public static Authenticate ( string challenge, System request, ICredentials credentials ) : |
||
challenge | string | |
request | System | |
credentials | ICredentials | |
return |
bool CheckAuthorization (WebResponse response, HttpStatusCode code) { authCompleted = false; if (code == HttpStatusCode.Unauthorized && credentials == null) return false; bool isProxy = (code == HttpStatusCode.ProxyAuthenticationRequired); if (isProxy && (proxy == null || proxy.Credentials == null)) return false; string [] authHeaders = response.Headers.GetValues ( (isProxy) ? "Proxy-Authenticate" : "WWW-Authenticate"); if (authHeaders == null || authHeaders.Length == 0) return false; ICredentials creds = (!isProxy) ? credentials : proxy.Credentials; Authorization auth = null; foreach (string authHeader in authHeaders) { auth = AuthenticationManager.Authenticate (authHeader, this, creds); if (auth != null) break; } if (auth == null) return false; webHeaders [(isProxy) ? "Proxy-Authorization" : "Authorization"] = auth.Message; authCompleted = auth.Complete; bool is_ntlm = (auth.Module.AuthenticationType == "NTLM"); if (is_ntlm) ntlm_auth_state = (NtlmAuthState)((int) ntlm_auth_state + 1); return true; }
bool CheckAuthorization(WebResponse response, HttpStatusCode code) { authCompleted = false; if (code == HttpStatusCode.Unauthorized && credentials == null) { return(false); } bool isProxy = (code == HttpStatusCode.ProxyAuthenticationRequired); if (isProxy && (proxy == null || proxy.Credentials == null)) { return(false); } string authHeader = response.Headers [(isProxy) ? "Proxy-Authenticate" : "WWW-Authenticate"]; if (authHeader == null) { return(false); } ICredentials creds = (!isProxy) ? credentials : proxy.Credentials; Authorization auth = AuthenticationManager.Authenticate(authHeader, this, creds); if (auth == null) { return(false); } webHeaders [(isProxy) ? "Proxy-Authorization" : "Authorization"] = auth.Message; authCompleted = auth.Complete; return(true); }
internal bool AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo) { if ((this.Authorization != null) && this.Authorization.Complete) { if (this.IsProxyAuth) { this.ClearAuthReq(httpWebRequest); } return(false); } if (authInfo == null) { return(false); } string challenge = httpWebRequest.AuthHeader(this.AuthenticateHeader); if (challenge == null) { if ((!this.IsProxyAuth && (this.Authorization != null)) && (httpWebRequest.ProxyAuthenticationState.Authorization != null)) { httpWebRequest.Headers.Set(this.AuthorizationHeader, this.Authorization.Message); } return(false); } this.PrepareState(httpWebRequest); try { this.Authorization = AuthenticationManager.Authenticate(challenge, httpWebRequest, authInfo); } catch (Exception) { this.Authorization = null; this.ClearSession(httpWebRequest); throw; } if (this.Authorization == null) { return(false); } if (this.Authorization.Message == null) { this.Authorization = null; return(false); } this.UniqueGroupId = this.Authorization.ConnectionGroupId; try { httpWebRequest.Headers.Set(this.AuthorizationHeader, this.Authorization.Message); } catch { this.Authorization = null; this.ClearSession(httpWebRequest); throw; } return(true); }
internal bool AddProxyAuthHeaders(String challenge) { ICredentials cred; String challengeType = "Basic"; /* default */ Authorization auth; if (proxy == null) { return(false); } if (proxy.Credentials == null) { return(false); } if (challenge == null) { throw new ArgumentNullException("challenge"); } else { int len = challenge.IndexOf(' '); challengeType = (len == -1) ? challenge : challenge.Substring(0, len); } cred = proxy.Credentials.GetCredential(this.Address, challengeType); if (cred == null) { return(false); /* TODO : throw an exception here ? */ } /* I would have added a PreAuthenticate option for this as well * But MS or ECMA doesn't . So I won't -- Gopal */ auth = AuthenticationManager.Authenticate(challenge, this, cred); if (auth == null) { return(false); /* TODO : throw an exception here ? */ } this.Headers["Proxy-Authorization"] = auth.Message; return(true); }
