Exemple #1
0
        internal string ToBlob()
        {
            StringBuilder builder = new StringBuilder();

            builder.Append(HttpDigest.pair("realm", this.Realm, true));
            if (this.Algorithm != null)
            {
                builder.Append(",");
                builder.Append(HttpDigest.pair("algorithm", this.Algorithm, true));
            }
            if (this.Charset != null)
            {
                builder.Append(",");
                builder.Append(HttpDigest.pair("charset", this.Charset, false));
            }
            if (this.Nonce != null)
            {
                builder.Append(",");
                builder.Append(HttpDigest.pair("nonce", this.Nonce, true));
            }
            if (this.Uri != null)
            {
                builder.Append(",");
                builder.Append(HttpDigest.pair("uri", this.Uri, true));
            }
            if (this.ClientNonce != null)
            {
                builder.Append(",");
                builder.Append(HttpDigest.pair("cnonce", this.ClientNonce, true));
            }
            if (this.NonceCount > 0)
            {
                builder.Append(",");
                builder.Append(HttpDigest.pair("nc", this.NonceCount.ToString("x8", NumberFormatInfo.InvariantInfo), true));
            }
            if (this.QualityOfProtection != null)
            {
                builder.Append(",");
                builder.Append(HttpDigest.pair("qop", this.QualityOfProtection, true));
            }
            if (this.Opaque != null)
            {
                builder.Append(",");
                builder.Append(HttpDigest.pair("opaque", this.Opaque, true));
            }
            if (this.Domain != null)
            {
                builder.Append(",");
                builder.Append(HttpDigest.pair("domain", this.Domain, true));
            }
            if (this.Stale)
            {
                builder.Append(",");
                builder.Append(HttpDigest.pair("stale", "true", true));
            }
            return(builder.ToString());
        }
Exemple #2
0
        private static string RefineDigestChallenge(string challenge, int index)
        {
            string str = null;
            int    num4;

            if ((challenge == null) || (index >= challenge.Length))
            {
                throw new ArgumentOutOfRangeException("challenge", challenge);
            }
            int startIndex = index + SignatureSize;

            if ((challenge.Length > startIndex) && (challenge[startIndex] != ','))
            {
                startIndex++;
            }
            else
            {
                index = -1;
            }
            if ((index < 0) || (challenge.Length <= startIndex))
            {
                throw new ArgumentOutOfRangeException("challenge", challenge);
            }
            str = challenge.Substring(startIndex);
            int  num3 = 0;
            bool flag = true;
            HttpDigestChallenge challenge2 = new HttpDigestChallenge();

Label_0070:
            num4  = num3;
            index = AuthenticationManager.SplitNoQuotes(str, ref num4);
            if (num4 >= 0)
            {
                string str3;
                string name = str.Substring(num3, num4 - num3);
                if (index < 0)
                {
                    str3 = HttpDigest.unquote(str.Substring(num4 + 1));
                }
                else
                {
                    str3 = HttpDigest.unquote(str.Substring(num4 + 1, (index - num4) - 1));
                }
                flag = challenge2.defineAttribute(name, str3);
                if ((index >= 0) && flag)
                {
                    num3 = ++index;
                    goto Label_0070;
                }
            }
            if ((!flag || (num4 < 0)) && (num3 < str.Length))
            {
                str = (num3 > 0) ? str.Substring(0, num3 - 1) : "";
            }
            return(str);
        }
        public Authorization PreAuthenticate(WebRequest webRequest, ICredentials credentials)
        {
            GlobalLog.Print("DigestClient::PreAuthenticate()");

#if XP_WDIGEST
            if (ComNetOS.IsPostWin2K)
            {
                return(XPDigestClient.PreAuthenticate(webRequest, credentials));
            }
#endif // #if XP_WDIGEST

            GlobalLog.Assert(credentials != null, "DigestClient::PreAuthenticate() credentials==null", "");
            if (credentials == null || credentials is SystemNetworkCredential)
            {
                return(null);
            }

