static extern int AcquireCredentialsHandle( string pszPrincipal, //SEC_CHAR* string pszPackage, //SEC_CHAR* //"Kerberos","NTLM","Negotiative" int fCredentialUse, IntPtr PAuthenticationID, //_LUID AuthenticationID,//pvLogonID, //PLUID IntPtr pAuthData, //PVOID int pGetKeyFn, //SEC_GET_KEY_FN IntPtr pvGetKeyArgument, //PVOID out SecHandle phCredential, //SecHandle //PCtxtHandle ref out SecInteger ptsExpiry //PTimeStamp //TimeStamp ref );
/// <summary> /// Creates SSPIHelper with given security package and remote principal and gets client credentials /// </summary> /// <param name="securityPackage">Name of security package (e.g. NTLM, Kerberos, ...)</param> /// <param name="remotePrincipal">SPN of server (may be necessary for Kerberos</param> public SspiHelper(string securityPackage, string remotePrincipal) { _securPackage = securityPackage; _remotePrincipal = remotePrincipal; SecInteger expiry = new SecInteger(); if (AcquireCredentialsHandle(null, securityPackage, SECPKG_CRED_OUTBOUND, IntPtr.Zero, IntPtr.Zero, 0, IntPtr.Zero, out _clientCredentials, out expiry) != SEC_E_OK) { throw new Exception($"{nameof(AcquireCredentialsHandle)} failed"); } }
/// <summary> /// Creates SSPIHelper with given security package and remote principal and gets client credentials /// </summary> /// <param name="securPackage">Name of security package (e.g. NTLM, Kerberos, ...)</param> /// <param name="remotePrincipal">SPN of server (may be necessary for Kerberos</param> public SSPIHelper(string securPackage, string remotePrincipal) { this.securPackage = securPackage; this.remotePrincipal = remotePrincipal; SecInteger expiry = new SecInteger(); if (AcquireCredentialsHandle(null, securPackage, SECPKG_CRED_OUTBOUND, IntPtr.Zero, IntPtr.Zero, 0, IntPtr.Zero, out clientCredentials, out expiry) != SEC_E_OK) { throw new Exception("Acquiring client credentials failed"); } }
static extern int InitializeSecurityContext( ref SecHandle phCredential, //PCredHandle ref SecHandle phContext, //PCtxtHandle string pszTargetName, int fContextReq, int Reserved1, int TargetDataRep, ref SecBufferDesc SecBufferDesc, //PSecBufferDesc SecBufferDesc int Reserved2, out SecHandle phNewContext, //PCtxtHandle ref SecBufferDesc pOutput, //PSecBufferDesc SecBufferDesc out uint pfContextAttr, //managed ulong == 64 bits!!! out SecInteger ptsExpiry //PTimeStamp );
/// <summary> /// Creates client authentication data based on already existing security context and /// authentication data sent by server /// This method must not be called before InitializeClientSecurity /// </summary> /// <param name="serverToken">Authentication data received from server</param> /// <returns>Client authentication data to be sent to server</returns> public byte[] GetClientSecurity(byte[] serverToken) { if (disposed) { throw new ObjectDisposedException("SSPIHelper"); } if (clientContext.IsInvalid) { throw new InvalidOperationException("InitializeClientSecurity not called"); } SecInteger expiry = new SecInteger(); uint contextAttributes; SecBufferDesc clientTokenBuf = new SecBufferDesc(MAX_TOKEN_SIZE); try { SecBufferDesc serverTokenBuf = new SecBufferDesc(serverToken); try { int resCode = InitializeSecurityContext( ref clientCredentials, ref clientContext, remotePrincipal, // null string pszTargetName, STANDARD_CONTEXT_ATTRIBUTES, 0, //int Reserved1, SECURITY_NATIVE_DREP, //int TargetDataRep ref serverTokenBuf, // server token must be ref because it is struct 0, //int Reserved2, out clientContext, //pHandle CtxtHandle = SecHandle ref clientTokenBuf, //ref SecBufferDesc pOutput, //PSecBufferDesc out contextAttributes, //ref int pfContextAttr, out expiry); //ref IntPtr ptsExpiry ); //PTimeStamp if (resCode != SEC_E_OK && resCode != SEC_I_CONTINUE_NEEDED) { throw new Exception("InitializeSecurityContext() failed"); } return(clientTokenBuf.GetSecBufferBytes()); } finally { serverTokenBuf.Dispose(); } } finally { clientTokenBuf.Dispose(); } }
/// <summary> /// Creates client security context and returns "client token" /// </summary> /// <returns>Client authentication data to be sent to server</returns> public byte[] InitializeClientSecurity() { if (disposed) { throw new ObjectDisposedException("SSPIHelper"); } CloseClientContext(); SecInteger expiry = new SecInteger(0); uint contextAttributes; SecBufferDesc clientTokenBuf = new SecBufferDesc(MAX_TOKEN_SIZE); try { int resCode = InitializeSecurityContext( ref clientCredentials, IntPtr.Zero, remotePrincipal, // null string pszTargetName, STANDARD_CONTEXT_ATTRIBUTES, 0, //int Reserved1, SECURITY_NATIVE_DREP, //int TargetDataRep IntPtr.Zero, //Always zero first time around... 0, //int Reserved2, out clientContext, //pHandle CtxtHandle = SecHandle ref clientTokenBuf, //ref SecBufferDesc pOutput, //PSecBufferDesc out contextAttributes, //ref int pfContextAttr, out expiry); //ref IntPtr ptsExpiry ); //PTimeStamp if (resCode != SEC_E_OK && resCode != SEC_I_CONTINUE_NEEDED) { throw new Exception("InitializeSecurityContext failed"); } return(clientTokenBuf.GetSecBufferBytes()); } finally { clientTokenBuf.Dispose(); } }
