Inheritance: SafeHandleZeroOrMinusOneIsInvalid
        public Authorization Authenticate(string challenge, NetworkCredential credential, object sessionCookie, string spn, ChannelBinding channelBindingToken)
        {

            lock (this.sessions)
            {
                NTAuthentication clientContext = this.sessions[sessionCookie] as NTAuthentication;
                if (clientContext == null)
                {
                    if (credential == null){
                        return null;
                    }
                    // 


                   

                    this.sessions[sessionCookie] = clientContext = new NTAuthentication(false, "WDigest", credential, spn, ContextFlags.Connection, channelBindingToken);
                }

                string resp = clientContext.GetOutgoingBlob(challenge);

                if (!clientContext.IsCompleted)
                {
                    return new Authorization(resp, false);
                }
                else
                {
                    this.sessions.Remove(sessionCookie);
                    return new Authorization(resp, true);
                }
            }
        }
Esempio n. 2
0
        private void Initialize(bool isServer, string package, NetworkCredential credential, string spn, ContextFlagsPal requestedContextFlags, ChannelBinding channelBinding)
        {
            if (NetEventSource.IsEnabled) NetEventSource.Enter(this, package, spn, requestedContextFlags);

            _tokenSize = NegotiateStreamPal.QueryMaxTokenSize(package);
            _isServer = isServer;
            _spn = spn;
            _securityContext = null;
            _requestedContextFlags = requestedContextFlags;
            _package = package;
            _channelBinding = channelBinding;

            if (NetEventSource.IsEnabled) NetEventSource.Info(this, $"Peer SPN-> '{_spn}'");

            //
            // Check if we're using DefaultCredentials.
            //

            Debug.Assert(CredentialCache.DefaultCredentials == CredentialCache.DefaultNetworkCredentials);
            if (credential == CredentialCache.DefaultCredentials)
            {
                if (NetEventSource.IsEnabled) NetEventSource.Info(this, "using DefaultCredentials");
                _credentialsHandle = NegotiateStreamPal.AcquireDefaultCredential(package, _isServer);
            }
            else
            {
                _credentialsHandle = NegotiateStreamPal.AcquireCredentialsHandle(package, _isServer, credential);
            }
        }
 protected override Stream OnAcceptUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity)
 {
     SslStream stream2 = new SslStream(stream, false, new RemoteCertificateValidationCallback(this.ValidateRemoteCertificate));
     try
     {
         stream2.AuthenticateAsServer(this.parent.ServerCertificate, this.parent.RequireClientCertificate, SslProtocols.Default, false);
     }
     catch (AuthenticationException exception)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message, exception));
     }
     catch (IOException exception2)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NegotiationFailedIO", new object[] { exception2.Message }), exception2));
     }
     if (System.ServiceModel.Security.SecurityUtils.ShouldValidateSslCipherStrength())
     {
         System.ServiceModel.Security.SecurityUtils.ValidateSslCipherStrength(stream2.CipherStrength);
     }
     remoteSecurity = this.clientSecurity;
     if (this.IsChannelBindingSupportEnabled)
     {
         this.channelBindingToken = ChannelBindingUtility.GetToken(stream2);
     }
     return stream2;
 }
        protected override Stream OnAcceptUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity)
        {
            SslStream stream2 = new SslStream(stream, false, new RemoteCertificateValidationCallback(this.ValidateRemoteCertificate));