            HttpWebRequest httpWebRequest = webRequest as HttpWebRequest;
            GlobalLog.Assert(httpWebRequest != null, "DigestClient::PreAuthenticate() httpWebRequest==null", "");
            if (httpWebRequest == null)
            {
                return(null);
            }

            HttpDigestChallenge storedHDC = (HttpDigestChallenge)challengeCache.Lookup(httpWebRequest.ChallengedUri.AbsoluteUri);
            if (storedHDC == null)
            {
                return(null);
            }

            HttpDigestChallenge modifiedHDC = storedHDC.CopyAndIncrementNonce();
            modifiedHDC.HostName = httpWebRequest.ChallengedUri.Host;
            modifiedHDC.Method   = httpWebRequest.CurrentMethod;
            // Consider:
            // I have also tried PathAndQuery against both IIS 5.0 and IIS 6.0 servers.
            // it didn't make a difference. PathAndQuery is a more complete piece of information
            // investigate with Kevin Damour if WDigest.dll wants the quesry string or not.
            modifiedHDC.Uri           = httpWebRequest.Address.AbsolutePath;
            modifiedHDC.ChallengedUri = httpWebRequest.ChallengedUri;

            Authorization digestResponse = HttpDigest.Authenticate(modifiedHDC, credentials);

            return(digestResponse);
        }
Exemple #4
0
        public bool Update(string challenge, WebRequest webRequest)
        {
            HttpWebRequest httpWebRequest = webRequest as HttpWebRequest;

            if (httpWebRequest.CurrentAuthenticationState.GetSecurityContext(this) != null)
            {
                return(this.XPUpdate(challenge, httpWebRequest));
            }
            if (httpWebRequest.ResponseStatusCode != httpWebRequest.CurrentAuthenticationState.StatusCodeMatch)
            {
                ChannelBinding channelBinding = null;
                if (httpWebRequest.CurrentAuthenticationState.TransportContext != null)
                {
                    channelBinding = httpWebRequest.CurrentAuthenticationState.TransportContext.GetChannelBinding(ChannelBindingKind.Endpoint);
                }
                httpWebRequest.ServicePoint.SetCachedChannelBinding(httpWebRequest.ChallengedUri, channelBinding);
                return(true);
            }
            int startingPoint = (challenge == null) ? -1 : AuthenticationManager.FindSubstringNotInQuotes(challenge, Signature);

            if (startingPoint < 0)
            {
                return(true);
            }
            int startIndex = startingPoint + SignatureSize;

            if ((challenge.Length > startIndex) && (challenge[startIndex] != ','))
            {
                startIndex++;
            }
            else
            {
                startingPoint = -1;
            }
            if ((startingPoint >= 0) && (challenge.Length > startIndex))
            {
                challenge.Substring(startIndex);
            }
            HttpDigestChallenge challenge2 = HttpDigest.Interpret(challenge, startingPoint, httpWebRequest);

            return((challenge2 == null) || !challenge2.Stale);
        }
        //
        // CONSIDER V.NEXT
        // creating a static hashtable for server nonces and keep track of nonce count
        //
        public static Authorization Authenticate(HttpDigestChallenge digestChallenge, ICredentials credentials)
        {
            NetworkCredential NC = credentials.GetCredential(digestChallenge.ChallengedUri, DigestClient.Signature);

            GlobalLog.Print("HttpDigest::Authenticate() GetCredential() returns:" + ValidationHelper.ToString(NC));

            if (NC == null)
            {
                return(null);
            }
            string username = NC.UserName;

            if (ValidationHelper.IsBlankString(username))
            {
                return(null);
            }
            string password = NC.Password;

            if (digestChallenge.QopPresent)
            {
                if (digestChallenge.ClientNonce == null || digestChallenge.Stale)
                {
                    GlobalLog.Print("HttpDigest::Authenticate() QopPresent:True, need new nonce. digestChallenge.ClientNonce:" + ValidationHelper.ToString(digestChallenge.ClientNonce) + " digestChallenge.Stale:" + digestChallenge.Stale.ToString());
                    digestChallenge.ClientNonce = createNonce(32);
                    digestChallenge.NonceCount  = 1;
                }
                else
                {
                    GlobalLog.Print("HttpDigest::Authenticate() QopPresent:True, reusing nonce. digestChallenge.NonceCount:" + digestChallenge.NonceCount.ToString());
                    digestChallenge.NonceCount++;
                }
            }

