public static IntPtr GetAccessToken(SecHandle serverContext) { IntPtr accessToken; uint result = QueryContextAttributes(ref serverContext, SECPKG_ATTR_ACCESS_TOKEN, out accessToken); if (result == SEC_E_OK) { return(accessToken); } else { return(IntPtr.Zero); } }
public static string GetUserName(SecHandle context) { string userName; uint result = QueryContextAttributes(ref context, SECPKG_ATTR_NAME, out userName); if (result == SEC_E_OK) { return(userName); } else { return(null); } }
/// <summary> /// Windows Vista or newer is required for SECPKG_ATTR_SESSION_KEY to work. /// Windows XP / Server 2003 will return SEC_E_INVALID_TOKEN. /// </summary> public static byte[] GetSessionKey(SecHandle context) { SecPkgContext_SessionKey sessionKey; uint result = QueryContextAttributes(ref context, SECPKG_ATTR_SESSION_KEY, out sessionKey); if (result == SEC_E_OK) { int length = (int)sessionKey.SessionKeyLength; byte[] sessionKeyBytes = new byte[length]; Marshal.Copy(sessionKey.SessionKey, sessionKeyBytes, 0, length); return(sessionKeyBytes); } else { return(null); } }
public override bool DeleteSecurityContext(ref object context) { AuthContext authContext = context as AuthContext; if (authContext == null) { return(false); } SecHandle handle = ((AuthContext)context).ServerContext; uint result = SSPIHelper.DeleteSecurityContext(ref handle); bool success = (result == 0); // SEC_E_OK if (success) { context = null; } return(success); }
public static byte[] GetType2Message(byte[] type1MessageBytes, out SecHandle serverContext) { SecHandle credentialsHandle = AcquireNTLMCredentialsHandle(); SecBuffer inputBuffer = new SecBuffer(type1MessageBytes); SecBufferDesc input = new SecBufferDesc(inputBuffer); serverContext = new SecHandle(); SecBuffer outputBuffer = new SecBuffer(MAX_TOKEN_SIZE); SecBufferDesc output = new SecBufferDesc(outputBuffer); uint contextAttributes; SECURITY_INTEGER timestamp; uint result = AcceptSecurityContext(ref credentialsHandle, IntPtr.Zero, ref input, ASC_REQ_INTEGRITY | ASC_REQ_CONFIDENTIALITY, SECURITY_NATIVE_DREP, ref serverContext, ref output, out contextAttributes, out timestamp); if (result != SEC_E_OK && result != SEC_I_CONTINUE_NEEDED) { if (result == SEC_E_INVALID_HANDLE) { throw new Exception("AcceptSecurityContext failed, invalid handle"); } else if (result == SEC_E_INVALID_TOKEN) { throw new Exception("InitializeSecurityContext failed, Invalid token"); } else if (result == SEC_E_BUFFER_TOO_SMALL) { throw new Exception("AcceptSecurityContext failed, buffer too small"); } else { throw new Exception("AcceptSecurityContext failed, error code 0x" + result.ToString("X")); } } FreeCredentialsHandle(ref credentialsHandle); byte[] messageBytes = output.GetBufferBytes(0); inputBuffer.Dispose(); input.Dispose(); outputBuffer.Dispose(); output.Dispose(); return(messageBytes); }
/// <summary> /// AcceptSecurityContext will return SEC_E_LOGON_DENIED when the password is correct in these cases: /// 1. The account is listed under the "Deny access to this computer from the network" list. /// 2. 'limitblankpassworduse' is set to 1, non-guest is attempting to login with an empty password, /// and the Guest account is disabled, has non-empty pasword set or listed under the "Deny access to this computer from the network" list. /// /// Note: "If the Guest account is enabled, SSPI logon may succeed as Guest for user credentials that are not valid". /// </summary> /// <remarks> /// 1. 'limitblankpassworduse' will not affect the Guest account. /// 2. Listing the user in the "Deny access to this computer from the network" or the "Deny logon locally" lists will not affect AcceptSecurityContext if all of these conditions are met. /// - 'limitblankpassworduse' is set to 1. /// - The user has an empty password set. /// - Guest is NOT listed in the "Deny access to this computer from the network" list. /// - Guest is enabled and has empty pasword set. /// </remarks> public static bool AuthenticateType3Message(SecHandle serverContext, byte[] type3MessageBytes) { SecHandle newContext = new SecHandle(); SecBuffer inputBuffer = new