internal bool AddHttpAuthHeaders(String challenge) { ICredentials cred; String challengeType = "Basic"; /* default */ Authorization auth; if (credentials == null) { return(false); } if (challenge == null && !preAuthenticate) { return(false); /* TODO : throw an exception here ? */ } else if (challenge != null) { int len = challenge.IndexOf(' '); challengeType = (len == -1) ? challenge : challenge.Substring(0, len); } cred = credentials.GetCredential(this.Address, challengeType); if (cred == null) { return(false); /* TODO : throw an exception here ? */ } if (preAuthenticate) { auth = AuthenticationManager.PreAuthenticate(this, cred); } else { auth = AuthenticationManager.Authenticate(challenge, this, cred); } if (auth == null) { return(false); /* TODO : throw an exception here ? */ } this.Headers["Authorization"] = auth.Message; return(true); }
private bool CreateTunnel(HttpWebRequest request, Stream stream, out byte[] buffer) { StringBuilder stringBuilder = new StringBuilder(); stringBuilder.Append("CONNECT "); stringBuilder.Append(request.Address.Host); stringBuilder.Append(':'); stringBuilder.Append(request.Address.Port); stringBuilder.Append(" HTTP/"); if (request.ServicePoint.ProtocolVersion == HttpVersion.Version11) { stringBuilder.Append("1.1"); } else { stringBuilder.Append("1.0"); } stringBuilder.Append("\r\nHost: "); stringBuilder.Append(request.Address.Authority); string challenge = Data.Challenge; Data.Challenge = null; bool flag = request.Headers["Proxy-Authorization"] != null; if (flag) { stringBuilder.Append("\r\nProxy-Authorization: "); stringBuilder.Append(request.Headers["Proxy-Authorization"]); } else if (challenge != null && Data.StatusCode == 407) { flag = true; ICredentials credentials = request.Proxy.Credentials; Authorization authorization = AuthenticationManager.Authenticate(challenge, request, credentials); if (authorization != null) { stringBuilder.Append("\r\nProxy-Authorization: "); stringBuilder.Append(authorization.Message); } } stringBuilder.Append("\r\n\r\n"); Data.StatusCode = 0; byte[] bytes = Encoding.Default.GetBytes(stringBuilder.ToString()); stream.Write(bytes, 0, bytes.Length); int num; WebHeaderCollection webHeaderCollection = ReadHeaders(request, stream, out buffer, out num); if (!flag && webHeaderCollection != null && num == 407) { Data.StatusCode = num; Data.Challenge = webHeaderCollection["Proxy-Authenticate"]; return(false); } if (num != 200) { string where = $"The remote server returned a {num} status code."; HandleError(WebExceptionStatus.SecureChannelFailure, null, where); return(false); } return(webHeaderCollection != null); }
bool CreateTunnel(HttpWebRequest request, Stream stream, out byte [] buffer) { StringBuilder sb = new StringBuilder(); sb.Append("CONNECT "); sb.Append(request.Address.Host); sb.Append(':'); sb.Append(request.Address.Port); sb.Append(" HTTP/"); if (request.ServicePoint.ProtocolVersion == HttpVersion.Version11) { sb.Append("1.1"); } else { sb.Append("1.0"); } sb.Append("\r\nHost: "); sb.Append(request.Address.Authority); string challenge = Data.Challenge; Data.Challenge = null; bool have_auth = (request.Headers ["Proxy-Authorization"] != null); if (have_auth) { sb.Append("\r\nProxy-Authorization: "); sb.Append(request.Headers ["Proxy-Authorization"]); } else if (challenge != null && Data.StatusCode == 407) { have_auth = true; ICredentials creds = request.Proxy.Credentials; Authorization auth = AuthenticationManager.Authenticate(challenge, request, creds); if (auth != null) { sb.Append("\r\nProxy-Authorization: "); sb.Append(auth.Message); } } sb.Append("\r\n\r\n"); Data.StatusCode = 0; byte [] connectBytes = Encoding.Default.GetBytes(sb.ToString()); stream.Write(connectBytes, 0, connectBytes.Length); int status; WebHeaderCollection result = ReadHeaders(request, stream, out buffer, out status); if (!have_auth && result != null && status == 407) // Needs proxy auth { Data.StatusCode = status; Data.Challenge = result ["Proxy-Authenticate"]; return(false); } else if (status != 200) { string msg = String.Format("The remote server returned a {0} status code.", status); HandleError(WebExceptionStatus.SecureChannelFailure, null, msg); return(false); } return(result != null); }