            StringBuilder authorization = new StringBuilder();

            //
            // look at username & password, if it's not ASCII we need to attempt some
            // kind of encoding because we need to calculate the hash on byte[]
            //
            Charset usernameCharset = DetectCharset(username);

            if (!digestChallenge.UTF8Charset && usernameCharset == Charset.UTF8)
            {
                GlobalLog.Print("HttpDigest::Authenticate() can't authenticate with UNICODE username. failing auth.");
                return(null);
            }
            Charset passwordCharset = DetectCharset(password);

            if (!digestChallenge.UTF8Charset && passwordCharset == Charset.UTF8)
            {
                GlobalLog.Print("HttpDigest::Authenticate() can't authenticate with UNICODE password. failing auth.");
                return(null);
            }
            if (digestChallenge.UTF8Charset)
            {
                // on the wire always use UTF8 when the server supports it
                authorization.Append(pair(DA_charset, "utf-8", false));
                authorization.Append(",");
                if (usernameCharset == Charset.UTF8)
                {
                    username = CharsetEncode(username, Charset.UTF8);
                    authorization.Append(pair(DA_username, username, true));
                    authorization.Append(",");
                }
                else
                {
                    authorization.Append(pair(DA_username, CharsetEncode(username, Charset.UTF8), true));
                    authorization.Append(",");
                    username = CharsetEncode(username, usernameCharset);
                }
            }
            else
            {
                // otherwise UTF8 is not required
                username = CharsetEncode(username, usernameCharset);
                authorization.Append(pair(DA_username, username, true));
                authorization.Append(",");
            }

            password = CharsetEncode(password, passwordCharset);

            // no special encoding for the realm since we're just going to echo it back (encoding must have happened on the server).
            authorization.Append(pair(DA_realm, digestChallenge.Realm, true));
            authorization.Append(",");
            authorization.Append(pair(DA_nonce, digestChallenge.Nonce, true));
            authorization.Append(",");
            authorization.Append(pair(DA_uri, digestChallenge.Uri, true));

            if (digestChallenge.QopPresent)
            {
                //
                // RAID#47397
                // send only the QualityOfProtection we're using
                // since we support only "auth" that's what we will send out
                //
                if (digestChallenge.Algorithm != null)
                {
                    //
                    // consider: should we default to "MD5" here? IE does
                    //
                    authorization.Append(",");
                    authorization.Append(pair(DA_algorithm, digestChallenge.Algorithm, true)); // IE sends quotes - IIS needs them
                }
                authorization.Append(",");
                authorization.Append(pair(DA_cnonce, digestChallenge.ClientNonce, true));
                authorization.Append(",");
                authorization.Append(pair(DA_nc, digestChallenge.NonceCount.ToString("x8"), false));
                authorization.Append(",");
                authorization.Append(pair(DA_qop, SupportedQuality, true)); // IE sends quotes - IIS needs them
            }

            // warning: this must be computed here
            string responseValue = HttpDigest.responseValue(digestChallenge, username, password);

            if (responseValue == null)
            {
                return(null);
            }

            authorization.Append(",");
            authorization.Append(pair(DA_response, responseValue, true)); // IE sends quotes - IIS needs them

            if (digestChallenge.Opaque != null)
            {
                authorization.Append(",");
                authorization.Append(pair(DA_opaque, digestChallenge.Opaque, true));
            }

            GlobalLog.Print("HttpDigest::Authenticate() digestChallenge.Stale:" + digestChallenge.Stale.ToString());

