public Authorization Authenticate(string challenge, NetworkCredential credential, object sessionCookie, string spn, ChannelBinding channelBindingToken)
{
lock (this.sessions)
{
NTAuthentication clientContext = this.sessions[sessionCookie] as NTAuthentication;
if (clientContext == null)
{
if (credential == null){
return null;
}
//
this.sessions[sessionCookie] = clientContext = new NTAuthentication(false, "WDigest", credential, spn, ContextFlags.Connection, channelBindingToken);
}
string resp = clientContext.GetOutgoingBlob(challenge);
if (!clientContext.IsCompleted)
{
return new Authorization(resp, false);
}
else
{
this.sessions.Remove(sessionCookie);
return new Authorization(resp, true);
}
}
}
private void Initialize(bool isServer, string package, NetworkCredential credential, string spn, ContextFlagsPal requestedContextFlags, ChannelBinding channelBinding)
{
if (NetEventSource.IsEnabled) NetEventSource.Enter(this, package, spn, requestedContextFlags);
_tokenSize = NegotiateStreamPal.QueryMaxTokenSize(package);
_isServer = isServer;
_spn = spn;
_securityContext = null;
_requestedContextFlags = requestedContextFlags;
_package = package;
_channelBinding = channelBinding;
if (NetEventSource.IsEnabled) NetEventSource.Info(this, $"Peer SPN-> '{_spn}'");
//
// Check if we're using DefaultCredentials.
//
Debug.Assert(CredentialCache.DefaultCredentials == CredentialCache.DefaultNetworkCredentials);
if (credential == CredentialCache.DefaultCredentials)
{
if (NetEventSource.IsEnabled) NetEventSource.Info(this, "using DefaultCredentials");
_credentialsHandle = NegotiateStreamPal.AcquireDefaultCredential(package, _isServer);
}
else
{
_credentialsHandle = NegotiateStreamPal.AcquireCredentialsHandle(package, _isServer, credential);
}
}
protected override Stream OnAcceptUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity)
{
SslStream stream2 = new SslStream(stream, false, new RemoteCertificateValidationCallback(this.ValidateRemoteCertificate));
try
{
stream2.AuthenticateAsServer(this.parent.ServerCertificate, this.parent.RequireClientCertificate, SslProtocols.Default, false);
}
catch (AuthenticationException exception)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message, exception));
}
catch (IOException exception2)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NegotiationFailedIO", new object[] { exception2.Message }), exception2));
}
if (System.ServiceModel.Security.SecurityUtils.ShouldValidateSslCipherStrength())
{
System.ServiceModel.Security.SecurityUtils.ValidateSslCipherStrength(stream2.CipherStrength);
}
remoteSecurity = this.clientSecurity;
if (this.IsChannelBindingSupportEnabled)
{
this.channelBindingToken = ChannelBindingUtility.GetToken(stream2);
}
return stream2;
}
protected override Stream OnAcceptUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity)
{
SslStream stream2 = new SslStream(stream, false, new RemoteCertificateValidationCallback(this.ValidateRemoteCertificate));
try
{
stream2.AuthenticateAsServer(this.parent.ServerCertificate, this.parent.RequireClientCertificate, SslProtocols.Default, false);
}
catch (AuthenticationException exception)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message, exception));
}
catch (IOException exception2)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NegotiationFailedIO", new object[] { exception2.Message }), exception2));
}
if (System.ServiceModel.Security.SecurityUtils.ShouldValidateSslCipherStrength())
{
System.ServiceModel.Security.SecurityUtils.ValidateSslCipherStrength(stream2.CipherStrength);
}
remoteSecurity = this.clientSecurity;
if (this.IsChannelBindingSupportEnabled)
{
this.channelBindingToken = ChannelBindingUtility.GetToken(stream2);
}
return(stream2);
}
public static ChannelBinding DuplicateToken(ChannelBinding source)
{
if (source == null)
{
return null;
}
return DuplicatedChannelBinding.CreateCopy(source);
}
public ServerSingletonConnectionReader(ServerSingletonPreambleConnectionReader preambleReader, IConnection upgradedConnection, ConnectionDemuxer connectionDemuxer) : base(upgradedConnection, preambleReader.BufferOffset, preambleReader.BufferSize, preambleReader.Security, preambleReader.TransportSettings, preambleReader.Via)
{
this.decoder = preambleReader.Decoder;
this.contentType = this.decoder.ContentType;
this.connectionDemuxer = connectionDemuxer;
this.rawConnection = preambleReader.RawConnection;
this.channelBindingToken = preambleReader.ChannelBinding;
}
protected override void OnClosed()
{
base.OnClosed();
if (this.channelBindingToken != null)
{
this.channelBindingToken.Close();
this.channelBindingToken = null;
}
}
public static void TryAddToMessage(ChannelBinding channelBindingToken, Message message, bool messagePropertyOwnsCleanup)
{
if (channelBindingToken != null)
{
ChannelBindingMessageProperty property = new ChannelBindingMessageProperty(channelBindingToken, messagePropertyOwnsCleanup);
property.AddTo(message);
property.Dispose(); //message.Properties.Add() creates a copy...
