allow us reading the credentials, so
// that results in an empty password being returned
if (string.IsNullOrWhiteSpace(credential.Password))
{
if (allowConfigurationFallback)
{
try
{
ReadCredentialFromConfiguration(key, credential);
}
catch (Exception ex)
{
Log.Error(ex, "Failed to read credentials from alternative configuration");
}
}
if (string.IsNullOrWhiteSpace(credential.Password))
{
// We failed to read credentials from both vault and configuration
return(null);
}
}
}
return(credential);
}
private CredUi.SimpleCredentials ReadCredential(string key, bool allowConfigurationFallback)
{
Log.Debug("Trying to read credentials for key '{0}'", key);
var read = CredUi.CredRead(key, CredUi.CredTypes.CRED_TYPE_GENERIC, 0, out var nCredPtr);
var lastError = Marshal.GetLastWin32Error();
if (!read)
{
if (lastError == (int)CredUi.CredUIReturnCodes.ERROR_NOT_FOUND)
{
Log.Debug("Failed to read credentials, credentials are not found");
return(null);
}
throw Log.ErrorAndCreateException(x => new CredentialException(lastError), "Failed to read credentials, error code is '{0}'", lastError);
}
var credential = new CredUi.SimpleCredentials();
using (var criticalCredentialHandle = new CredUi.CriticalCredentialHandle(nCredPtr))
{
var cred = criticalCredentialHandle.GetCredential();
Log.Debug("Retrieved credentials: {0}", cred);
credential.UserName = cred.UserName;
credential.Password = cred.CredentialBlob;
// Some company policies don't allow us reading the credentials, so
// that results in an empty password being returned
if (string.IsNullOrWhiteSpace(credential.Password))
{
if (allowConfigurationFallback)
{
try
{
var configurationKey = GetPasswordConfigurationKey(key, credential.UserName);
var encryptionKey = GetEncryptionKey(key, credential.UserName);
Log.Debug("Failed to read credentials from vault, probably a company policy. Falling back to reading configuration key '{0}'", configurationKey);
var encryptedPassword = _configurationService.GetRoamingValue(configurationKey, string.Empty);
if (!string.IsNullOrWhiteSpace(encryptedPassword))
{
var decryptedPassword = EncryptionHelper.Decrypt(encryptedPassword, encryptionKey);
credential.Password = decryptedPassword;
}
}
catch (Exception ex)
{
Log.Error(ex, "Failed to read credentials from alternative configuration");
}
}
if (string.IsNullOrWhiteSpace(credential.Password))
{
// We failed to read credentials from both vault and configuration
return(null);
}
}
}
return(credential);
}