            try
            {
                stream2.AuthenticateAsServer(this.parent.ServerCertificate, this.parent.RequireClientCertificate, SslProtocols.Default, false);
            }
            catch (AuthenticationException exception)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message, exception));
            }
            catch (IOException exception2)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NegotiationFailedIO", new object[] { exception2.Message }), exception2));
            }
            if (System.ServiceModel.Security.SecurityUtils.ShouldValidateSslCipherStrength())
            {
                System.ServiceModel.Security.SecurityUtils.ValidateSslCipherStrength(stream2.CipherStrength);
            }
            remoteSecurity = this.clientSecurity;
            if (this.IsChannelBindingSupportEnabled)
            {
                this.channelBindingToken = ChannelBindingUtility.GetToken(stream2);
            }
            return(stream2);
        }
 public static ChannelBinding DuplicateToken(ChannelBinding source)
 {
     if (source == null)
     {
         return null;
     }
     return DuplicatedChannelBinding.CreateCopy(source);
 }
 public ServerSingletonConnectionReader(ServerSingletonPreambleConnectionReader preambleReader, IConnection upgradedConnection, ConnectionDemuxer connectionDemuxer) : base(upgradedConnection, preambleReader.BufferOffset, preambleReader.BufferSize, preambleReader.Security, preambleReader.TransportSettings, preambleReader.Via)
 {
     this.decoder = preambleReader.Decoder;
     this.contentType = this.decoder.ContentType;
     this.connectionDemuxer = connectionDemuxer;
     this.rawConnection = preambleReader.RawConnection;
     this.channelBindingToken = preambleReader.ChannelBinding;
 }
 protected override void OnClosed()
 {
     base.OnClosed();
     if (this.channelBindingToken != null)
     {
         this.channelBindingToken.Close();
         this.channelBindingToken = null;
     }
 }
 public static void TryAddToMessage(ChannelBinding channelBindingToken, Message message, bool messagePropertyOwnsCleanup)
 {
     if (channelBindingToken != null)
     {
         ChannelBindingMessageProperty property = new ChannelBindingMessageProperty(channelBindingToken, messagePropertyOwnsCleanup);
         property.AddTo(message);
         property.Dispose(); //message.Properties.Add() creates a copy...
     }
 }
 protected override void OnClosed()
 {
     base.OnClosed();
     if (this.channelBindingToken != null)
     {
         this.channelBindingToken.Close();
         this.channelBindingToken = null;
     }
 }
 public static void Dispose(ref ChannelBinding channelBinding)
 {
     // Explicitly cast to IDisposable to avoid the SecurityException.
     IDisposable disposable = (IDisposable)channelBinding;
     channelBinding = null;
     if (disposable != null)
     {
         disposable.Dispose();
     }
 }
 public Authorization Authenticate(string challenge, NetworkCredential credential, object sessionCookie, string spn, ChannelBinding channelBindingToken)
 {
     Authorization authorization;
     if (Logging.On)
     {
         Logging.Enter(Logging.Web, this, "Authenticate", (string) null);
     }
     try
     {
         lock (this.sessions)
         {
             NTAuthentication clientContext = this.sessions[sessionCookie] as NTAuthentication;
             if (clientContext == null)
             {
                 if (credential == null)
                 {
                     return null;
                 }
                 this.sessions[sessionCookie] = clientContext = new NTAuthentication(false, "Negotiate", credential, spn, ContextFlags.AcceptStream | ContextFlags.Connection, channelBindingToken);
             }
             string token = null;
             if (!clientContext.IsCompleted)
             {
                 SecurityStatus status;
                 byte[] incomingBlob = null;
                 if (challenge != null)
                 {
                     incomingBlob = Convert.FromBase64String(challenge);
                 }
                 byte[] inArray = clientContext.GetOutgoingBlob(incomingBlob, false, out status);
                 if (clientContext.IsCompleted && (inArray == null))
                 {
                     token = "\r\n";
                 }
                 if (inArray != null)
                 {
                     token = Convert.ToBase64String(inArray);
                 }
             }
             else
             {
                 token = this.GetSecurityLayerOutgoingBlob(challenge, clientContext);
             }
             authorization = new Authorization(token, clientContext.IsCompleted);
         }
     }
     finally
     {
         if (Logging.On)
         {
             Logging.Exit(Logging.Web, this, "Authenticate", (string) null);
         }
     }
     return authorization;
 }
 public ChannelBindingMessageProperty(System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding, bool ownsCleanup)
 {
     if (channelBinding == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("channelBinding");
     }
     this.refCount = 1;
     this.thisLock = new object();
     this.channelBinding = channelBinding;
     this.ownsCleanup = ownsCleanup;
 }
Esempio n. 13
0
 public ChannelBindingMessageProperty(System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding, bool ownsCleanup)
 {
     if (channelBinding == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("channelBinding");
     }
     this.refCount       = 1;
     this.thisLock       = new object();
     this.channelBinding = channelBinding;
     this.ownsCleanup    = ownsCleanup;
 }
 public void CheckChannelBinding(ChannelBinding channelBinding)
 {
     if (channelBinding != null)
     {
         Assert.True(!channelBinding.IsInvalid, "Channel binding token should be marked as a valid SafeHandle.");
         Assert.True(channelBinding.Size > 0, "Number of bytes in a valid channel binding token should be greater than zero.");
         var bytes = new byte[channelBinding.Size];
         Marshal.Copy(channelBinding.DangerousGetHandle(), bytes, 0, channelBinding.Size);
         Assert.Equal(channelBinding.Size, bytes.Length);
     }
 }
        public ChannelBindingMessageProperty(ChannelBinding channelBinding, bool ownsCleanup)
        {
            if (channelBinding == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("channelBinding");
            }