}
}
protected override void OnClosed()
{
base.OnClosed();
if (this.channelBindingToken != null)
{
this.channelBindingToken.Close();
this.channelBindingToken = null;
}
}
public static void Dispose(ref ChannelBinding channelBinding)
{
// Explicitly cast to IDisposable to avoid the SecurityException.
IDisposable disposable = (IDisposable)channelBinding;
channelBinding = null;
if (disposable != null)
{
disposable.Dispose();
}
}
public Authorization Authenticate(string challenge, NetworkCredential credential, object sessionCookie, string spn, ChannelBinding channelBindingToken)
{
Authorization authorization;
if (Logging.On)
{
Logging.Enter(Logging.Web, this, "Authenticate", (string) null);
}
try
{
lock (this.sessions)
{
NTAuthentication clientContext = this.sessions[sessionCookie] as NTAuthentication;
if (clientContext == null)
{
if (credential == null)
{
return null;
}
this.sessions[sessionCookie] = clientContext = new NTAuthentication(false, "Negotiate", credential, spn, ContextFlags.AcceptStream | ContextFlags.Connection, channelBindingToken);
}
string token = null;
if (!clientContext.IsCompleted)
{
SecurityStatus status;
byte[] incomingBlob = null;
if (challenge != null)
{
incomingBlob = Convert.FromBase64String(challenge);
}
byte[] inArray = clientContext.GetOutgoingBlob(incomingBlob, false, out status);
if (clientContext.IsCompleted && (inArray == null))
{
token = "\r\n";
}
if (inArray != null)
{
token = Convert.ToBase64String(inArray);
}
}
else
{
token = this.GetSecurityLayerOutgoingBlob(challenge, clientContext);
}
authorization = new Authorization(token, clientContext.IsCompleted);
}
}
finally
{
if (Logging.On)
{
Logging.Exit(Logging.Web, this, "Authenticate", (string) null);
}
}
return authorization;
}
public ChannelBindingMessageProperty(System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding, bool ownsCleanup)
{
if (channelBinding == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("channelBinding");
}
this.refCount = 1;
this.thisLock = new object();
this.channelBinding = channelBinding;
this.ownsCleanup = ownsCleanup;
}
public ChannelBindingMessageProperty(System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding, bool ownsCleanup)
{
if (channelBinding == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("channelBinding");
}
this.refCount = 1;
this.thisLock = new object();
this.channelBinding = channelBinding;
this.ownsCleanup = ownsCleanup;
}
public void CheckChannelBinding(ChannelBinding channelBinding)
{
if (channelBinding != null)
{
Assert.True(!channelBinding.IsInvalid, "Channel binding token should be marked as a valid SafeHandle.");
Assert.True(channelBinding.Size > 0, "Number of bytes in a valid channel binding token should be greater than zero.");
var bytes = new byte[channelBinding.Size];
Marshal.Copy(channelBinding.DangerousGetHandle(), bytes, 0, channelBinding.Size);
Assert.Equal(channelBinding.Size, bytes.Length);
}
}
public ChannelBindingMessageProperty(ChannelBinding channelBinding, bool ownsCleanup)
{
if (channelBinding == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("channelBinding");
}
_refCount = 1;
_thisLock = new object();
_channelBinding = channelBinding;
_ownsCleanup = ownsCleanup;
}
internal void ValidateCreateContext(
string package,
bool isServer,
NetworkCredential credential,
string servicePrincipalName,
ChannelBinding channelBinding,
ProtectionLevel protectionLevel,
TokenImpersonationLevel impersonationLevel
)
{
throw new PlatformNotSupportedException();
}
