public KerberosSecurityTokenProviderWrapper(KerberosSecurityTokenProvider innerProvider)
{
_innerProvider = innerProvider;
}
static void Main(string[] args)
{
//MechType: 1.2.840.48018.1.2.2 (MS KRB5 - Microsoft Kerberos 5)
//MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
//MechType: 1.3.6.1.4.1.311.2.2.30 (NEGOEX - SPNEGO Extended Negotiation Security Mechanism)
//MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
byte[] MechTypes = { 0xa0, 0x30, 0x30, 0x2e, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02, 0x06, 0x09, 0x2a, 0x86, 0x48
, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02
, 0x02, 0x1e, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x02, 0x0a };
//OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
byte[] oid = { 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x02 };
//KRB5 OID: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
byte[] krb5_oid = { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02 };
var url = "http://app1.zf.com/index.html";
var userName = "******";
var paswd = "Testpass";
var domServer = "server006";
var domain = domServer + ".zf.com";
string spn = "HTTP/[email protected]";
byte[] ticketData;
string sret = "";
//Get service ticket from server
using (var domainContext = new PrincipalContext(ContextType.Domain, domain, null, ContextOptions.Negotiate,
userName, paswd))
{
using (var foundUser = UserPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, userName))
{
Console.WriteLine("User Principale name" + UserPrincipal
.FindByIdentity(domainContext, IdentityType.SamAccountName, userName)
.UserPrincipalName);
KerberosSecurityTokenProvider k1 = new KerberosSecurityTokenProvider(spn
, System.Security.Principal.TokenImpersonationLevel.Identification, //2248
new System.Net.NetworkCredential(userName, paswd, "zf.COM"));
KerberosRequestorSecurityToken T1 =
k1.GetToken(TimeSpan.FromMinutes(1)) as KerberosRequestorSecurityToken;
ticketData = T1.GetRequest();
sret = Convert.ToBase64String(ticketData);
Console.WriteLine("=====sret========" + sret);
Console.WriteLine("=====Time now========" + System.DateTime.UtcNow);
Console.WriteLine("=====valir from========" + T1.ValidFrom);
Console.WriteLine("=====valir from========" + T1.ValidTo);
Console.WriteLine("=====LEN========" + sret.Length);
}
}
#region Decoding service ticket and geting Kerberos service ticket
List <byte> identifier0 = new List <byte>();
List <byte> dataToken0 = new List <byte>();
int dataLength0 = AsnDer.Decode(ticketData, identifier0, dataToken0); //Get GSS-API
List <byte> identifier10 = new List <byte>();
List <byte> dataToken10 = new List <byte>();
int dataLength10 = AsnDer.Decode(dataToken0.ToArray(), identifier10, dataToken10); //Get OID
var Kerberos = dataToken0.Skip(dataLength10); //Get KERBEROS data
#endregion
#region Creating negotiation request
var data1 = AsnDer.Encode(new Byte[] { 0x60 }, krb5_oid.Concat(Kerberos).ToArray()); //krb5_oid + Kerberos service ticket
var data2 = AsnDer.Encode(new Byte[] { 0x04 }, data1); //Wrap Sequence of bytes
var data3 = AsnDer.Encode(new Byte[] { 0xa2 }, data2); //Wrap MechToken element
var data4 = AsnDer.Encode(new Byte[] { 0x30 }, MechTypes.Concat(data3).ToArray()); //Contruct sequence
var data5 = AsnDer.Encode(new Byte[] { 0xa0 }, data4); //NegResult
var data6 = AsnDer.Encode(new Byte[] { 0x60 }, oid.Concat(data5).ToArray()); //NegTokenInit
#endregion
CookieContainer cookieContainer = new CookieContainer();
HttpWebRequest req = HttpWebRequest.Create(url) as HttpWebRequest;
req.CookieContainer = cookieContainer;
req.KeepAlive = true;
req.Headers.Add("Authorization", "Negotiate " + Convert.ToBase64String(data6));
WebResponse resp = req.GetResponse();
resp.Close();
var cookies = GetAllCookies(cookieContainer);
}
public KerberosSecurityTokenProviderWrapper(KerberosSecurityTokenProvider innerProvider, SafeFreeCredentials credentialsHandle)
{
this.innerProvider = innerProvider;
this.credentialsHandle = credentialsHandle;
}
