public SecurityToken GetToken (TimeSpan timeout) { bool gss = (TargetAddress.Identity == null); SspiClientSession sspi = new SspiClientSession (); WstRequestSecurityToken rst = new WstRequestSecurityToken (); // send MessageType1 rst.BinaryExchange = new WstBinaryExchange (Constants.WstBinaryExchangeValueGss); // When the TargetAddress does not contain the endpoint // identity, then .net seems to use Kerberos instead of // raw NTLM. if (gss) rst.BinaryExchange.Value = sspi.ProcessSpnegoInitialContextTokenRequest (); else rst.BinaryExchange.Value = sspi.ProcessMessageType1 (); Message request = Message.CreateMessage (IssuerBinding.MessageVersion, Constants.WstIssueAction, rst); request.Headers.MessageId = new UniqueId (); request.Headers.ReplyTo = new EndpointAddress (Constants.WsaAnonymousUri); request.Headers.To = TargetAddress.Uri; MessageBuffer buffer = request.CreateBufferedCopy (0x10000); // tlsctx.StoreMessage (buffer.CreateMessage ().GetReaderAtBodyContents ()); // receive MessageType2 Message response = proxy.Issue (buffer.CreateMessage ()); buffer = response.CreateBufferedCopy (0x10000); // tlsctx.StoreMessage (buffer.CreateMessage ().GetReaderAtBodyContents ()); WSTrustRequestSecurityTokenResponseReader reader = new WSTrustRequestSecurityTokenResponseReader (Constants.WstSpnegoProofTokenType, buffer.CreateMessage ().GetReaderAtBodyContents (), SecurityTokenSerializer, null); reader.Read (); byte [] raw = reader.Value.BinaryExchange.Value; if (gss) sspi.ProcessSpnegoInitialContextTokenResponse (raw); else sspi.ProcessMessageType2 (raw); // send MessageType3 WstRequestSecurityTokenResponse rstr = new WstRequestSecurityTokenResponse (SecurityTokenSerializer); rstr.Context = reader.Value.Context; rstr.BinaryExchange = new WstBinaryExchange (Constants.WstBinaryExchangeValueGss); NetworkCredential cred = owner.Manager.ClientCredentials.Windows.ClientCredential; string user = string.IsNullOrEmpty (cred.UserName) ? Environment.UserName : cred.UserName; string pass = cred.Password ?? String.Empty; if (gss) rstr.BinaryExchange.Value = sspi.ProcessSpnegoProcessContextToken (user, pass); else rstr.BinaryExchange.Value = sspi.ProcessMessageType3 (user, pass); request = Message.CreateMessage (IssuerBinding.MessageVersion, Constants.WstIssueReplyAction, rstr); request.Headers.MessageId = new UniqueId (); request.Headers.ReplyTo = new EndpointAddress (Constants.WsaAnonymousUri); request.Headers.To = TargetAddress.Uri; buffer = request.CreateBufferedCopy (0x10000); // tlsctx.StoreMessage (buffer.CreateMessage ().GetReaderAtBodyContents ()); proxy = new WSTrustSecurityTokenServiceProxy ( IssuerBinding, IssuerAddress); response = proxy.IssueReply (buffer.CreateMessage ()); // FIXME: use correct limitation buffer = response.CreateBufferedCopy (0x10000); // don't store this message for ckhash (it's not part // of exchange) /* Console.WriteLine (buffer.CreateMessage ()); */ throw new NotImplementedException (); }
public SecurityToken GetToken(TimeSpan timeout) { bool gss = (TargetAddress.Identity == null); SspiClientSession sspi = new SspiClientSession(); WstRequestSecurityToken rst = new WstRequestSecurityToken(); // send MessageType1 rst.BinaryExchange = new WstBinaryExchange(Constants.WstBinaryExchangeValueGss); // When the TargetAddress does not contain the endpoint // identity, then .net seems to use Kerberos instead of // raw NTLM. if (gss) { rst.BinaryExchange.Value = sspi.ProcessSpnegoInitialContextTokenRequest(); } else { rst.BinaryExchange.Value = sspi.ProcessMessageType1(); } Message request = Message.CreateMessage(IssuerBinding.MessageVersion, Constants.WstIssueAction, rst); request.Headers.MessageId = new UniqueId(); request.Headers.ReplyTo = new EndpointAddress(Constants.WsaAnonymousUri); request.Headers.To = TargetAddress.Uri; MessageBuffer buffer = request.CreateBufferedCopy(0x10000); // tlsctx.StoreMessage (buffer.CreateMessage ().GetReaderAtBodyContents ()); // receive MessageType2 Message response = proxy.Issue(buffer.CreateMessage()); buffer = response.CreateBufferedCopy(0x10000); // tlsctx.StoreMessage (buffer.CreateMessage ().GetReaderAtBodyContents ()); WSTrustRequestSecurityTokenResponseReader reader = new WSTrustRequestSecurityTokenResponseReader(Constants.WstSpnegoProofTokenType, buffer.CreateMessage().GetReaderAtBodyContents(), SecurityTokenSerializer, null); reader.Read(); byte [] raw = reader.Value.BinaryExchange.Value; if (gss) { sspi.ProcessSpnegoInitialContextTokenResponse(raw); } else { sspi.ProcessMessageType2(raw); } // send MessageType3 WstRequestSecurityTokenResponse rstr = new WstRequestSecurityTokenResponse(SecurityTokenSerializer); rstr.Context = reader.Value.Context; rstr.BinaryExchange = new WstBinaryExchange(Constants.WstBinaryExchangeValueGss); NetworkCredential cred = owner.Manager.ClientCredentials.Windows.ClientCredential; string user = string.IsNullOrEmpty(cred.UserName) ? Environment.UserName : cred.UserName; string pass = cred.Password ?? String.Empty; if (gss) { rstr.BinaryExchange.Value = sspi.ProcessSpnegoProcessContextToken(user, pass); } else { rstr.BinaryExchange.Value = sspi.ProcessMessageType3(user, pass); } request = Message.CreateMessage(IssuerBinding.MessageVersion, Constants.WstIssueReplyAction, rstr); request.Headers.MessageId = new UniqueId(); request.Headers.ReplyTo = new EndpointAddress(Constants.WsaAnonymousUri); request.Headers.To = TargetAddress.Uri; buffer = request.CreateBufferedCopy(0x10000); // tlsctx.StoreMessage (buffer.CreateMessage ().GetReaderAtBodyContents ()); proxy = new WSTrustSecurityTokenServiceProxy( IssuerBinding, IssuerAddress); response = proxy.IssueReply(buffer.CreateMessage()); // FIXME: use correct limitation buffer = response.CreateBufferedCopy(0x10000); // don't store this message for ckhash (it's not part // of exchange) /* Console.WriteLine (buffer.CreateMessage ()); */ throw new NotImplementedException(); }