public WebResponseHttpInput(HttpWebResponse httpWebResponse, IHttpTransportFactorySettings settings, System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding) : base(settings, false, channelBinding != null)
{
this.channelBinding = channelBinding;
this.httpWebResponse = httpWebResponse;
if (this.httpWebResponse.ContentLength == -1L)
{
this.preReadBuffer = new byte[1];
if (this.httpWebResponse.GetResponseStream().Read(this.preReadBuffer, 0, 1) == 0)
{
this.preReadBuffer = null;
}
}
}
public ExtendedProtectionPolicyHelper(System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
{
this._channelBinding = channelBinding;
this._serviceNameCollection = null;
this._checkServiceBinding = true;
if (extendedProtectionPolicy != null)
{
this._policyEnforcement = extendedProtectionPolicy.PolicyEnforcement;
this._protectionScenario = extendedProtectionPolicy.ProtectionScenario;
this._serviceNameCollection = extendedProtectionPolicy.CustomServiceNames;
}
if (this._policyEnforcement == System.Security.Authentication.ExtendedProtection.PolicyEnforcement.Never)
{
this._checkServiceBinding = false;
}
}
public ExtendedProtectionPolicyHelper(System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
{
this._channelBinding = channelBinding;
this._serviceNameCollection = null;
this._checkServiceBinding = true;
if (extendedProtectionPolicy != null)
{
this._policyEnforcement = extendedProtectionPolicy.PolicyEnforcement;
this._protectionScenario = extendedProtectionPolicy.ProtectionScenario;
this._serviceNameCollection = extendedProtectionPolicy.CustomServiceNames;
}
if (this._policyEnforcement == System.Security.Authentication.ExtendedProtection.PolicyEnforcement.Never)
{
this._checkServiceBinding = false;
}
}
public ExtendedProtectionPolicy(PolicyEnforcement policyEnforcement,
ChannelBinding customChannelBinding)
{
if (policyEnforcement == PolicyEnforcement.Never)
{
throw new ArgumentException(SR.GetString(SR.security_ExtendedProtectionPolicy_UseDifferentConstructorForNever), "policyEnforcement");
}
if (customChannelBinding == null)
{
throw new ArgumentNullException("customChannelBinding");
}
this.policyEnforcement = policyEnforcement;
this.protectionScenario = ProtectionScenario.TransportSelected;
this.customChannelBinding = customChannelBinding;
}
public ExtendedProtectionPolicy(PolicyEnforcement policyEnforcement,
ChannelBinding customChannelBinding)
{
if (policyEnforcement == PolicyEnforcement.Never)
{
throw new ArgumentException(SR.security_ExtendedProtectionPolicy_UseDifferentConstructorForNever, nameof(policyEnforcement));
}
if (customChannelBinding == null)
{
throw new ArgumentNullException(nameof(customChannelBinding));
}
_policyEnforcement = policyEnforcement;
_protectionScenario = ProtectionScenario.TransportSelected;
_customChannelBinding = customChannelBinding;
}
public Authorization Authenticate(string challenge, NetworkCredential credential, object sessionCookie, string spn, ChannelBinding channelBindingToken)
{
if (NetEventSource.IsEnabled) NetEventSource.Enter(this, "Authenticate");
try
{
lock (_sessions)
{
NTAuthentication clientContext;
if (!_sessions.TryGetValue(sessionCookie, out clientContext))
{
if (credential == null)
{
return null;
}
_sessions[sessionCookie] =
clientContext =
new NTAuthentication(false, "Ntlm", credential, spn, ContextFlagsPal.Connection, channelBindingToken);
}
string resp = clientContext.GetOutgoingBlob(challenge);
if (!clientContext.IsCompleted)
{
return new Authorization(resp, false);
}
else
{
_sessions.Remove(sessionCookie);
return new Authorization(resp, true);
}
}
}
// From reflected type NTAuthentication in System.Net.Security.
