Exemple #1
0
        private IUserIdentity GetKerberosToken()
        {
            // need to get the service principal name from the user token policy.
            UserTokenPolicy policy = (UserTokenPolicy)KerberosTAB.Tag;

            if (policy == null)
            {
                return null;
            }

            // The ServicePrincipalName (SPN) for the UA Server must be specified as the IssuerEndpointUrl

            // The ServicePrincipalName (SPN) must be registered with the Kerberos Ticket Granting Server (e.g. Windows Domain Controller).
            // The SPN identifies the host that UA server is running on and the name of the application.
            // A domain admin must grant delegate permission to the domain account that the UA server runs under.
            // That can be done with the setspn.exe utility:

            // setspn -U -S <hostname>/<exename> <domain accountname>
            // setspn -C -S <hostname>/<exename> <hostname>

            // The latter form is used if the UA server runs a Windows Service using the builtin Windows Service account.   

            // NOTE: Using the KerberosSecurityTokenProvider without the NetworkCredential parameter will use the 
            // the credentials of the client process,

            // create the token provider.
            KerberosSecurityTokenProvider provider = new KerberosSecurityTokenProvider(
                policy.IssuerEndpointUrl,
                System.Security.Principal.TokenImpersonationLevel.Impersonation,
                new System.Net.NetworkCredential(KerberosUserNameTB.Text, KerberosPasswordTB.Text, KerberosDomainTB.Text));

            // create the token (1 minute timeout looking for the server).
            KerberosRequestorSecurityToken token = (KerberosRequestorSecurityToken)provider.GetToken(new TimeSpan(0, 1, 0));
            
            return new UserIdentity(token);
        }
 public KerberosSecurityTokenProviderWrapper(KerberosSecurityTokenProvider innerProvider)
 {
     this.innerProvider = innerProvider;
 }
 public KerberosSecurityTokenProviderWrapper(KerberosSecurityTokenProvider innerProvider, SafeFreeCredentials credentialsHandle)
 {
     this.innerProvider = innerProvider;
     this.credentialsHandle = credentialsHandle;
 }