            // completion is decided in Update()
            Authorization finalAuthorization = new Authorization(DigestClient.AuthType + " " + authorization.ToString(), false);

            return(finalAuthorization);
        }
        public Authorization Authenticate(string challenge, WebRequest webRequest, ICredentials credentials)
        {
            GlobalLog.Print("DigestClient::Authenticate(): " + challenge);

#if XP_WDIGEST
            if (ComNetOS.IsPostWin2K)
            {
                return(XPDigestClient.Authenticate(challenge, webRequest, credentials));
            }
#endif // #if XP_WDIGEST

            GlobalLog.Assert(credentials != null, "DigestClient::Authenticate() credentials==null", "");
            if (credentials == null || credentials is SystemNetworkCredential)
            {
                return(null);
            }

            HttpWebRequest httpWebRequest = webRequest as HttpWebRequest;

            GlobalLog.Assert(httpWebRequest != null, "DigestClient::Authenticate() httpWebRequest==null", "");
            if (httpWebRequest == null || httpWebRequest.ChallengedUri == null)
            {
                //
                // there has been no challenge:
                // 1) the request never went on the wire
                // 2) somebody other than us is calling into AuthenticationManager
                //
                return(null);
            }

            int index = AuthenticationManager.FindSubstringNotInQuotes(challenge.ToLower(CultureInfo.InvariantCulture), Signature);
            if (index < 0)
            {
                return(null);
            }

            string[] prefixes = null;
            string   rootPath = httpWebRequest.ChallengedUri.Scheme + "://" + httpWebRequest.ChallengedUri.Host;

            HttpDigestChallenge digestChallenge = HttpDigest.Interpret(challenge, index, httpWebRequest);
            if (digestChallenge == null)
            {
                return(null);
            }

            if (digestChallenge.Domain == null)
            {
                challengeCache.Add(rootPath, digestChallenge);
            }
            else
            {
                prefixes = digestChallenge.Domain.Split(" ".ToCharArray());
                for (int i = 0; i < prefixes.Length; i++)
                {
                    challengeCache.Add(prefixes[i], digestChallenge);
                }
            }

            Authorization digestResponse = HttpDigest.Authenticate(digestChallenge, credentials);
            if (digestResponse != null)
            {
                if (prefixes == null)
                {
                    digestResponse.ProtectionRealm    = new string[1];
                    digestResponse.ProtectionRealm[0] = rootPath;
                }
                else
                {
                    digestResponse.ProtectionRealm = prefixes;
                }
            }

            return(digestResponse);
        }
        public bool Update(string challenge, WebRequest webRequest)
        {
            GlobalLog.Print("DigestClient::Update(): [" + challenge + "]");

#if XP_WDIGEST
            if (ComNetOS.IsPostWin2K)
            {
                return(XPDigestClient.Update(challenge, webRequest));
            }
#endif // #if XP_WDIGEST

            HttpWebRequest httpWebRequest = webRequest as HttpWebRequest;

            GlobalLog.Assert(httpWebRequest != null, "DigestClient::Update() httpWebRequest==null", "");
            GlobalLog.Assert(httpWebRequest.ChallengedUri != null, "DigestClient::Update() httpWebRequest.ChallengedUri==null", "");

            // here's how we know if the handshake is complete when we get the response back,
            // (keeping in mind that we need to support stale credentials):
            // !40X - complete & success
            // 40X & stale=false - complete & failure
            // 40X & stale=true - !complete

            if (httpWebRequest.ResponseStatusCode != httpWebRequest.CurrentAuthenticationState.StatusCodeMatch)
            {
                GlobalLog.Print("DigestClient::Update(): no status code match. returning true");
                return(true);
            }

            int index = challenge == null ? -1 : AuthenticationManager.FindSubstringNotInQuotes(challenge.ToLower(CultureInfo.InvariantCulture), Signature);
            if (index < 0)
            {
                GlobalLog.Print("DigestClient::Update(): no challenge. returning true");
                return(true);
            }

            int    blobBegin = index + SignatureSize;
            string incoming  = null;

