protected override SspiNegotiationTokenProviderState CreateNegotiationState(EndpointAddress target, Uri via, TimeSpan timeout) { EnsureEndpointAddressDoesNotRequireEncryption(target); EndpointIdentity identity = null; if (this.identityVerifier == null) { identity = target.Identity; } else { this.identityVerifier.TryGetIdentity(target, out identity); } string spn; if (this.AuthenticateServer || !this.AllowNtlm) { spn = SecurityUtils.GetSpnFromIdentity(identity, target); } else { // if an SPN or UPN identity is configured (for example, in mixed mode SSPI), then // use that identity for Negotiate Claim identityClaim = identity.IdentityClaim; if (identityClaim != null && (identityClaim.ClaimType == ClaimTypes.Spn || identityClaim.ClaimType == ClaimTypes.Upn)) { spn = identityClaim.Resource.ToString(); } else { spn = "host/" + target.Uri.DnsSafeHost; } } string packageName; if (!this.allowNtlm && !SecurityUtils.IsOsGreaterThanXP()) { packageName = "Kerberos"; } else { packageName = "Negotiate"; } WindowsSspiNegotiation sspiNegotiation = new WindowsSspiNegotiation(packageName, this.credentialsHandle, this.AllowedImpersonationLevel, spn, true, this.InteractiveNegoExLogonEnabled, this.allowNtlm); return(new SspiNegotiationTokenProviderState(sspiNegotiation)); }
public override void OnOpening() { bool osIsGreaterThanXP = SecurityUtils.IsOsGreaterThanXP(); base.OnOpening(); if (this.credentialsHandle == null) { string packageName; if (!this.allowNtlm && !osIsGreaterThanXP) { packageName = "Kerberos"; } else { packageName = "Negotiate"; } NetworkCredential credential = null; if (this.clientCredential != null) { credential = this.clientCredential.GetCredential(this.TargetAddress.Uri, packageName); } // if OS is less than 2k3 !NTLM is not supported, Windows SE 142400 if (!this.allowNtlm && osIsGreaterThanXP) { this.credentialsHandle = SecurityUtils.GetCredentialsHandle(packageName, credential, false, "!NTLM"); } else { this.credentialsHandle = SecurityUtils.GetCredentialsHandle(packageName, credential, false); } this.ownCredentialsHandle = true; } }