catch (NullReferenceException)
{
return null;
}
finally
{
if (NetEventSource.IsEnabled) NetEventSource.Exit(this, "Authenticate");
}
}
public Authorization Authenticate(string challenge, NetworkCredential credential, object sessionCookie, string spn, ChannelBinding channelBindingToken)
{
Authorization authorization;
if (Logging.On)
{
Logging.Enter(Logging.Web, this, "Authenticate", (string) null);
}
try
{
lock (this.sessions)
{
NetworkCredential credential2 = this.sessions[sessionCookie] as NetworkCredential;
if (credential2 == null)
{
if ((credential == null) || (credential is SystemNetworkCredential))
{
return null;
}
this.sessions[sessionCookie] = credential;
string userName = credential.UserName;
string domain = credential.Domain;
if ((domain != null) && (domain.Length > 0))
{
userName = domain + @"\" + userName;
}
return new Authorization(Convert.ToBase64String(Encoding.UTF8.GetBytes(userName)), false);
}
this.sessions.Remove(sessionCookie);
authorization = new Authorization(Convert.ToBase64String(Encoding.UTF8.GetBytes(credential2.Password)), true);
}
}
finally
{
if (Logging.On)
{
Logging.Exit(Logging.Web, this, "Authenticate", (string) null);
}
}
return authorization;
}
protected override Stream OnInitiateUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity)
{
X509CertificateCollection clientCertificates = null;
LocalCertificateSelectionCallback userCertificateSelectionCallback = null;
if (this.clientToken != null)
{
clientCertificates = new X509CertificateCollection();
clientCertificates.Add(this.clientToken.Certificate);
userCertificateSelectionCallback = ClientCertificateSelectionCallback;
}
SslStream stream2 = new SslStream(stream, false, new RemoteCertificateValidationCallback(this.ValidateRemoteCertificate), userCertificateSelectionCallback);
try
{
stream2.AuthenticateAsClient(string.Empty, clientCertificates, SslProtocols.Default, false);
}
catch (SecurityTokenValidationException exception)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message, exception));
}
catch (AuthenticationException exception2)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception2.Message, exception2));
}
catch (IOException exception3)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NegotiationFailedIO", new object[] { exception3.Message }), exception3));
}
if (System.ServiceModel.Security.SecurityUtils.ShouldValidateSslCipherStrength())
{
System.ServiceModel.Security.SecurityUtils.ValidateSslCipherStrength(stream2.CipherStrength);
}
remoteSecurity = this.serverSecurity;
if (this.IsChannelBindingSupportEnabled)
{
this.channelBindingToken = ChannelBindingUtility.GetToken(stream2);
}
return(stream2);
}
public Authorization Authenticate(string challenge, NetworkCredential credential, object sessionCookie, string spn, ChannelBinding channelBindingToken)
{
if (NetEventSource.Log.IsEnabled()) NetEventSource.Enter(NetEventSource.ComponentType.Web, this, nameof(Authenticate), null);
try
{
lock (_sessions)
{
NetworkCredential cachedCredential;
if (!_sessions.TryGetValue(sessionCookie, out cachedCredential))
{
if (credential == null || ReferenceEquals(credential, CredentialCache.DefaultNetworkCredentials))
{
return null;
}
_sessions[sessionCookie] = credential;
string userName = credential.UserName;
string domain = credential.Domain;
if (domain != null && domain.Length > 0)
{
userName = domain + "\\" + userName;
}
return new Authorization(Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(userName)), false);
}
else
{
_sessions.Remove(sessionCookie);
return new Authorization(Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(cachedCredential.Password)), true);
}
}
}
finally
{
if (NetEventSource.Log.IsEnabled()) NetEventSource.Exit(NetEventSource.ComponentType.Web, this, "Authenticate", null);
}
}
public Authorization Authenticate(string challenge, NetworkCredential credential, object sessionCookie, string spn, ChannelBinding channelBindingToken)
{
lock (this.sessions)
{
NTAuthentication authentication = this.sessions[sessionCookie] as NTAuthentication;