            //
            // there may be multiple challenges. If the next character after the
            // package name is not a comma then it is challenge data
            //
            if (challenge.Length > blobBegin && challenge[blobBegin] != ',')
            {
                ++blobBegin;
            }
            else
            {
                index = -1;
            }
            if (index >= 0 && challenge.Length > blobBegin)
            {
                incoming = challenge.Substring(blobBegin);
            }

            HttpDigestChallenge digestChallenge = HttpDigest.Interpret(challenge, index, httpWebRequest);
            if (digestChallenge == null)
            {
                GlobalLog.Print("DigestClient::Update(): not a valid digest challenge. returning true");
                return(true);
            }

            GlobalLog.Print("DigestClient::Update(): returning digestChallenge.Stale:" + digestChallenge.Stale.ToString());

            return(!digestChallenge.Stale);
        }
Exemple #8
0
        private Authorization DoAuthenticate(string challenge, WebRequest webRequest, ICredentials credentials, bool preAuthenticate)
        {
            HttpDigestChallenge challenge2;

            if (credentials == null)
            {
                return(null);
            }
            HttpWebRequest    httpWebRequest = webRequest as HttpWebRequest;
            NetworkCredential credential     = credentials.GetCredential(httpWebRequest.ChallengedUri, Signature);

            if (credential is SystemNetworkCredential)
            {
                if (WDigestAvailable)
                {
                    return(this.XPDoAuthenticate(challenge, httpWebRequest, credentials, preAuthenticate));
                }
                return(null);
            }
            if (!preAuthenticate)
            {
                int startingPoint = AuthenticationManager.FindSubstringNotInQuotes(challenge, Signature);
                if (startingPoint < 0)
                {
                    return(null);
                }
                challenge2 = HttpDigest.Interpret(challenge, startingPoint, httpWebRequest);
            }
            else
            {
                challenge2 = challengeCache.Lookup(httpWebRequest.ChallengedUri.AbsoluteUri) as HttpDigestChallenge;
            }
            if (challenge2 == null)
            {
                return(null);
            }
            if (!CheckQOP(challenge2))
            {
                if (Logging.On)
                {
                    Logging.PrintError(Logging.Web, SR.GetString("net_log_digest_qop_not_supported", new object[] { challenge2.QualityOfProtection }));
                }
                return(null);
            }
            if (preAuthenticate)
            {
                challenge2 = challenge2.CopyAndIncrementNonce();
                challenge2.SetFromRequest(httpWebRequest);
            }
            if (credential == null)
            {
                return(null);
            }
            ICredentialPolicy credentialPolicy = AuthenticationManager.CredentialPolicy;

            if ((credentialPolicy != null) && !credentialPolicy.ShouldSendCredential(httpWebRequest.ChallengedUri, httpWebRequest, credential, this))
            {
                return(null);
            }
            string         computeSpn     = httpWebRequest.CurrentAuthenticationState.GetComputeSpn(httpWebRequest);
            ChannelBinding channelBinding = null;

            if (httpWebRequest.CurrentAuthenticationState.TransportContext != null)
            {
                channelBinding = httpWebRequest.CurrentAuthenticationState.TransportContext.GetChannelBinding(ChannelBindingKind.Endpoint);
            }
            Authorization authorization = HttpDigest.Authenticate(challenge2, credential, computeSpn, channelBinding);

            if ((!preAuthenticate && webRequest.PreAuthenticate) && (authorization != null))
            {
                string[] strArray = (challenge2.Domain == null) ? new string[] { httpWebRequest.ChallengedUri.GetParts(UriComponents.SchemeAndServer, UriFormat.UriEscaped) } : challenge2.Domain.Split(singleSpaceArray);
                authorization.ProtectionRealm = (challenge2.Domain == null) ? null : strArray;
                for (int i = 0; i < strArray.Length; i++)
                {
                    challengeCache.Add(strArray[i], challenge2);
                }
            }
            return(authorization);
        }
Exemple #9
0
        private Authorization XPDoAuthenticate(string challenge, HttpWebRequest httpWebRequest, ICredentials credentials, bool preAuthenticate)
        {
            NTAuthentication securityContext = null;
            string           incomingBlob    = null;
            SecurityStatus   status;

