Example #1
0
        public static IntPtr GetAccessToken(SecHandle serverContext)
        {
            IntPtr accessToken;
            uint   result = QueryContextAttributes(ref serverContext, SECPKG_ATTR_ACCESS_TOKEN, out accessToken);

            if (result == SEC_E_OK)
            {
                return(accessToken);
            }
            else
            {
                return(IntPtr.Zero);
            }
        }
Example #2
0
        public static string GetUserName(SecHandle context)
        {
            string userName;
            uint   result = QueryContextAttributes(ref context, SECPKG_ATTR_NAME, out userName);

            if (result == SEC_E_OK)
            {
                return(userName);
            }
            else
            {
                return(null);
            }
        }
Example #3
0
        /// <summary>
        /// Windows Vista or newer is required for SECPKG_ATTR_SESSION_KEY to work.
        /// Windows XP / Server 2003 will return SEC_E_INVALID_TOKEN.
        /// </summary>
        public static byte[] GetSessionKey(SecHandle context)
        {
            SecPkgContext_SessionKey sessionKey;
            uint result = QueryContextAttributes(ref context, SECPKG_ATTR_SESSION_KEY, out sessionKey);

            if (result == SEC_E_OK)
            {
                int    length          = (int)sessionKey.SessionKeyLength;
                byte[] sessionKeyBytes = new byte[length];
                Marshal.Copy(sessionKey.SessionKey, sessionKeyBytes, 0, length);
                return(sessionKeyBytes);
            }
            else
            {
                return(null);
            }
        }
Example #4
0
        public override bool DeleteSecurityContext(ref object context)
        {
            AuthContext authContext = context as AuthContext;

            if (authContext == null)
            {
                return(false);
            }

            SecHandle handle  = ((AuthContext)context).ServerContext;
            uint      result  = SSPIHelper.DeleteSecurityContext(ref handle);
            bool      success = (result == 0); // SEC_E_OK

            if (success)
            {
                context = null;
            }
            return(success);
        }
Example #5
0
        public static byte[] GetType2Message(byte[] type1MessageBytes, out SecHandle serverContext)
        {
            SecHandle     credentialsHandle = AcquireNTLMCredentialsHandle();
            SecBuffer     inputBuffer       = new SecBuffer(type1MessageBytes);
            SecBufferDesc input             = new SecBufferDesc(inputBuffer);

            serverContext = new SecHandle();
            SecBuffer        outputBuffer = new SecBuffer(MAX_TOKEN_SIZE);
            SecBufferDesc    output       = new SecBufferDesc(outputBuffer);
            uint             contextAttributes;
            SECURITY_INTEGER timestamp;

            uint result = AcceptSecurityContext(ref credentialsHandle, IntPtr.Zero, ref input, ASC_REQ_INTEGRITY | ASC_REQ_CONFIDENTIALITY, SECURITY_NATIVE_DREP, ref serverContext, ref output, out contextAttributes, out timestamp);

            if (result != SEC_E_OK && result != SEC_I_CONTINUE_NEEDED)
            {
                if (result == SEC_E_INVALID_HANDLE)
                {
                    throw new Exception("AcceptSecurityContext failed, invalid handle");
                }
                else if (result == SEC_E_INVALID_TOKEN)
                {
                    throw new Exception("InitializeSecurityContext failed, Invalid token");
                }
                else if (result == SEC_E_BUFFER_TOO_SMALL)
                {
                    throw new Exception("AcceptSecurityContext failed, buffer too small");
                }
                else
                {
                    throw new Exception("AcceptSecurityContext failed, error code 0x" + result.ToString("X"));
                }
            }
            FreeCredentialsHandle(ref credentialsHandle);
            byte[] messageBytes = output.GetBufferBytes(0);
            inputBuffer.Dispose();
            input.Dispose();
            outputBuffer.Dispose();
            output.Dispose();
            return(messageBytes);
        }
Example #6
0
        /// <summary>
        /// AcceptSecurityContext will return SEC_E_LOGON_DENIED when the password is correct in these cases:
        /// 1. The account is listed under the "Deny access to this computer from the network" list.
        /// 2. 'limitblankpassworduse' is set to 1, non-guest is attempting to login with an empty password,
        ///    and the Guest account is disabled, has non-empty pasword set or listed under the "Deny access to this computer from the network" list.
        ///
        /// Note: "If the Guest account is enabled, SSPI logon may succeed as Guest for user credentials that are not valid".
        /// </summary>
        /// <remarks>
        /// 1. 'limitblankpassworduse' will not affect the Guest account.
        /// 2. Listing the user in the "Deny access to this computer from the network" or the "Deny logon locally" lists will not affect AcceptSecurityContext if all of these conditions are met.
        /// - 'limitblankpassworduse' is set to 1.
        /// - The user has an empty password set.
        /// - Guest is NOT listed in the "Deny access to this computer from the network" list.
        /// - Guest is enabled and has empty pasword set.
        /// </remarks>
        public static bool AuthenticateType3Message(SecHandle serverContext, byte[] type3MessageBytes)
        {
            SecHandle        newContext   = new SecHandle();
            SecBuffer        inputBuffer  = new SecBuffer(type3MessageBytes);
            SecBufferDesc    input        = new SecBufferDesc(inputBuffer);
            SecBuffer        outputBuffer = new SecBuffer(MAX_TOKEN_SIZE);
            SecBufferDesc    output       = new SecBufferDesc(outputBuffer);
            uint             contextAttributes;
            SECURITY_INTEGER timestamp;