            _refCount = 1;
            _thisLock = new object();
            _channelBinding = channelBinding;
            _ownsCleanup = ownsCleanup;
        }
Esempio n. 16
0
 internal void ValidateCreateContext(
                                     string package,
                                     bool isServer,
                                     NetworkCredential credential,
                                     string servicePrincipalName,
                                     ChannelBinding channelBinding,
                                     ProtectionLevel protectionLevel,
                                     TokenImpersonationLevel impersonationLevel
                                     )
 {
     throw new PlatformNotSupportedException();
 }
 public WebResponseHttpInput(HttpWebResponse httpWebResponse, IHttpTransportFactorySettings settings, System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding) : base(settings, false, channelBinding != null)
 {
     this.channelBinding  = channelBinding;
     this.httpWebResponse = httpWebResponse;
     if (this.httpWebResponse.ContentLength == -1L)
     {
         this.preReadBuffer = new byte[1];
         if (this.httpWebResponse.GetResponseStream().Read(this.preReadBuffer, 0, 1) == 0)
         {
             this.preReadBuffer = null;
         }
     }
 }
 public ExtendedProtectionPolicyHelper(System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
 {
     this._channelBinding        = channelBinding;
     this._serviceNameCollection = null;
     this._checkServiceBinding   = true;
     if (extendedProtectionPolicy != null)
     {
         this._policyEnforcement     = extendedProtectionPolicy.PolicyEnforcement;
         this._protectionScenario    = extendedProtectionPolicy.ProtectionScenario;
         this._serviceNameCollection = extendedProtectionPolicy.CustomServiceNames;
     }
     if (this._policyEnforcement == System.Security.Authentication.ExtendedProtection.PolicyEnforcement.Never)
     {
         this._checkServiceBinding = false;
     }
 }
 public ExtendedProtectionPolicyHelper(System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
 {
     this._channelBinding = channelBinding;
     this._serviceNameCollection = null;
     this._checkServiceBinding = true;
     if (extendedProtectionPolicy != null)
     {
         this._policyEnforcement = extendedProtectionPolicy.PolicyEnforcement;
         this._protectionScenario = extendedProtectionPolicy.ProtectionScenario;
         this._serviceNameCollection = extendedProtectionPolicy.CustomServiceNames;
     }
     if (this._policyEnforcement == System.Security.Authentication.ExtendedProtection.PolicyEnforcement.Never)
     {
         this._checkServiceBinding = false;
     }
 }
        public ExtendedProtectionPolicy(PolicyEnforcement policyEnforcement,
                                        ChannelBinding customChannelBinding)
        {
            if (policyEnforcement == PolicyEnforcement.Never)
            {
                throw new ArgumentException(SR.GetString(SR.security_ExtendedProtectionPolicy_UseDifferentConstructorForNever), "policyEnforcement");
            }
            if (customChannelBinding == null)
            {
                throw new ArgumentNullException("customChannelBinding");
            }

            this.policyEnforcement = policyEnforcement;
            this.protectionScenario = ProtectionScenario.TransportSelected;
            this.customChannelBinding = customChannelBinding;
        }
Esempio n. 21
0
        public ExtendedProtectionPolicy(PolicyEnforcement policyEnforcement,
                                        ChannelBinding customChannelBinding)
        {
            if (policyEnforcement == PolicyEnforcement.Never)
            {
                throw new ArgumentException(SR.security_ExtendedProtectionPolicy_UseDifferentConstructorForNever, nameof(policyEnforcement));
            }

            if (customChannelBinding == null)
            {
                throw new ArgumentNullException(nameof(customChannelBinding));
            }

            _policyEnforcement = policyEnforcement;
            _protectionScenario = ProtectionScenario.TransportSelected;
            _customChannelBinding = customChannelBinding;
        }
        public Authorization Authenticate(string challenge, NetworkCredential credential, object sessionCookie, string spn, ChannelBinding channelBindingToken)
        {
            if (NetEventSource.IsEnabled) NetEventSource.Enter(this, "Authenticate");
            try
            {
                lock (_sessions)
                {
                    NTAuthentication clientContext;
                    if (!_sessions.TryGetValue(sessionCookie, out clientContext))
                    {
                        if (credential == null)
                        {
                            return null;
                        }

                        _sessions[sessionCookie] =
                            clientContext =
                            new NTAuthentication(false, "Ntlm", credential, spn, ContextFlagsPal.Connection, channelBindingToken);