SecBuffer(type3MessageBytes); SecBufferDesc input = new SecBufferDesc(inputBuffer); SecBuffer outputBuffer = new SecBuffer(MAX_TOKEN_SIZE); SecBufferDesc output = new SecBufferDesc(outputBuffer); uint contextAttributes; SECURITY_INTEGER timestamp; uint result = AcceptSecurityContext(IntPtr.Zero, ref serverContext, ref input, ASC_REQ_INTEGRITY | ASC_REQ_CONFIDENTIALITY, SECURITY_NATIVE_DREP, ref newContext, ref output, out contextAttributes, out timestamp); inputBuffer.Dispose(); input.Dispose(); outputBuffer.Dispose(); output.Dispose(); if (result == SEC_E_OK) { return(true); } else if ((uint)result == SEC_E_LOGON_DENIED) { return(false); } else { if (result == SEC_E_INVALID_HANDLE) { throw new Exception("AcceptSecurityContext failed, invalid handle"); } else if (result == SEC_E_INVALID_TOKEN) { throw new Exception("AcceptSecurityContext failed, invalid security token"); } else { throw new Exception("AcceptSecurityContext failed, error code 0x" + result.ToString("X")); } } }
public static byte[] GetType3Message(SecHandle clientContext, byte[] type2Message) { SecHandle newContext = new SecHandle(); SecBuffer inputBuffer = new SecBuffer(type2Message); SecBufferDesc input = new SecBufferDesc(inputBuffer); SecBuffer outputBuffer = new SecBuffer(MAX_TOKEN_SIZE); SecBufferDesc output = new SecBufferDesc(outputBuffer); uint contextAttributes; SECURITY_INTEGER expiry; uint result = InitializeSecurityContext(IntPtr.Zero, ref clientContext, null, ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY, 0, SECURITY_NATIVE_DREP, ref input, 0, ref newContext, ref output, out contextAttributes, out expiry); if (result != SEC_E_OK) { if (result == SEC_E_INVALID_HANDLE) { throw new Exception("InitializeSecurityContext failed, invalid handle"); } else if (result == SEC_E_INVALID_TOKEN) { throw new Exception("InitializeSecurityContext failed, Invalid token"); } else if (result == SEC_E_BUFFER_TOO_SMALL) { throw new Exception("InitializeSecurityContext failed, buffer too small"); } else { throw new Exception("InitializeSecurityContext failed, error code 0x" + result.ToString("X")); } } byte[] messageBytes = output.GetBufferBytes(0); inputBuffer.Dispose(); input.Dispose(); outputBuffer.Dispose(); output.Dispose(); return(messageBytes); }
public AuthContext(SecHandle serverContext) { ServerContext = serverContext; }
public static byte[] GetType1Message(string domainName, string userName, string password, out SecHandle clientContext) { SecHandle credentialsHandle = AcquireNTLMCredentialsHandle(domainName, userName, password); clientContext = new SecHandle(); SecBuffer outputBuffer = new SecBuffer(MAX_TOKEN_SIZE); SecBufferDesc output = new SecBufferDesc(outputBuffer); uint contextAttributes; SECURITY_INTEGER expiry; uint result = InitializeSecurityContext(ref credentialsHandle, IntPtr.Zero, null, ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY, 0, SECURITY_NATIVE_DREP, IntPtr.Zero, 0, ref clientContext, ref output, out contextAttributes, out expiry); if (result != SEC_E_OK && result != SEC_I_CONTINUE_NEEDED) { if (result == SEC_E_INVALID_HANDLE) { throw new Exception("InitializeSecurityContext failed, Invalid handle"); } else if (result == SEC_E_BUFFER_TOO_SMALL) { throw new Exception("InitializeSecurityContext failed, Buffer too small"); } else { throw new Exception("InitializeSecurityContext failed, Error code 0x" + result.ToString("X")); } } FreeCredentialsHandle(ref credentialsHandle); byte[] messageBytes = output.GetBufferBytes(0); outputBuffer.Dispose(); output.Dispose(); return(messageBytes); }
public static byte[] GetType1Message(string userName, string password, out SecHandle clientContext) { return(GetType1Message(String.Empty, userName, password, out clientContext)); }
public extern static uint DeleteSecurityContext( ref SecHandle phContext );
private extern static uint FreeCredentialsHandle( ref SecHandle phCredential );
private static extern uint QueryContextAttributes( ref SecHandle phContext, uint ulAttribute, out SecPkgContext_SessionKey value);
private static extern uint QueryContextAttributes( ref SecHandle phContext, uint ulAttribute, out IntPtr value);