//
//
//
internal SpnToken GetComputeSpn(HttpWebRequest httpWebRequest)
{
if (ChallengedSpn != null)
{
return(ChallengedSpn);
}
bool trustNewHost = true; // Assume trusted unless proven otherwise
string spnKey = httpWebRequest.ChallengedUri.GetParts(UriComponents.Scheme | UriComponents.Host | UriComponents.Port | UriComponents.Path, UriFormat.SafeUnescaped);
SpnToken spnToken = AuthenticationManager.SpnDictionary.InternalGet(spnKey);
if (spnToken == null || spnToken.Spn == null)
{
string host;
if (!IsProxyAuth && (httpWebRequest.ServicePoint.InternalProxyServicePoint || httpWebRequest.UseCustomHost))
{
// Here the NT-Security folks need us to attempt a DNS lookup to figure out
// the FQDN. only do the lookup for short names (no IP addresses or DNS names)
//
// Initialize a backup value
host = httpWebRequest.ChallengedUri.Host;
// This host comes from the request/user, assume Trusted unless proven otherwise.
if (httpWebRequest.ChallengedUri.HostNameType != UriHostNameType.IPv6 &&
httpWebRequest.ChallengedUri.HostNameType != UriHostNameType.IPv4 &&
host.IndexOf('.') == -1)
{
try {
//
IPHostEntry result;
if (Dns.TryInternalResolve(host, out result))
{
host = result.HostName;
trustNewHost &= result.isTrustedHost; // Can only lose trust
}
}
catch (Exception exception) {
if (NclUtilities.IsFatal(exception))
{
throw;
}
GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::GetComputeSpn() GetHostByName(host) failed:" + ValidationHelper.ToString(exception));
}
}
}
else
{
// For this cases we already did a DNS lookup
//
host = httpWebRequest.ServicePoint.Hostname;
trustNewHost &= httpWebRequest.ServicePoint.IsTrustedHost; // Can only lose trust
}
string spn = "HTTP/" + host;
spnKey = httpWebRequest.ChallengedUri.GetParts(UriComponents.SchemeAndServer, UriFormat.SafeUnescaped) + "/";
spnToken = new SpnToken(spn, trustNewHost);
AuthenticationManager.SpnDictionary.InternalSet(spnKey, spnToken);
}
ChallengedSpn = spnToken;
return(ChallengedSpn);
}
internal void Resolve()
{
//
// if we already resolved this name then don't do it again
//
if (cached)
{
return;
}
//
// IP wildcards are not resolved
//
if (wildcard)
{
return;
}
//
// IP addresses with wildcards are allowed in permissions
//
if (IsValidWildcard)
{
wildcard = true;
cached = true;
return;
}
//
// Check if the permission was specified as numeric IP.
//
IPAddress ipaddr;
if (IPAddress.TryParse(hostname, out ipaddr))
{
address = new IPAddress[1];
address[0] = ipaddr;
cached = true;
return;
}
//
// Not numeric: use GetHostByName to determine addresses
//
try {
IPHostEntry ipHostEntry;
if (Dns.TryInternalResolve(hostname, out ipHostEntry))
{
address = ipHostEntry.AddressList;
}
// NB: It never caches DNS responses
//
}
catch (SecurityException) {
throw;
}
catch {
// ignore second exception
}
}