if (authentication == null)
{
if (credential == null)
{
return null;
}
this.sessions[sessionCookie] = authentication = new NTAuthentication(false, "WDigest", credential, spn, ContextFlags.Connection, channelBindingToken);
}
string outgoingBlob = authentication.GetOutgoingBlob(challenge);
if (!authentication.IsCompleted)
{
return new Authorization(outgoingBlob, false);
}
this.sessions.Remove(sessionCookie);
return new Authorization(outgoingBlob, true);
}
}
public Authorization Authenticate(string challenge, NetworkCredential credential, object sessionCookie, string spn, ChannelBinding channelBindingToken)
{
if(Logging.On)Logging.Enter(Logging.Web, this, "Authenticate", null);
try {
lock (this.sessions)
{
NetworkCredential cachedCredential = sessions[sessionCookie] as NetworkCredential;
if (cachedCredential == null)
{
if (credential == null || credential is SystemNetworkCredential)
{
return null;
}
sessions[sessionCookie] = credential;
string userName = credential.UserName;
string domain = credential.Domain;
if (domain!=null && domain.Length > 0) {
userName = domain + "\\" + userName;
}
//
return new Authorization(Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(userName)), false);
}
else
{
this.sessions.Remove(sessionCookie);
//
return new Authorization(Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(cachedCredential.Password)), true);
}
}
} finally {
if(Logging.On)Logging.Exit(Logging.Web, this, "Authenticate", null);
}
}
private IAsyncResult BeginAuthenticateAsClient(
NetworkCredential credential,
ChannelBinding binding,
string targetName,
ProtectionLevel requiredProtectionLevel,
TokenImpersonationLevel allowedImpersonationLevel,
AsyncCallback asyncCallback,
object asyncState)
{
#if DEBUG
using (GlobalLog.SetThreadKind(ThreadKinds.User | ThreadKinds.Async))
{
#endif
_negoState.ValidateCreateContext(_package, false, credential, targetName, binding, requiredProtectionLevel, allowedImpersonationLevel);
LazyAsyncResult result = new LazyAsyncResult(_negoState, asyncState, asyncCallback);
_negoState.ProcessAuthentication(result);
return result;
#if DEBUG
}
#endif
}
private void Initialize(bool isServer, string package, NetworkCredential credential, string spn, ContextFlags requestedContextFlags, System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding)
{
this.m_TokenSize = SSPIWrapper.GetVerifyPackageInfo(GlobalSSPI.SSPIAuth, package, true).MaxToken;
this.m_IsServer = isServer;
this.m_Spn = spn;
this.m_SecurityContext = null;
this.m_RequestedContextFlags = requestedContextFlags;
this.m_Package = package;
this.m_ChannelBinding = channelBinding;
if (credential is SystemNetworkCredential)
{
this.m_CredentialsHandle = SSPIWrapper.AcquireDefaultCredential(GlobalSSPI.SSPIAuth, package, this.m_IsServer ? CredentialUse.Inbound : CredentialUse.Outbound);
this.m_UniqueUserId = "/S";
}
else
{
string userName = credential.InternalGetUserName();
string domain = credential.InternalGetDomain();
AuthIdentity authdata = new AuthIdentity(userName, credential.InternalGetPassword(), ((package == "WDigest") && ((domain == null) || (domain.Length == 0))) ? null : domain);
this.m_UniqueUserId = domain + "/" + userName + "/U";
this.m_CredentialsHandle = SSPIWrapper.AcquireCredentialsHandle(GlobalSSPI.SSPIAuth, package, this.m_IsServer ? CredentialUse.Inbound : CredentialUse.Outbound, ref authdata);
}
}
public virtual Task AuthenticateAsClientAsync(
NetworkCredential credential, ChannelBinding binding,
string targetName, ProtectionLevel requiredProtectionLevel,
TokenImpersonationLevel allowedImpersonationLevel)
{
return Task.Factory.FromAsync((callback, state) => BeginAuthenticateAsClient(credential, binding, targetName, requiredProtectionLevel, allowedImpersonationLevel, callback, state), EndAuthenticateAsClient, null);
}
public virtual Task AuthenticateAsClientAsync(NetworkCredential credential, ChannelBinding binding, string targetName)
{
return Task.Factory.FromAsync(BeginAuthenticateAsClient, EndAuthenticateAsClient, credential, binding, targetName, null);