            if (!preAuthenticate)
            {
                int index = AuthenticationManager.FindSubstringNotInQuotes(challenge, Signature);
                if (index < 0)
                {
                    return(null);
                }
                securityContext = httpWebRequest.CurrentAuthenticationState.GetSecurityContext(this);
                incomingBlob    = RefineDigestChallenge(challenge, index);
            }
            else
            {
                HttpDigestChallenge challenge2 = challengeCache.Lookup(httpWebRequest.ChallengedUri.AbsoluteUri) as HttpDigestChallenge;
                if (challenge2 == null)
                {
                    return(null);
                }
                challenge2 = challenge2.CopyAndIncrementNonce();
                challenge2.SetFromRequest(httpWebRequest);
                incomingBlob = challenge2.ToBlob();
            }
            UriComponents uriParts = 0;

            if (httpWebRequest.CurrentMethod.ConnectRequest)
            {
                uriParts = UriComponents.HostAndPort;
            }
            else if (httpWebRequest.UsesProxySemantics)
            {
                uriParts = UriComponents.HttpRequestUrl;
            }
            else
            {
                uriParts = UriComponents.PathAndQuery;
            }
            string parts = httpWebRequest.GetRemoteResourceUri().GetParts(uriParts, UriFormat.UriEscaped);

            if (securityContext == null)
            {
                NetworkCredential credential = credentials.GetCredential(httpWebRequest.ChallengedUri, Signature);
                if ((credential == null) || (!(credential is SystemNetworkCredential) && (credential.InternalGetUserName().Length == 0)))
                {
                    return(null);
                }
                ICredentialPolicy credentialPolicy = AuthenticationManager.CredentialPolicy;
                if ((credentialPolicy != null) && !credentialPolicy.ShouldSendCredential(httpWebRequest.ChallengedUri, httpWebRequest, credential, this))
                {
                    return(null);
                }
                string         computeSpn     = httpWebRequest.CurrentAuthenticationState.GetComputeSpn(httpWebRequest);
                ChannelBinding channelBinding = null;
                if (httpWebRequest.CurrentAuthenticationState.TransportContext != null)
                {
                    channelBinding = httpWebRequest.CurrentAuthenticationState.TransportContext.GetChannelBinding(ChannelBindingKind.Endpoint);
                }
                securityContext = new NTAuthentication("WDigest", credential, computeSpn, httpWebRequest, channelBinding);
                httpWebRequest.CurrentAuthenticationState.SetSecurityContext(securityContext, this);
            }
            string str4 = securityContext.GetOutgoingDigestBlob(incomingBlob, httpWebRequest.CurrentMethod.Name, parts, null, false, false, out status);

            if (str4 == null)
            {
                return(null);
            }
            Authorization authorization = new Authorization("Digest " + str4, securityContext.IsCompleted, string.Empty, securityContext.IsMutualAuthFlag);

            if (!preAuthenticate && httpWebRequest.PreAuthenticate)
            {
                HttpDigestChallenge challenge3 = HttpDigest.Interpret(incomingBlob, -1, httpWebRequest);
                string[]            strArray   = (challenge3.Domain == null) ? new string[] { httpWebRequest.ChallengedUri.GetParts(UriComponents.SchemeAndServer, UriFormat.UriEscaped) } : challenge3.Domain.Split(singleSpaceArray);
                authorization.ProtectionRealm = (challenge3.Domain == null) ? null : strArray;
                for (int i = 0; i < strArray.Length; i++)
                {
                    challengeCache.Add(strArray[i], challenge3);
                }
            }
            return(authorization);
        }