                    }

                    string resp = clientContext.GetOutgoingBlob(challenge);

                    if (!clientContext.IsCompleted)
                    {
                        return new Authorization(resp, false);
                    }
                    else
                    {
                        _sessions.Remove(sessionCookie);
                        return new Authorization(resp, true);
                    }
                }
            }
            // From reflected type NTAuthentication in System.Net.Security.
            catch (NullReferenceException)
            {
                return null;
            }
            finally
            {
                if (NetEventSource.IsEnabled) NetEventSource.Exit(this, "Authenticate");
            }
        }
 public Authorization Authenticate(string challenge, NetworkCredential credential, object sessionCookie, string spn, ChannelBinding channelBindingToken)
 {
     Authorization authorization;
     if (Logging.On)
     {
         Logging.Enter(Logging.Web, this, "Authenticate", (string) null);
     }
     try
     {
         lock (this.sessions)
         {
             NetworkCredential credential2 = this.sessions[sessionCookie] as NetworkCredential;
             if (credential2 == null)
             {
                 if ((credential == null) || (credential is SystemNetworkCredential))
                 {
                     return null;
                 }
                 this.sessions[sessionCookie] = credential;
                 string userName = credential.UserName;
                 string domain = credential.Domain;
                 if ((domain != null) && (domain.Length > 0))
                 {
                     userName = domain + @"\" + userName;
                 }
                 return new Authorization(Convert.ToBase64String(Encoding.UTF8.GetBytes(userName)), false);
             }
             this.sessions.Remove(sessionCookie);
             authorization = new Authorization(Convert.ToBase64String(Encoding.UTF8.GetBytes(credential2.Password)), true);
         }
     }
     finally
     {
         if (Logging.On)
         {
             Logging.Exit(Logging.Web, this, "Authenticate", (string) null);
         }
     }
     return authorization;
 }
        protected override Stream OnInitiateUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity)
        {
            X509CertificateCollection         clientCertificates = null;
            LocalCertificateSelectionCallback userCertificateSelectionCallback = null;

            if (this.clientToken != null)
            {
                clientCertificates = new X509CertificateCollection();
                clientCertificates.Add(this.clientToken.Certificate);
                userCertificateSelectionCallback = ClientCertificateSelectionCallback;
            }
            SslStream stream2 = new SslStream(stream, false, new RemoteCertificateValidationCallback(this.ValidateRemoteCertificate), userCertificateSelectionCallback);

            try
            {
                stream2.AuthenticateAsClient(string.Empty, clientCertificates, SslProtocols.Default, false);
            }
            catch (SecurityTokenValidationException exception)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message, exception));
            }
            catch (AuthenticationException exception2)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception2.Message, exception2));
            }
            catch (IOException exception3)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NegotiationFailedIO", new object[] { exception3.Message }), exception3));
            }
            if (System.ServiceModel.Security.SecurityUtils.ShouldValidateSslCipherStrength())
            {
                System.ServiceModel.Security.SecurityUtils.ValidateSslCipherStrength(stream2.CipherStrength);
            }
            remoteSecurity = this.serverSecurity;
            if (this.IsChannelBindingSupportEnabled)
            {
                this.channelBindingToken = ChannelBindingUtility.GetToken(stream2);
            }
            return(stream2);
        }
        public Authorization Authenticate(string challenge, NetworkCredential credential, object sessionCookie, string spn, ChannelBinding channelBindingToken)
        {
            if (NetEventSource.Log.IsEnabled()) NetEventSource.Enter(NetEventSource.ComponentType.Web, this, nameof(Authenticate), null);
            try
            {
                lock (_sessions)
                {
                    NetworkCredential cachedCredential;
                    if (!_sessions.TryGetValue(sessionCookie, out cachedCredential))
                    {
                        if (credential == null || ReferenceEquals(credential, CredentialCache.DefaultNetworkCredentials))
                        {
                            return null;
                        }

                        _sessions[sessionCookie] = credential;

                        string userName = credential.UserName;
                        string domain = credential.Domain;

                        if (domain != null && domain.Length > 0)
                        {
                            userName = domain + "\\" + userName;
                        }

                        return new Authorization(Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(userName)), false);
                    }
                    else
                    {
                        _sessions.Remove(sessionCookie);