}
internal AuthenticateCallbackContext(SmtpConnection thisPtr, ISmtpAuthenticationModule module, NetworkCredential credential, string spn, ChannelBinding Token)
{
_thisPtr = thisPtr;
_module = module;
_credential = credential;
_spn = spn;
_token = Token;
_result = null;
}
public SecurityBuffer(ChannelBinding binding)
{
this.size = (binding == null) ? 0 : binding.Size;
this.type = BufferType.ChannelBindings;
this.unmanagedToken = binding;
}
public ChannelBindingNameTraceRecord(ExtendedProtectionPolicyHelper policyHelper, bool isServer, ChannelBinding channelBinding)
: base("SpNegoChannelBindingInformation")
{
this.policyHelper = policyHelper;
this.isServer = isServer;
this.channelBindingUsed = false;
this.channelBinding = channelBinding;
}
public IConnection CompletePreamble(TimeSpan timeout)
{
int num;
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
if (!this.transportSettings.MessageEncoderFactory.Encoder.IsContentTypeSupported(this.decoder.ContentType))
{
this.SendFault("http://schemas.microsoft.com/ws/2006/05/framing/faults/ContentTypeInvalid", ref timeoutHelper);
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ProtocolException(System.ServiceModel.SR.GetString("ContentTypeMismatch", new object[] { this.decoder.ContentType, this.transportSettings.MessageEncoderFactory.Encoder.ContentType })));
}
StreamUpgradeAcceptor upgradeAcceptor = null;
StreamUpgradeProvider upgrade = this.transportSettings.Upgrade;
IStreamUpgradeChannelBindingProvider property = null;
if (upgrade != null)
{
property = upgrade.GetProperty <IStreamUpgradeChannelBindingProvider>();
upgradeAcceptor = upgrade.CreateUpgradeAcceptor();
}
IConnection connection = base.Connection;
Label_00B1:
if (this.size == 0)
{
this.offset = 0;
this.size = connection.Read(this.connectionBuffer, 0, this.connectionBuffer.Length, timeoutHelper.RemainingTime());
if (this.size == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(this.decoder.CreatePrematureEOFException());
}
}
Label_0101:
num = this.decoder.Decode(this.connectionBuffer, this.offset, this.size);
if (num > 0)
{
this.offset += num;
this.size -= num;
}
switch (this.decoder.CurrentState)
{
case ServerSingletonDecoder.State.UpgradeRequest:
{
if (upgradeAcceptor == null)
{
this.SendFault("http://schemas.microsoft.com/ws/2006/05/framing/faults/UpgradeInvalid", ref timeoutHelper);
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ProtocolException(System.ServiceModel.SR.GetString("UpgradeRequestToNonupgradableService", new object[] { this.decoder.Upgrade })));
}
if (!upgradeAcceptor.CanUpgrade(this.decoder.Upgrade))
{
this.SendFault("http://schemas.microsoft.com/ws/2006/05/framing/faults/UpgradeInvalid", ref timeoutHelper);
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ProtocolException(System.ServiceModel.SR.GetString("UpgradeProtocolNotSupported", new object[] { this.decoder.Upgrade })));
}
connection.Write(ServerSingletonEncoder.UpgradeResponseBytes, 0, ServerSingletonEncoder.UpgradeResponseBytes.Length, true, timeoutHelper.RemainingTime());
IConnection innerConnection = connection;
if (this.size > 0)
{
innerConnection = new PreReadConnection(innerConnection, this.connectionBuffer, this.offset, this.size);
}
try
{
connection = InitialServerConnectionReader.UpgradeConnection(innerConnection, upgradeAcceptor, this.transportSettings);
this.connectionBuffer = connection.AsyncReadBuffer;
if ((property != null) && property.IsChannelBindingSupportEnabled)
{
this.channelBindingToken = property.GetChannelBinding(upgradeAcceptor, ChannelBindingKind.Endpoint);
}
goto Label_02C0;
}
catch (Exception exception)
{
if (Fx.IsFatal(exception))
{
throw;
}
this.WriteAuditFailure(upgradeAcceptor as StreamSecurityUpgradeAcceptor, exception);
throw;
}
break;
}
case ServerSingletonDecoder.State.Start:
break;
default:
goto Label_02C0;
}
this.SetupSecurityIfNecessary(upgradeAcceptor);
connection.Write(ServerSessionEncoder.AckResponseBytes, 0, ServerSessionEncoder.AckResponseBytes.Length, true, timeoutHelper.RemainingTime());