            uint result = AcceptSecurityContext(IntPtr.Zero, ref serverContext, ref input, ASC_REQ_INTEGRITY | ASC_REQ_CONFIDENTIALITY, SECURITY_NATIVE_DREP, ref newContext, ref output, out contextAttributes, out timestamp);

            inputBuffer.Dispose();
            input.Dispose();
            outputBuffer.Dispose();
            output.Dispose();

            if (result == SEC_E_OK)
            {
                return(true);
            }
            else if ((uint)result == SEC_E_LOGON_DENIED)
            {
                return(false);
            }
            else
            {
                if (result == SEC_E_INVALID_HANDLE)
                {
                    throw new Exception("AcceptSecurityContext failed, invalid handle");
                }
                else if (result == SEC_E_INVALID_TOKEN)
                {
                    throw new Exception("AcceptSecurityContext failed, invalid security token");
                }
                else
                {
                    throw new Exception("AcceptSecurityContext failed, error code 0x" + result.ToString("X"));
                }
            }
        }
Example #7
0
        public static byte[] GetType3Message(SecHandle clientContext, byte[] type2Message)
        {
            SecHandle        newContext   = new SecHandle();
            SecBuffer        inputBuffer  = new SecBuffer(type2Message);
            SecBufferDesc    input        = new SecBufferDesc(inputBuffer);
            SecBuffer        outputBuffer = new SecBuffer(MAX_TOKEN_SIZE);
            SecBufferDesc    output       = new SecBufferDesc(outputBuffer);
            uint             contextAttributes;
            SECURITY_INTEGER expiry;

            uint result = InitializeSecurityContext(IntPtr.Zero, ref clientContext, null, ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY, 0, SECURITY_NATIVE_DREP, ref input, 0, ref newContext, ref output, out contextAttributes, out expiry);

            if (result != SEC_E_OK)
            {
                if (result == SEC_E_INVALID_HANDLE)
                {
                    throw new Exception("InitializeSecurityContext failed, invalid handle");
                }
                else if (result == SEC_E_INVALID_TOKEN)
                {
                    throw new Exception("InitializeSecurityContext failed, Invalid token");
                }
                else if (result == SEC_E_BUFFER_TOO_SMALL)
                {
                    throw new Exception("InitializeSecurityContext failed, buffer too small");
                }
                else
                {
                    throw new Exception("InitializeSecurityContext failed, error code 0x" + result.ToString("X"));
                }
            }
            byte[] messageBytes = output.GetBufferBytes(0);
            inputBuffer.Dispose();
            input.Dispose();
            outputBuffer.Dispose();
            output.Dispose();
            return(messageBytes);
        }
Example #8
0
 public AuthContext(SecHandle serverContext)
 {
     ServerContext = serverContext;
 }
Example #9
0
        public static byte[] GetType1Message(string domainName, string userName, string password, out SecHandle clientContext)
        {
            SecHandle credentialsHandle = AcquireNTLMCredentialsHandle(domainName, userName, password);

            clientContext = new SecHandle();
            SecBuffer        outputBuffer = new SecBuffer(MAX_TOKEN_SIZE);
            SecBufferDesc    output       = new SecBufferDesc(outputBuffer);
            uint             contextAttributes;
            SECURITY_INTEGER expiry;

            uint result = InitializeSecurityContext(ref credentialsHandle, IntPtr.Zero, null, ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY, 0, SECURITY_NATIVE_DREP, IntPtr.Zero, 0, ref clientContext, ref output, out contextAttributes, out expiry);

            if (result != SEC_E_OK && result != SEC_I_CONTINUE_NEEDED)
            {
                if (result == SEC_E_INVALID_HANDLE)
                {
                    throw new Exception("InitializeSecurityContext failed, Invalid handle");
                }
                else if (result == SEC_E_BUFFER_TOO_SMALL)
                {
                    throw new Exception("InitializeSecurityContext failed, Buffer too small");
                }
                else
                {
                    throw new Exception("InitializeSecurityContext failed, Error code 0x" + result.ToString("X"));
                }
            }
            FreeCredentialsHandle(ref credentialsHandle);
            byte[] messageBytes = output.GetBufferBytes(0);
            outputBuffer.Dispose();
            output.Dispose();
            return(messageBytes);
        }
Example #10
0
 public static byte[] GetType1Message(string userName, string password, out SecHandle clientContext)
 {
     return(GetType1Message(String.Empty, userName, password, out clientContext));
 }
Example #11
0
 public extern static uint DeleteSecurityContext(
     ref SecHandle phContext
     );
Example #12
0
 private extern static uint FreeCredentialsHandle(
     ref SecHandle phCredential
     );
Example #13
0
 private static extern uint QueryContextAttributes(
     ref SecHandle phContext,
     uint ulAttribute,
     out SecPkgContext_SessionKey value);
Example #14
0
 private static extern uint QueryContextAttributes(
     ref SecHandle phContext,
     uint ulAttribute,
     out IntPtr value);