                        return new Authorization(Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(cachedCredential.Password)), true);
                    }
                }
            }
            finally
            {
                if (NetEventSource.Log.IsEnabled()) NetEventSource.Exit(NetEventSource.ComponentType.Web, this, "Authenticate", null);
            }
        }
 public Authorization Authenticate(string challenge, NetworkCredential credential, object sessionCookie, string spn, ChannelBinding channelBindingToken)
 {
     lock (this.sessions)
     {
         NTAuthentication authentication = this.sessions[sessionCookie] as NTAuthentication;
         if (authentication == null)
         {
             if (credential == null)
             {
                 return null;
             }
             this.sessions[sessionCookie] = authentication = new NTAuthentication(false, "WDigest", credential, spn, ContextFlags.Connection, channelBindingToken);
         }
         string outgoingBlob = authentication.GetOutgoingBlob(challenge);
         if (!authentication.IsCompleted)
         {
             return new Authorization(outgoingBlob, false);
         }
         this.sessions.Remove(sessionCookie);
         return new Authorization(outgoingBlob, true);
     }
 }
        public Authorization Authenticate(string challenge, NetworkCredential credential, object sessionCookie, string spn, ChannelBinding channelBindingToken)
        {
            if(Logging.On)Logging.Enter(Logging.Web, this, "Authenticate", null);
            try {
                lock (this.sessions)
                {
                    NetworkCredential cachedCredential = sessions[sessionCookie] as NetworkCredential;
                    if (cachedCredential == null)
                    {
                        if (credential == null  || credential is SystemNetworkCredential)
                        {
                            return null;
                        }

                        sessions[sessionCookie] = credential;

                        string userName = credential.UserName;
                        string domain = credential.Domain;

                        if (domain!=null && domain.Length > 0) {
                            userName = domain + "\\" + userName;
                        }

                        // 
                        return new Authorization(Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(userName)), false);
                    }
                    else
                    {
                        this.sessions.Remove(sessionCookie);

                        // 
                        return new Authorization(Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(cachedCredential.Password)), true);
                    }
                }
            } finally {
                if(Logging.On)Logging.Exit(Logging.Web, this, "Authenticate", null);
            }
        }
Esempio n. 28
0
        private IAsyncResult BeginAuthenticateAsClient(
            NetworkCredential credential,
            ChannelBinding binding,
            string targetName,
            ProtectionLevel requiredProtectionLevel,
            TokenImpersonationLevel allowedImpersonationLevel,
            AsyncCallback asyncCallback,
            object asyncState)
        {
#if DEBUG
            using (GlobalLog.SetThreadKind(ThreadKinds.User | ThreadKinds.Async))
            {
#endif
                _negoState.ValidateCreateContext(_package, false, credential, targetName, binding, requiredProtectionLevel, allowedImpersonationLevel);

                LazyAsyncResult result = new LazyAsyncResult(_negoState, asyncState, asyncCallback);
                _negoState.ProcessAuthentication(result);

                return result;
#if DEBUG
            }
#endif
        }
 private void Initialize(bool isServer, string package, NetworkCredential credential, string spn, ContextFlags requestedContextFlags, System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding)
 {
     this.m_TokenSize             = SSPIWrapper.GetVerifyPackageInfo(GlobalSSPI.SSPIAuth, package, true).MaxToken;
     this.m_IsServer              = isServer;
     this.m_Spn                   = spn;
     this.m_SecurityContext       = null;
     this.m_RequestedContextFlags = requestedContextFlags;
     this.m_Package               = package;
     this.m_ChannelBinding        = channelBinding;
     if (credential is SystemNetworkCredential)
     {
         this.m_CredentialsHandle = SSPIWrapper.AcquireDefaultCredential(GlobalSSPI.SSPIAuth, package, this.m_IsServer ? CredentialUse.Inbound : CredentialUse.Outbound);
         this.m_UniqueUserId      = "/S";
     }
     else
     {
         string       userName = credential.InternalGetUserName();
         string       domain   = credential.InternalGetDomain();
         AuthIdentity authdata = new AuthIdentity(userName, credential.InternalGetPassword(), ((package == "WDigest") && ((domain == null) || (domain.Length == 0))) ? null : domain);
         this.m_UniqueUserId      = domain + "/" + userName + "/U";
         this.m_CredentialsHandle = SSPIWrapper.AcquireCredentialsHandle(GlobalSSPI.SSPIAuth, package, this.m_IsServer ? CredentialUse.Inbound : CredentialUse.Outbound, ref authdata);
     }
 }
Esempio n. 30
0
 public virtual Task AuthenticateAsClientAsync(
     NetworkCredential credential, ChannelBinding binding,
     string targetName, ProtectionLevel requiredProtectionLevel,
     TokenImpersonationLevel allowedImpersonationLevel)
 {
     return Task.Factory.FromAsync((callback, state) => BeginAuthenticateAsClient(credential, binding, targetName, requiredProtectionLevel, allowedImpersonationLevel, callback, state), EndAuthenticateAsClient, null);
 }
Esempio n. 31
0
 public virtual Task AuthenticateAsClientAsync(NetworkCredential credential, ChannelBinding binding, string targetName)
 {
     return Task.Factory.FromAsync(BeginAuthenticateAsClient, EndAuthenticateAsClient, credential, binding, targetName, null);
 }
Esempio n. 32
0
            internal AuthenticateCallbackContext(SmtpConnection thisPtr, ISmtpAuthenticationModule module, NetworkCredential credential, string spn, ChannelBinding Token)
            {
                _thisPtr = thisPtr;
                _module = module;
                _credential = credential;
                _spn = spn;
                _token = Token;