bool CreateTunnel(HttpWebRequest request, Uri connectUri, Stream stream, out byte[] buffer) { StringBuilder sb = new StringBuilder(); sb.Append("CONNECT "); sb.Append(request.Address.Host); sb.Append(':'); sb.Append(request.Address.Port); sb.Append(" HTTP/"); if (request.ServicePoint.ProtocolVersion == HttpVersion.Version11) { sb.Append("1.1"); } else { sb.Append("1.0"); } sb.Append("\r\nHost: "); sb.Append(request.Address.Authority); bool ntlm = false; var challenge = Data.Challenge; Data.Challenge = null; var auth_header = request.Headers ["Proxy-Authorization"]; bool have_auth = auth_header != null; if (have_auth) { sb.Append("\r\nProxy-Authorization: "); sb.Append(auth_header); ntlm = auth_header.ToUpper().Contains("NTLM"); } else if (challenge != null && Data.StatusCode == 407) { ICredentials creds = request.Proxy.Credentials; have_auth = true; if (connect_request == null) { // create a CONNECT request to use with Authenticate connect_request = (HttpWebRequest)WebRequest.Create( connectUri.Scheme + "://" + connectUri.Host + ":" + connectUri.Port + "/"); connect_request.Method = "CONNECT"; connect_request.Credentials = creds; } for (int i = 0; i < challenge.Length; i++) { var auth = AuthenticationManager.Authenticate(challenge [i], connect_request, creds); if (auth == null) { continue; } ntlm = (auth.Module.AuthenticationType == "NTLM"); sb.Append("\r\nProxy-Authorization: "); sb.Append(auth.Message); break; } } if (ntlm) { sb.Append("\r\nProxy-Connection: keep-alive"); connect_ntlm_auth_state++; } sb.Append("\r\n\r\n"); Data.StatusCode = 0; byte [] connectBytes = Encoding.Default.GetBytes(sb.ToString()); stream.Write(connectBytes, 0, connectBytes.Length); int status; WebHeaderCollection result = ReadHeaders(stream, out buffer, out status); if ((!have_auth || connect_ntlm_auth_state == NtlmAuthState.Challenge) && result != null && status == 407) // Needs proxy auth { var connectionHeader = result ["Connection"]; if (socket != null && !string.IsNullOrEmpty(connectionHeader) && connectionHeader.ToLower() == "close") { // The server is requesting that this connection be closed socket.Close(); socket = null; } Data.StatusCode = status; Data.Challenge = result.GetValues_internal("Proxy-Authenticate", false); return(false); } else if (status != 200) { string msg = String.Format("The remote server returned a {0} status code.", status); HandleError(WebExceptionStatus.SecureChannelFailure, null, msg); return(false); } return(result != null); }
// // attempts to authenticate the request: // returns true only if it succesfully called into the AuthenticationManager // and got back a valid Authorization and succesfully set the appropriate auth headers // internal bool AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo) { // // Check for previous authentication attempts or the presence of credentials // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() httpWebRequest#" + ValidationHelper.HashString(httpWebRequest) + " AuthorizationHeader:" + AuthorizationHeader.ToString()); if (Authorization != null && Authorization.Complete) { // // here the design gets "dirty". // if this is proxy auth, we might have been challenged by an external // server as well. in this case we will have to clear our previous proxy // auth state before we go any further. this will be broken if the handshake // requires more than one dropped connection (which NTLM is a border case for, // since it droppes the connection on the 1st challenge but not on the second) // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() Authorization!=null Authorization.Complete:" + Authorization.Complete.ToString()); if (IsProxyAuth) { // // so, we got passed a 407 but now we got a 401, the proxy probably // dropped the connection on us so we need to reset our proxy handshake // Consider: this should have been taken care by Update() // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() ProxyAuth cleaning up auth status"); ClearAuthReq(httpWebRequest); } return(false); } if (authInfo == null) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() authInfo==null Authorization#" + ValidationHelper.HashString(Authorization)); return(false); } string challenge = httpWebRequest.AuthHeader(AuthenticateHeader); if (challenge == null) { // // the server sent no challenge, but this might be the case // in which we're succeeding an authorization handshake to // a proxy while a handshake with the server is still in progress. // if the handshake with the proxy is complete and we actually have // a handshake with the server in progress we can send the authorization header for the server as well. // if (!IsProxyAuth && Authorization != null && httpWebRequest.ProxyAuthenticationState.Authorization != null) { httpWebRequest.Headers.Set(AuthorizationHeader, Authorization.Message); } GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() challenge==null Authorization#" + ValidationHelper.HashString(Authorization)); return(false); } // // if the AuthenticationManager throws on Authenticate, // bubble up that Exception to the user // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() challenge:" + challenge); PrepareState(httpWebRequest); try { Authorization = AuthenticationManager.Authenticate(challenge, httpWebRequest, authInfo); } catch (Exception exception) { Authorization = null; GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::PreAuthIfNeeded() PreAuthenticate() returned exception:" + exception.Message); ClearSession(httpWebRequest); throw; } if (Authorization == null) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() Authorization==null"); return(false); } if (Authorization.Message == null) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() Authorization.Message==null"); Authorization = null; return(false); } UniqueGroupId = Authorization.ConnectionGroupId; GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() AuthorizationHeader:" + AuthorizationHeader + " blob: " + Authorization.Message.Length + "bytes Complete:" + Authorization.Complete.ToString()); try { // // a "bad" module could try sending bad characters in the HTTP headers. // catch the exception from WebHeaderCollection.CheckBadChars() // fail the auth process // and return the exception to the user as InnerException // httpWebRequest.Headers.Set(AuthorizationHeader, Authorization.Message); } catch { Authorization = null; ClearSession(httpWebRequest); throw; } return(true); }
// // attempts to authenticate the request: // returns true only if it succesfully called into the AuthenticationManager // and got back a valid Authorization and succesfully set the appropriate auth headers // internal bool AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo) { // // Check for previous authentication attempts or the presence of credentials // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() httpWebRequest#" + ValidationHelper.HashString(httpWebRequest) + " AuthorizationHeader:" + AuthorizationHeader.ToString()); if (Authorization != null && Authorization.Complete) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() Authorization!=null Authorization.Complete:" + Authorization.Complete.ToString()); if (IsProxyAuth) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() ProxyAuth cleaning up auth status"); ClearAuthReq(httpWebRequest); } return(false); } if (authInfo == null) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() authInfo==null Authorization#" + ValidationHelper.HashString(Authorization)); return(false); } string challenge = httpWebRequest.AuthHeader(AuthenticateHeader); if (challenge == null) { // // the server sent no challenge, but this might be the case // in which we're succeeding an authorization handshake to // a proxy while a handshake with the server is still in progress. // if the handshake with the proxy is complete and we actually have // a handshake with the server in progress we can send the authorization header for the server as well. // if (!IsProxyAuth && Authorization != null && httpWebRequest.ProxyAuthenticationState.Authorization != null) { httpWebRequest.Headers.Set(AuthorizationHeader, Authorization.Message); } GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() challenge==null Authorization#" + ValidationHelper.HashString(Authorization)); return(false); } // // if the AuthenticationManager throws on Authenticate, // bubble up that Exception to the user // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() challenge:" + challenge); PrepareState(httpWebRequest); try { Authorization = AuthenticationManager.Authenticate(challenge, httpWebRequest, authInfo); } catch (Exception exception) { Authorization = null; GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::PreAuthIfNeeded() PreAuthenticate() returned exception:" + exception.Message); ClearSession(httpWebRequest); throw; } catch { Authorization = null; GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::PreAuthIfNeeded() PreAuthenticate() returned exception: Non-CLS Compliant Exception"); ClearSession(httpWebRequest); throw; } if (Authorization == null) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() Authorization==null"); return(false); } if (Authorization.Message == null) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() Authorization.Message==null"); Authorization = null; return(false); } UniqueGroupId = Authorization.ConnectionGroupId; GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() AuthorizationHeader:" + AuthorizationHeader + " blob: " + Authorization.Message.Length + "bytes Complete:" + Authorization.Complete.ToString()); try { // // a "bad" module could try sending bad characters in the HTTP headers. // catch the exception from WebHeaderCollection.CheckBadChars() // fail the auth process // and return the exception to the user as InnerException // httpWebRequest.Headers.Set(AuthorizationHeader, Authorization.Message); } catch { Authorization = null; ClearSession(httpWebRequest); throw; } return(true); }
internal async Task Initialize(Stream stream, CancellationToken cancellationToken) { StringBuilder sb = new StringBuilder(); sb.Append("CONNECT "); sb.Append(Request.Address.Host); sb.Append(':'); sb.Append(Request.Address.Port); sb.Append(" HTTP/"); if (Request.ProtocolVersion == HttpVersion.Version11) { sb.Append("1.1"); } else { sb.Append("1.0"); } sb.Append("\r\nHost: "); sb.Append(Request.Address.Authority); bool ntlm = false; var challenge = Challenge; Challenge = null; var auth_header = Request.Headers["Proxy-Authorization"]; bool have_auth = auth_header != null; if (have_auth) { sb.Append("\r\nProxy-Authorization: "); sb.Append(auth_header); ntlm = auth_header.ToUpper().Contains("NTLM"); } else if (challenge != null && StatusCode == 407) { ICredentials creds = Request.Proxy.Credentials; have_auth = true; if (connectRequest == null) { // create a CONNECT request to use with Authenticate connectRequest = (HttpWebRequest)WebRequest.Create( ConnectUri.Scheme + "://" + ConnectUri.Host + ":" + ConnectUri.Port + "/"); connectRequest.Method = "CONNECT"; connectRequest.Credentials = creds; } if (creds != null) { for (int i = 0; i < challenge.Length; i++) { var auth = AuthenticationManager.Authenticate(challenge[i], connectRequest, creds); if (auth == null) { continue; } ntlm = (auth.ModuleAuthenticationType == "NTLM"); sb.Append("\r\nProxy-Authorization: "); sb.Append(auth.Message); break; } } } if (ntlm) { sb.Append("\r\nProxy-Connection: keep-alive"); ntlmAuthState++; } sb.Append("\r\n\r\n"); StatusCode = 0; byte[] connectBytes = Encoding.Default.GetBytes(sb.ToString()); await stream.WriteAsync(connectBytes, 0, connectBytes.Length, cancellationToken).ConfigureAwait(false); (Headers, Data, StatusCode) = await ReadHeaders(stream, cancellationToken).ConfigureAwait(false); if ((!have_auth || ntlmAuthState == NtlmAuthState.Challenge) && Headers != null && StatusCode == 407) // Needs proxy auth { var connectionHeader = Headers["Connection"]; if (!string.IsNullOrEmpty(connectionHeader) && connectionHeader.ToLower() == "close") { // The server is requesting that this connection be closed CloseConnection = true; } Challenge = Headers.GetValues("Proxy-Authenticate"); Success = false; } else { Success = StatusCode == 200 && Headers != null; } if (Challenge == null && (StatusCode == 401 || StatusCode == 407)) { var response = new HttpWebResponse(ConnectUri, "CONNECT", (HttpStatusCode)StatusCode, Headers); throw new WebException( StatusCode == 407 ? "(407) Proxy Authentication Required" : "(401) Unauthorized", null, WebExceptionStatus.ProtocolError, response); } }