public SafeFreeNegoCredentials(bool isNtlmOnly, string username, string password, string domain)
: base(IntPtr.Zero, true)
{
Debug.Assert(username != null && password != null, "Username and Password can not be null");
const char At = '@';
const char Backwhack = '\\';
// any invalid user format will not be mnipulated and passed as it is.
int index = username.IndexOf(Backwhack);
if (index > 0 && username.IndexOf(Backwhack, index + 1) < 0 && string.IsNullOrEmpty(domain))
{
domain = username.Substring(0, index);
username = username.Substring(index + 1);
}
// remove any leading and trailing whitespace
if (domain != null)
{
domain = domain.Trim();
}
username = username.Trim();
if ((username.IndexOf(At) < 0) && !string.IsNullOrEmpty(domain))
{
username += At + domain;
}
bool ignore = false;
_isNtlmOnly = isNtlmOnly;
_userName = username;
_isDefault = string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password);
_credential = SafeGssCredHandle.Create(username, password, isNtlmOnly);
_credential.DangerousAddRef(ref ignore);
}
internal static extern Status InitiateCredWithPassword(
out Status minorStatus,
bool isNtlm,
SafeGssNameHandle desiredName,
string password,
int passwordLen,
out SafeGssCredHandle outputCredHandle);
internal static extern Status InitSecContext(
out Status minorStatus,
SafeGssCredHandle initiatorCredHandle,
ref SafeGssContextHandle contextHandle,
bool isNtlm,
SafeGssNameHandle targetName,
uint reqFlags,
byte[] inputBytes,
int inputLength,
ref GssBuffer token,
out uint retFlags);
private static bool GssInitSecurityContext(
ref SafeGssContextHandle context,
SafeGssCredHandle credential,
bool isNtlm,
SafeGssNameHandle targetName,
Interop.NetSecurityNative.GssFlags inFlags,
byte[] buffer,
out byte[] outputBuffer,
out uint outFlags,
out int isNtlmUsed)
{
outputBuffer = null;
outFlags = 0;
// EstablishSecurityContext is called multiple times in a session.
// In each call, we need to pass the context handle from the previous call.
// For the first call, the context handle will be null.
if (context == null)
{
context = new SafeGssContextHandle();
}
Interop.NetSecurityNative.GssBuffer token = default(Interop.NetSecurityNative.GssBuffer);
Interop.NetSecurityNative.Status status;
try
{
Interop.NetSecurityNative.Status minorStatus;
status = Interop.NetSecurityNative.InitSecContext(out minorStatus,
credential,
ref context,
isNtlm,
targetName,
(uint)inFlags,
buffer,
(buffer == null) ? 0 : buffer.Length,
ref token,
out outFlags,
out isNtlmUsed);
if ((status != Interop.NetSecurityNative.Status.GSS_S_COMPLETE) && (status != Interop.NetSecurityNative.Status.GSS_S_CONTINUE_NEEDED))
{
throw new Interop.NetSecurityNative.GssApiException(status, minorStatus);
}
outputBuffer = token.ToByteArray();
}
finally
{
token.Dispose();
}
return status == Interop.NetSecurityNative.Status.GSS_S_COMPLETE;
}
protected override bool ReleaseHandle()
{
_credential.DangerousRelease();
_credential = null;
return true;
}
public SafeFreeNegoCredentials(string username, string password, string domain) : base(IntPtr.Zero, true)
{
bool ignore = false;
_credential = SafeGssCredHandle.Create(username, password, domain);
_credential.DangerousAddRef(ref ignore);
}
internal static extern Status InitiateCredSpNego(
out Status minorStatus,
SafeGssNameHandle desiredName,
out SafeGssCredHandle outputCredHandle);