                _result = null;
            }
 public SecurityBuffer(ChannelBinding binding)
 {
     this.size = (binding == null) ? 0 : binding.Size;
     this.type = BufferType.ChannelBindings;
     this.unmanagedToken = binding;
 }
 public ChannelBindingNameTraceRecord(ExtendedProtectionPolicyHelper policyHelper, bool isServer, ChannelBinding channelBinding)
     : base("SpNegoChannelBindingInformation")
 {
     this.policyHelper = policyHelper;
     this.isServer = isServer;
     this.channelBindingUsed = false;
     this.channelBinding = channelBinding;
 }
        public IConnection CompletePreamble(TimeSpan timeout)
        {
            int           num;
            TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);

            if (!this.transportSettings.MessageEncoderFactory.Encoder.IsContentTypeSupported(this.decoder.ContentType))
            {
                this.SendFault("http://schemas.microsoft.com/ws/2006/05/framing/faults/ContentTypeInvalid", ref timeoutHelper);
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ProtocolException(System.ServiceModel.SR.GetString("ContentTypeMismatch", new object[] { this.decoder.ContentType, this.transportSettings.MessageEncoderFactory.Encoder.ContentType })));
            }
            StreamUpgradeAcceptor upgradeAcceptor         = null;
            StreamUpgradeProvider upgrade                 = this.transportSettings.Upgrade;
            IStreamUpgradeChannelBindingProvider property = null;

            if (upgrade != null)
            {
                property        = upgrade.GetProperty <IStreamUpgradeChannelBindingProvider>();
                upgradeAcceptor = upgrade.CreateUpgradeAcceptor();
            }
            IConnection connection = base.Connection;

Label_00B1:
            if (this.size == 0)
            {
                this.offset = 0;
                this.size   = connection.Read(this.connectionBuffer, 0, this.connectionBuffer.Length, timeoutHelper.RemainingTime());
                if (this.size == 0)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(this.decoder.CreatePrematureEOFException());
                }
            }
Label_0101:
            num = this.decoder.Decode(this.connectionBuffer, this.offset, this.size);
            if (num > 0)
            {
                this.offset += num;
                this.size   -= num;
            }
            switch (this.decoder.CurrentState)
            {
            case ServerSingletonDecoder.State.UpgradeRequest:
            {
                if (upgradeAcceptor == null)
                {
                    this.SendFault("http://schemas.microsoft.com/ws/2006/05/framing/faults/UpgradeInvalid", ref timeoutHelper);
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ProtocolException(System.ServiceModel.SR.GetString("UpgradeRequestToNonupgradableService", new object[] { this.decoder.Upgrade })));
                }
                if (!upgradeAcceptor.CanUpgrade(this.decoder.Upgrade))
                {
                    this.SendFault("http://schemas.microsoft.com/ws/2006/05/framing/faults/UpgradeInvalid", ref timeoutHelper);
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ProtocolException(System.ServiceModel.SR.GetString("UpgradeProtocolNotSupported", new object[] { this.decoder.Upgrade })));
                }
                connection.Write(ServerSingletonEncoder.UpgradeResponseBytes, 0, ServerSingletonEncoder.UpgradeResponseBytes.Length, true, timeoutHelper.RemainingTime());
                IConnection innerConnection = connection;
                if (this.size > 0)
                {
                    innerConnection = new PreReadConnection(innerConnection, this.connectionBuffer, this.offset, this.size);
                }
                try
                {
                    connection            = InitialServerConnectionReader.UpgradeConnection(innerConnection, upgradeAcceptor, this.transportSettings);
                    this.connectionBuffer = connection.AsyncReadBuffer;
                    if ((property != null) && property.IsChannelBindingSupportEnabled)
                    {
                        this.channelBindingToken = property.GetChannelBinding(upgradeAcceptor, ChannelBindingKind.Endpoint);
                    }
                    goto Label_02C0;
                }
                catch (Exception exception)
                {
                    if (Fx.IsFatal(exception))
                    {
                        throw;
                    }
                    this.WriteAuditFailure(upgradeAcceptor as StreamSecurityUpgradeAcceptor, exception);
                    throw;
                }
                break;
            }

            case ServerSingletonDecoder.State.Start:
                break;

            default:
                goto Label_02C0;
            }
            this.SetupSecurityIfNecessary(upgradeAcceptor);
            connection.Write(ServerSessionEncoder.AckResponseBytes, 0, ServerSessionEncoder.AckResponseBytes.Length, true, timeoutHelper.RemainingTime());
            return(connection);

