// Test Windows Authentication
private static bool ChallengeIWA(IdentityManager.CredentialRequestInfos credentialRequestInfos,
Action <IdentityManager.Credential, Exception> callback)
{
if (credentialRequestInfos.AuthenticationType == IdentityManager.AuthenticationType.NetworkCredential &&
credentialRequestInfos.ResponseHeaders != null && CredentialCache.DefaultCredentials != null)
{
// test that we didn't already try the IWA authentication
if (TryDone(credentialRequestInfos.Url))
{
return(false);
}
// get the WWW-Authenticate header
string header = credentialRequestInfos.ResponseHeaders.Get("WWW-Authenticate");
// if the header contains NTLM the server is using Integrated Windows
// Authentication (IWA), so try the current user's credentials
if (!string.IsNullOrEmpty(header) && header.Contains("NTLM")) // IWA
{
var credential = new IdentityManager.Credential
{
Url = credentialRequestInfos.Url,
Credentials = CredentialCache.DefaultCredentials
};
AddTry(credentialRequestInfos.Url);
callback(credential, null);
return(true);
}
}
return(false);
}
/// <summary>
/// Static challenge method leaveraging the SignInDialog in a child window.
/// This method manages all credential types.
/// Note however that in case of <see cref="IdentityManager.AuthenticationType.Certificate">certificate authentication</see> the SignInDialog UI is not used.
/// The standard .Net dialog box for selecting an X.509 certificate from a certificate collection is used instead.
/// </summary>
/// <seealso cref="DoSignIn"/>
/// <param name="credentialRequestInfos">The information about the credential to get.</param>
/// <param name="callback">The callback.</param>
/// <param name="generateTokenOptions">The generate token options.</param>
public static void DoSignInEx(IdentityManager.CredentialRequestInfos credentialRequestInfos, Action <IdentityManager.Credential, Exception> callback, IdentityManager.GenerateTokenOptions generateTokenOptions = null)
{
// Check if IWA authentication might be OK
if (ChallengeIWA(credentialRequestInfos, callback))
{
return;
}
// Display UI for challenging
System.Windows.Threading.Dispatcher d = null;
if (Application.Current != null)
{
d = Application.Current.Dispatcher;
}
if (d != null && !d.CheckAccess())
{
//Ensure we are showing up the SignInDialog on the UI thread
d.BeginInvoke((Action)(() => DoSignInInUIThreadEx(credentialRequestInfos, callback, generateTokenOptions)));
}
else
{
DoSignInInUIThreadEx(credentialRequestInfos, callback, generateTokenOptions);
}
}
private static void ChallengeCertificate(IdentityManager.CredentialRequestInfos credentialRequestInfos, Action <IdentityManager.Credential, Exception> callback)
{
var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
X509Certificate2Collection certificates;
try
{
const string clientAuthOid = "1.3.6.1.5.5.7.3.2"; // Client Authentication OID
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
// Find Client Authentication certificate
certificates = store.Certificates.Find(X509FindType.FindByApplicationPolicy, clientAuthOid, true); // todo true);
}
catch (Exception)
{
certificates = null;
}
finally
{
store.Close();
}
if (certificates != null && certificates.Count >= 1)
{
// Let the user select/validate the certificate
string url = credentialRequestInfos.Url;
string resourceName = GetResourceName(url);
IdentityManager.ServerInfo serverInfo = IdentityManager.Current.FindServerInfo(url);
string server = serverInfo == null?Regex.Match(url, "http.?//[^/]*").ToString() : serverInfo.ServerUrl;
string message = string.Format(Properties.Resources.SignInDialog_CertificateRequired, resourceName, server); // certicate required to access {0} on {1}
certificates = X509Certificate2UI.SelectFromCollection(certificates, null, message, X509SelectionFlag.SingleSelection);
}
IdentityManager.Credential credential = null;
Exception error = null;
if (certificates != null && certificates.Count > 0)
{
credential = new IdentityManager.Credential {
ClientCertificate = certificates[0]
};
}
else
{
// Note : Error type is not that important since the error returned to the user is the initial HTTP error (Authorization Error)
error = new System.Security.Authentication.AuthenticationException();
}
callback(credential, error);
}
private static void DoSignInInUIThreadEx(IdentityManager.CredentialRequestInfos credentialRequestInfos, Action <IdentityManager.Credential, Exception> callback, IdentityManager.GenerateTokenOptions generateTokenOptions)
{
switch (credentialRequestInfos.AuthenticationType)
{
case IdentityManager.AuthenticationType.Token:
case IdentityManager.AuthenticationType.NetworkCredential:
DoSignInInUIThread(credentialRequestInfos.Url, callback, generateTokenOptions, credentialRequestInfos.AuthenticationType);
break;
case IdentityManager.AuthenticationType.Certificate:
ChallengeCertificate(credentialRequestInfos, callback);
break;
}
}
