public SspiClient(string principalName, SspiPackageType sspiPackageType)
{
_sspiHelper = new SspiHelper(principalName);
_sspiPackageType = sspiPackageType;
_sspiHelper.InitializeClient(out _clientToken, null, out _continueProcessing, _sspiPackageType);
}
public void InitializeClient(out byte[] clientToken, byte[] serverToken, out bool bContinueProcessing,
SspiPackageType sspiPackageType = SspiPackageType.Negotiate)
{
clientToken = null;
bContinueProcessing = true;
var clientLifeTime = new SECURITY_INTEGER(0);
if (!_bGotClientCredentials)
{
int result = NativeMethods.AcquireCredentialsHandle(
_sAccountName, sspiPackageType.ToString(), NativeContants.SECPKG_CRED_OUTBOUND,
IntPtr.Zero, IntPtr.Zero, 0, IntPtr.Zero,
ref _hOutboundCred, ref clientLifeTime);
if (result != NativeContants.SEC_E_OK)
{
throw new SspiException("Couldn't acquire client credentials", result);
}
_bGotClientCredentials = true;
}
int ss;
var clientTokenSecBufferDesc = new SecBufferDesc(MAX_TOKEN_SIZE);
try
{
uint contextAttributes;
if (serverToken == null)
{
ss = NativeMethods.InitializeSecurityContext(
ref _hOutboundCred,
IntPtr.Zero,
_sAccountName, // null string pszTargetName,
STANDARD_CONTEXT_ATTRIBUTES,
0, //int Reserved1,
NativeContants.SECURITY_NATIVE_DREP, //int TargetDataRep
IntPtr.Zero, //Always zero first time around...
0, //int Reserved2,
out _hClientContext, //pHandle CtxtHandle = SecHandle
out clientTokenSecBufferDesc, //ref SecBufferDesc pOutput, //PSecBufferDesc
out contextAttributes, //ref int pfContextAttr,
out clientLifeTime); //ref IntPtr ptsExpiry ); //PTimeStamp
}
else
{
var serverTokenSecBufferDesc = new SecBufferDesc(serverToken);
try
{
ss = NativeMethods.InitializeSecurityContext(
ref _hOutboundCred,
ref _hClientContext,
_sAccountName, // null string pszTargetName,
STANDARD_CONTEXT_ATTRIBUTES,
0, //int Reserved1,
NativeContants.SECURITY_NATIVE_DREP, //int TargetDataRep
ref serverTokenSecBufferDesc, //Always zero first time around...
0, //int Reserved2,
out _hClientContext, //pHandle CtxtHandle = SecHandle
out clientTokenSecBufferDesc, //ref SecBufferDesc pOutput, //PSecBufferDesc
out contextAttributes, //ref int pfContextAttr,
out clientLifeTime); //ref IntPtr ptsExpiry ); //PTimeStamp
}
finally
{
serverTokenSecBufferDesc.Dispose();
}
}
if (ss != NativeContants.SEC_E_OK && ss != NativeContants.SEC_I_CONTINUE_NEEDED)
{
throw new SspiException("InitializeSecurityContext() failed!!!", ss);
}
clientToken = clientTokenSecBufferDesc.GetSecBufferByteArray();
}
finally
{
clientTokenSecBufferDesc.Dispose();
}
bContinueProcessing = ss != NativeContants.SEC_E_OK;
}
public void InitializeServer(byte[] clientToken, out byte[] serverToken, out bool bContinueProcessing,
SspiPackageType sspiPackageType = SspiPackageType.Negotiate)
{
serverToken = null;
bContinueProcessing = true;
var newLifeTime = new SECURITY_INTEGER(0);
if (!_bGotServerCredentials)
{
int result = NativeMethods.AcquireCredentialsHandle(
_sAccountName, sspiPackageType.ToString(), NativeContants.SECPKG_CRED_INBOUND,
IntPtr.Zero, IntPtr.Zero, 0, IntPtr.Zero,
ref _hInboundCred, ref newLifeTime);
if (result != NativeContants.SEC_E_OK)
{
throw new SspiException("Couldn't acquire server credentials handle!!!", result);
}
_bGotServerCredentials = true;
}
var serverTokenSecBufferDesc = new SecBufferDesc(MAX_TOKEN_SIZE);
var clientTokenSecBufferDesc = new SecBufferDesc(clientToken);
try
{
int ss;
uint uNewContextAttr;
if (!_bGotServerContext)
{
ss = NativeMethods.AcceptSecurityContext(
ref _hInboundCred, // [in] handle to the credentials
IntPtr.Zero,
// [in/out] handle of partially formed context. Always NULL the first time through
ref clientTokenSecBufferDesc, // [in] pointer to the input buffers
STANDARD_CONTEXT_ATTRIBUTES, // [in] required context attributes
NativeContants.SECURITY_NATIVE_DREP, // [in] data representation on the target
out _hServerContext, // [in/out] receives the new context handle
out serverTokenSecBufferDesc, // [in/out] pointer to the output buffers
out uNewContextAttr, // [out] receives the context attributes
out newLifeTime); // [out] receives the life span of the security context
}
else
{
ss = NativeMethods.AcceptSecurityContext(
ref _hInboundCred, // [in] handle to the credentials
ref _hServerContext,
// [in/out] handle of partially formed context. Always NULL the first time through
ref clientTokenSecBufferDesc, // [in] pointer to the input buffers
STANDARD_CONTEXT_ATTRIBUTES, // [in] required context attributes
NativeContants.SECURITY_NATIVE_DREP, // [in] data representation on the target
out _hServerContext, // [in/out] receives the new context handle
out serverTokenSecBufferDesc, // [in/out] pointer to the output buffers
out uNewContextAttr, // [out] receives the context attributes
out newLifeTime); // [out] receives the life span of the security context
}
if (ss != NativeContants.SEC_E_OK && ss != NativeContants.SEC_I_CONTINUE_NEEDED)
{
throw new SspiException("AcceptSecurityContext() failed!!!", ss);
}
if (!_bGotServerContext)
{
_bGotServerContext = true;
}
serverToken = serverTokenSecBufferDesc.GetSecBufferByteArray();
bContinueProcessing = ss != NativeContants.SEC_E_OK;
}
finally
{
clientTokenSecBufferDesc.Dispose();
serverTokenSecBufferDesc.Dispose();
}
}