Label_02C0:
            if (this.size != 0)
            {
                goto Label_0101;
            }
            goto Label_00B1;
        }
 internal NTAuthentication(bool isServer, string package, NetworkCredential credential, string spn, ContextFlags requestedContextFlags, System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding)
 {
     this.Initialize(isServer, package, credential, spn, requestedContextFlags, channelBinding);
 }
 internal NTAuthentication(bool isServer, string package, string spn, ContextFlags requestedContextFlags, System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding)
 {
     try
     {
         using (WindowsIdentity.Impersonate(IntPtr.Zero))
         {
             this.Initialize(isServer, package, SystemNetworkCredential.defaultCredential, spn, requestedContextFlags, channelBinding);
         }
     }
     catch
     {
         throw;
     }
 }
 protected void SetChannelBinding(System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding)
 {
     this.channelBindingToken = channelBinding;
 }
Esempio n. 39
0
 private IAsyncResult BeginAuthenticateAsClient(NetworkCredential credential, ChannelBinding binding, string targetName, AsyncCallback asyncCallback, object asyncState)
 {
     return BeginAuthenticateAsClient(credential, binding, targetName,
                                      ProtectionLevel.EncryptAndSign, TokenImpersonationLevel.Identification,
                                      asyncCallback, asyncState);
 }
 public ExtendedProtectionPolicy(System.Security.Authentication.ExtendedProtection.PolicyEnforcement policyEnforcement, ChannelBinding customChannelBinding)
 {
     if (policyEnforcement == System.Security.Authentication.ExtendedProtection.PolicyEnforcement.Never)
     {
         throw new ArgumentException(SR.GetString("security_ExtendedProtectionPolicy_UseDifferentConstructorForNever"), "policyEnforcement");
     }
     if (customChannelBinding == null)
     {
         throw new ArgumentNullException("customChannelBinding");
     }
     this.policyEnforcement    = policyEnforcement;
     this.protectionScenario   = System.Security.Authentication.ExtendedProtection.ProtectionScenario.TransportSelected;
     this.customChannelBinding = customChannelBinding;
 }
 internal NTAuthentication(string package, NetworkCredential networkCredential, string spn, WebRequest request, System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding) : this(false, package, networkCredential, spn, GetHttpContextFlags(request), request.GetWritingContext(), channelBinding)
 {
     if ((package == "NTLM") || (package == "Negotiate"))
     {
         this.m_UniqueUserId = Interlocked.Increment(ref s_UniqueGroupId).ToString(NumberFormatInfo.InvariantInfo) + this.m_UniqueUserId;
     }
 }
        public byte[] GetOutgoingBlob(byte[] incomingBlob, ChannelBinding channelbinding, ExtendedProtectionPolicy protectionPolicy)
        {
            ThrowIfDisposed();
            SecurityBuffer incomingSecurity = null;
            if (incomingBlob != null)
            {
                incomingSecurity = new SecurityBuffer(incomingBlob, BufferType.Token);
            }

            SecurityBuffer outgoingSecurity = new SecurityBuffer(null, BufferType.Token);
            this.remoteCertificate = null;
            int statusCode = 0;
            if (this.isServer == true)
            {
                statusCode = SspiWrapper.AcceptSecurityContext(
                    this.credentialsHandle,
                    ref this.securityContext,
                    ServerStandardFlags | (this.clientCertRequired ? SspiContextFlags.MutualAuth : SspiContextFlags.Zero),
                    Endianness.Native,
                    incomingSecurity,
                    outgoingSecurity,
                    ref this.attributes
                    );

            }
            else
            {
                statusCode = SspiWrapper.InitializeSecurityContext(
                    this.credentialsHandle,
                    ref this.securityContext,
                    this.destination,
                    ClientStandardFlags,
                    Endianness.Native,
                    incomingSecurity,
                    outgoingSecurity,
                    ref this.attributes
                    );
            }

            if ((statusCode & unchecked((int)0x80000000)) != 0)
            {
                this.Dispose();
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(statusCode));
            }