return(connection);
Label_02C0:
if (this.size != 0)
{
goto Label_0101;
}
goto Label_00B1;
}
internal NTAuthentication(bool isServer, string package, NetworkCredential credential, string spn, ContextFlags requestedContextFlags, System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding)
{
this.Initialize(isServer, package, credential, spn, requestedContextFlags, channelBinding);
}
internal NTAuthentication(bool isServer, string package, string spn, ContextFlags requestedContextFlags, System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding)
{
try
{
using (WindowsIdentity.Impersonate(IntPtr.Zero))
{
this.Initialize(isServer, package, SystemNetworkCredential.defaultCredential, spn, requestedContextFlags, channelBinding);
}
}
catch
{
throw;
}
}
protected void SetChannelBinding(System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding)
{
this.channelBindingToken = channelBinding;
}
private IAsyncResult BeginAuthenticateAsClient(NetworkCredential credential, ChannelBinding binding, string targetName, AsyncCallback asyncCallback, object asyncState)
{
return BeginAuthenticateAsClient(credential, binding, targetName,
ProtectionLevel.EncryptAndSign, TokenImpersonationLevel.Identification,
asyncCallback, asyncState);
}
public ExtendedProtectionPolicy(System.Security.Authentication.ExtendedProtection.PolicyEnforcement policyEnforcement, ChannelBinding customChannelBinding)
{
if (policyEnforcement == System.Security.Authentication.ExtendedProtection.PolicyEnforcement.Never)
{
throw new ArgumentException(SR.GetString("security_ExtendedProtectionPolicy_UseDifferentConstructorForNever"), "policyEnforcement");
}
if (customChannelBinding == null)
{
throw new ArgumentNullException("customChannelBinding");
}
this.policyEnforcement = policyEnforcement;
this.protectionScenario = System.Security.Authentication.ExtendedProtection.ProtectionScenario.TransportSelected;
this.customChannelBinding = customChannelBinding;
}
internal NTAuthentication(string package, NetworkCredential networkCredential, string spn, WebRequest request, System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding) : this(false, package, networkCredential, spn, GetHttpContextFlags(request), request.GetWritingContext(), channelBinding)
{
if ((package == "NTLM") || (package == "Negotiate"))
{
this.m_UniqueUserId = Interlocked.Increment(ref s_UniqueGroupId).ToString(NumberFormatInfo.InvariantInfo) + this.m_UniqueUserId;
}
}
public byte[] GetOutgoingBlob(byte[] incomingBlob, ChannelBinding channelbinding, ExtendedProtectionPolicy protectionPolicy)
{
ThrowIfDisposed();
SecurityBuffer incomingSecurity = null;
if (incomingBlob != null)
{
incomingSecurity = new SecurityBuffer(incomingBlob, BufferType.Token);
}
SecurityBuffer outgoingSecurity = new SecurityBuffer(null, BufferType.Token);
this.remoteCertificate = null;
int statusCode = 0;
if (this.isServer == true)
{
statusCode = SspiWrapper.AcceptSecurityContext(
this.credentialsHandle,
ref this.securityContext,
ServerStandardFlags | (this.clientCertRequired ? SspiContextFlags.MutualAuth : SspiContextFlags.Zero),
Endianness.Native,
incomingSecurity,
outgoingSecurity,
ref this.attributes
);
}
else
{
statusCode = SspiWrapper.InitializeSecurityContext(
this.credentialsHandle,
ref this.securityContext,
this.destination,
ClientStandardFlags,
Endianness.Native,
incomingSecurity,
outgoingSecurity,
ref this.attributes
);
}
if ((statusCode & unchecked((int)0x80000000)) != 0)
{
this.Dispose();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(statusCode));
}
if (statusCode == (int)SecurityStatus.OK)
{
// we're done
// ensure that the key negotiated is strong enough
if (SecurityUtils.ShouldValidateSslCipherStrength())
{
SslConnectionInfo connectionInfo = (SslConnectionInfo)SspiWrapper.QueryContextAttributes(this.securityContext, ContextAttribute.ConnectionInfo);
if (connectionInfo == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.CannotObtainSslConnectionInfo)));
}