/// <summary> /// Creates client authentication data based on already existing security context and /// authentication data sent by server /// This method must not be called before InitializeClientSecurity /// </summary> /// <param name="serverToken">Authentication data received from server</param> /// <returns>Client authentication data to be sent to server</returns> public byte[] GetClientSecurity(byte[] serverToken) { if (_disposed) throw new ObjectDisposedException("SSPIHelper"); if (_clientContext.IsInvalid) throw new InvalidOperationException("InitializeClientSecurity not called"); SecInteger expiry = new SecInteger(); uint contextAttributes; SecBufferDesc clientTokenBuf = new SecBufferDesc(MAX_TOKEN_SIZE); try { SecBufferDesc serverTokenBuf = new SecBufferDesc(serverToken); try { int resCode = InitializeSecurityContext( ref _clientCredentials, ref _clientContext, _remotePrincipal,// null string pszTargetName, STANDARD_CONTEXT_ATTRIBUTES, 0,//int Reserved1, SECURITY_NATIVE_DREP,//int TargetDataRep ref serverTokenBuf, // server token must be ref because it is struct 0, //int Reserved2, out _clientContext, //pHandle CtxtHandle = SecHandle ref clientTokenBuf,//ref SecBufferDesc pOutput, //PSecBufferDesc out contextAttributes,//ref int pfContextAttr, out expiry); //ref IntPtr ptsExpiry ); //PTimeStamp if (resCode != SEC_E_OK && resCode != SEC_I_CONTINUE_NEEDED) throw new Exception("InitializeSecurityContext() failed"); return clientTokenBuf.GetSecBufferBytes(); } finally { serverTokenBuf.Dispose(); } } finally { clientTokenBuf.Dispose(); } }
/// <summary> /// Creates client security context and returns "client token" /// </summary> /// <returns>Client authentication data to be sent to server</returns> public byte[] InitializeClientSecurity() { if (_disposed) throw new ObjectDisposedException("SSPIHelper"); CloseClientContext(); SecInteger expiry = new SecInteger(0); uint contextAttributes; SecBufferDesc clientTokenBuf = new SecBufferDesc(MAX_TOKEN_SIZE); try { int resCode = InitializeSecurityContext( ref _clientCredentials, IntPtr.Zero, _remotePrincipal,// null string pszTargetName, STANDARD_CONTEXT_ATTRIBUTES, 0,//int Reserved1, SECURITY_NATIVE_DREP,//int TargetDataRep IntPtr.Zero, //Always zero first time around... 0, //int Reserved2, out _clientContext, //pHandle CtxtHandle = SecHandle ref clientTokenBuf,//ref SecBufferDesc pOutput, //PSecBufferDesc out contextAttributes,//ref int pfContextAttr, out expiry); //ref IntPtr ptsExpiry ); //PTimeStamp if (resCode != SEC_E_OK && resCode != SEC_I_CONTINUE_NEEDED) throw new Exception("InitializeSecurityContext failed"); return clientTokenBuf.GetSecBufferBytes(); } finally { clientTokenBuf.Dispose(); } }
/// <summary> /// Creates SSPIHelper with given security package and remote principal and gets client credentials /// </summary> /// <param name="securPackage">Name of security package (e.g. NTLM, Kerberos, ...)</param> /// <param name="remotePrincipal">SPN of server (may be necessary for Kerberos</param> public SSPIHelper(string securPackage, string remotePrincipal) { _securPackage = securPackage; _remotePrincipal = remotePrincipal; SecInteger expiry = new SecInteger(); if (AcquireCredentialsHandle(null, securPackage, SECPKG_CRED_OUTBOUND, IntPtr.Zero, IntPtr.Zero, 0, IntPtr.Zero, out _clientCredentials, out expiry) != SEC_E_OK) throw new Exception("Acquiring client credentials failed"); }
static extern int InitializeSecurityContext( ref SecHandle phCredential,//PCredHandle ref SecHandle phContext, //PCtxtHandle string pszTargetName, int fContextReq, int Reserved1, int TargetDataRep, ref SecBufferDesc SecBufferDesc, //PSecBufferDesc SecBufferDesc int Reserved2, out SecHandle phNewContext, //PCtxtHandle ref SecBufferDesc pOutput, //PSecBufferDesc SecBufferDesc out uint pfContextAttr, //managed ulong == 64 bits!!! out SecInteger ptsExpiry //PTimeStamp );
static extern int AcquireCredentialsHandle( string pszPrincipal, //SEC_CHAR* string pszPackage, //SEC_CHAR* //"Kerberos","NTLM","Negotiative" int fCredentialUse, IntPtr PAuthenticationID,//_LUID AuthenticationID,//pvLogonID, //PLUID IntPtr pAuthData,//PVOID int pGetKeyFn, //SEC_GET_KEY_FN IntPtr pvGetKeyArgument, //PVOID out SecHandle phCredential, //SecHandle //PCtxtHandle ref out SecInteger ptsExpiry //PTimeStamp //TimeStamp ref );