            if (statusCode == (int)SecurityStatus.OK)
            {
                // we're done
                // ensure that the key negotiated is strong enough
                if (SecurityUtils.ShouldValidateSslCipherStrength())
                {
                    SslConnectionInfo connectionInfo = (SslConnectionInfo)SspiWrapper.QueryContextAttributes(this.securityContext, ContextAttribute.ConnectionInfo);
                    if (connectionInfo == null)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.CannotObtainSslConnectionInfo)));
                    }
                    SecurityUtils.ValidateSslCipherStrength(connectionInfo.DataKeySize);
                }
                this.isCompleted = true;
            }
            else if (statusCode == (int)SecurityStatus.CredentialsNeeded)
            {
                // the server requires the client to supply creds
                // Currently we dont attempt to find the client cert to choose at runtime
                // so just re-call the function
                AcquireClientCredentials();
                if (this.ClientCertificate != null)
                {
                    this.wasClientCertificateSent = true;
                }
                return this.GetOutgoingBlob(incomingBlob, channelbinding, protectionPolicy);
            }
            else if (statusCode != (int)SecurityStatus.ContinueNeeded)
            {
                this.Dispose();
                if (statusCode == (int)SecurityStatus.InternalError)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(statusCode, SR.GetString(SR.LsaAuthorityNotContacted)));
                }
                else
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(statusCode));
                }
            }
            return outgoingSecurity.token;
        }
 internal NTAuthentication(bool isServer, string package, NetworkCredential credential, string spn, ContextFlags requestedContextFlags, ContextAwareResult context, System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding)
 {
     if ((credential is SystemNetworkCredential) && ComNetOS.IsWinNt)
     {
         WindowsIdentity identity = (context == null) ? null : context.Identity;
         try
         {
             IDisposable disposable = (identity == null) ? null : identity.Impersonate();
             if (disposable != null)
             {
                 using (disposable)
                 {
                     this.Initialize(isServer, package, credential, spn, requestedContextFlags, channelBinding);
                     return;
                 }
             }
             ExecutionContext executionContext = (context == null) ? null : context.ContextCopy;
             if (executionContext == null)
             {
                 this.Initialize(isServer, package, credential, spn, requestedContextFlags, channelBinding);
             }
             else
             {
                 ExecutionContext.Run(executionContext, s_InitializeCallback, new InitializeCallbackContext(this, isServer, package, credential, spn, requestedContextFlags, channelBinding));
             }
             return;
         }
         catch
         {
             throw;
         }
     }
     this.Initialize(isServer, package, credential, spn, requestedContextFlags, channelBinding);
 }
 private IConnection SendPreamble(IConnection connection, ref TimeoutHelper timeoutHelper, ClientFramingDecoder decoder, out SecurityMessageProperty remoteSecurity)
 {
     connection.Write(this.Preamble, 0, this.Preamble.Length, true, timeoutHelper.RemainingTime());
     if (this.upgrade != null)
     {
         IStreamUpgradeChannelBindingProvider property = this.upgrade.GetProperty<IStreamUpgradeChannelBindingProvider>();
         StreamUpgradeInitiator upgradeInitiator = this.upgrade.CreateUpgradeInitiator(base.RemoteAddress, base.Via);
         if (!ConnectionUpgradeHelper.InitiateUpgrade(upgradeInitiator, ref connection, decoder, this, ref timeoutHelper))
         {
             ConnectionUpgradeHelper.DecodeFramingFault(decoder, connection, base.Via, this.messageEncoder.ContentType, ref timeoutHelper);
         }
         if ((property != null) && property.IsChannelBindingSupportEnabled)
         {
             this.channelBindingToken = property.GetChannelBinding(upgradeInitiator, ChannelBindingKind.Endpoint);
         }
         remoteSecurity = StreamSecurityUpgradeInitiator.GetRemoteSecurity(upgradeInitiator);
         connection.Write(ClientSingletonEncoder.PreambleEndBytes, 0, ClientSingletonEncoder.PreambleEndBytes.Length, true, timeoutHelper.RemainingTime());
     }
     else
     {
         remoteSecurity = null;
     }
     byte[] buffer = new byte[1];
     int count = connection.Read(buffer, 0, buffer.Length, timeoutHelper.RemainingTime());
     if (!ConnectionUpgradeHelper.ValidatePreambleResponse(buffer, count, decoder, base.Via))
     {
         ConnectionUpgradeHelper.DecodeFramingFault(decoder, connection, base.Via, this.messageEncoder.ContentType, ref timeoutHelper);
     }
     return connection;
 }
Esempio n. 45
0
 public ExtendedProtectionPolicy(PolicyEnforcement policyEnforcement, ChannelBinding customChannelBinding)
 {
     throw new NotImplementedException();
 }
 public ExtendedProtectionPolicy(PolicyEnforcement policyEnforcement, ChannelBinding customChannelBinding)
 {
 }
 internal static HttpInput CreateHttpInput(HttpWebResponse httpWebResponse, IHttpTransportFactorySettings settings, System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding)
 {
     return(new WebResponseHttpInput(httpWebResponse, settings, channelBinding));
 }