SecurityUtils.ValidateSslCipherStrength(connectionInfo.DataKeySize);
}
this.isCompleted = true;
}
else if (statusCode == (int)SecurityStatus.CredentialsNeeded)
{
// the server requires the client to supply creds
// Currently we dont attempt to find the client cert to choose at runtime
// so just re-call the function
AcquireClientCredentials();
if (this.ClientCertificate != null)
{
this.wasClientCertificateSent = true;
}
return this.GetOutgoingBlob(incomingBlob, channelbinding, protectionPolicy);
}
else if (statusCode != (int)SecurityStatus.ContinueNeeded)
{
this.Dispose();
if (statusCode == (int)SecurityStatus.InternalError)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(statusCode, SR.GetString(SR.LsaAuthorityNotContacted)));
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(statusCode));
}
}
return outgoingSecurity.token;
}
internal NTAuthentication(bool isServer, string package, NetworkCredential credential, string spn, ContextFlags requestedContextFlags, ContextAwareResult context, System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding)
{
if ((credential is SystemNetworkCredential) && ComNetOS.IsWinNt)
{
WindowsIdentity identity = (context == null) ? null : context.Identity;
try
{
IDisposable disposable = (identity == null) ? null : identity.Impersonate();
if (disposable != null)
{
using (disposable)
{
this.Initialize(isServer, package, credential, spn, requestedContextFlags, channelBinding);
return;
}
}
ExecutionContext executionContext = (context == null) ? null : context.ContextCopy;
if (executionContext == null)
{
this.Initialize(isServer, package, credential, spn, requestedContextFlags, channelBinding);
}
else
{
ExecutionContext.Run(executionContext, s_InitializeCallback, new InitializeCallbackContext(this, isServer, package, credential, spn, requestedContextFlags, channelBinding));
}
return;
}
catch
{
throw;
}
}
this.Initialize(isServer, package, credential, spn, requestedContextFlags, channelBinding);
}
private IConnection SendPreamble(IConnection connection, ref TimeoutHelper timeoutHelper, ClientFramingDecoder decoder, out SecurityMessageProperty remoteSecurity)
{
connection.Write(this.Preamble, 0, this.Preamble.Length, true, timeoutHelper.RemainingTime());
if (this.upgrade != null)
{
IStreamUpgradeChannelBindingProvider property = this.upgrade.GetProperty<IStreamUpgradeChannelBindingProvider>();
StreamUpgradeInitiator upgradeInitiator = this.upgrade.CreateUpgradeInitiator(base.RemoteAddress, base.Via);
if (!ConnectionUpgradeHelper.InitiateUpgrade(upgradeInitiator, ref connection, decoder, this, ref timeoutHelper))
{
ConnectionUpgradeHelper.DecodeFramingFault(decoder, connection, base.Via, this.messageEncoder.ContentType, ref timeoutHelper);
}
if ((property != null) && property.IsChannelBindingSupportEnabled)
{
this.channelBindingToken = property.GetChannelBinding(upgradeInitiator, ChannelBindingKind.Endpoint);
}
remoteSecurity = StreamSecurityUpgradeInitiator.GetRemoteSecurity(upgradeInitiator);
connection.Write(ClientSingletonEncoder.PreambleEndBytes, 0, ClientSingletonEncoder.PreambleEndBytes.Length, true, timeoutHelper.RemainingTime());
}
else
{
remoteSecurity = null;
}
byte[] buffer = new byte[1];
int count = connection.Read(buffer, 0, buffer.Length, timeoutHelper.RemainingTime());
if (!ConnectionUpgradeHelper.ValidatePreambleResponse(buffer, count, decoder, base.Via))
{
ConnectionUpgradeHelper.DecodeFramingFault(decoder, connection, base.Via, this.messageEncoder.ContentType, ref timeoutHelper);
}
return connection;
}
public ExtendedProtectionPolicy(PolicyEnforcement policyEnforcement, ChannelBinding customChannelBinding)
{
throw new NotImplementedException();
}
public ExtendedProtectionPolicy(PolicyEnforcement policyEnforcement, ChannelBinding customChannelBinding)
{
}
internal static HttpInput CreateHttpInput(HttpWebResponse httpWebResponse, IHttpTransportFactorySettings settings, System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding)
{
return(new WebResponseHttpInput(httpWebResponse, settings, channelBinding));
}