/// <summary>
/// A continuation Windows Security Context.
/// </summary>
/// <param name="init">
/// Initial context that contains a handle to the credentials returned by
/// AcquireCredentialsHandle. This handle is used to build the security context.
/// </param>
/// <param name="continueToken">
/// Token returned by the remote computer.
/// </param>
/// <param name="fContextReq">
/// Bit flags that indicate requests for the context. Not all packages can support all requirements.
/// Flags used for this parameter are prefixed with ISC_REQ_, for example, ISC_REQ_DELEGATE.
/// </param>
/// <param name="targetDataRep">
/// </param>
public WindowsSecurityContext(WindowsSecurityContext init, byte[] continueToken, int fContextReq, int targetDataRep)
{
_securityPackage = init._securityPackage;
Secur32.SecBufferDesc continueTokenBuffer = new Secur32.SecBufferDesc(continueToken);
_token = new Secur32.SecBufferDesc(Secur32.MAX_TOKEN_SIZE);
int rc = Secur32.InitializeSecurityContext(
ref init._credentials,
ref init._context,
init._username,
fContextReq,
0,
targetDataRep,
ref continueTokenBuffer,
0,
ref _context,
ref _token,
out _contextAttributes,
out _contextLifetime);
switch (rc)
{
case Secur32.SEC_E_OK:
break;
case Secur32.SEC_I_CONTINUE_NEEDED:
_continue = true;
break;
default:
throw new Win32Exception(rc);
}
}
/// <summary>
/// Acquire an existing Windows security context.
/// </summary>
/// <param name="username">Target username for this security context.</param>
/// <param name="credentials">Credentials handle.</param>
/// <param name="securityPackage">Security package.</param>
/// <param name="fContextReq">Bit flags that indicate requests for the context.</param>
/// <param name="targetDataRep">Target data representation.</param>
public WindowsSecurityContext(string username, WindowsCredentialsHandle credentials, string securityPackage,
int fContextReq, int targetDataRep)
{
_username = username;
_credentials = credentials.Handle;
_securityPackage = securityPackage;
_token = new Secur32.SecBufferDesc(Secur32.MAX_TOKEN_SIZE);
int rc = Secur32.InitializeSecurityContext(
ref credentials.Handle,
IntPtr.Zero,
username, // service principal name
fContextReq,
0,
targetDataRep,
IntPtr.Zero,
0,
ref _context,
ref _token,
out _contextAttributes,
out _contextLifetime);
switch (rc)
{
case Secur32.SEC_E_OK:
break;
case Secur32.SEC_I_CONTINUE_NEEDED:
_continue = true;
break;
default:
throw new Win32Exception(rc);
}
}
private void Initialize(Secur32.SecHandle credentials, string targetName, int fContextReq, int targetDataRep, Secur32.SecHandle context, Secur32.SecBufferDesc continueTokenBuffer)
{
var tokenSize = Secur32.MAX_TOKEN_SIZE;
var rc = 0;
var hasContextAndContinue = context != Secur32.SecHandle.Zero && continueTokenBuffer != Secur32.SecBufferDesc.Zero;
do
{
_token.Dispose();
_token = new Secur32.SecBufferDesc(tokenSize);
if (hasContextAndContinue)
{
rc = Secur32.InitializeSecurityContext(
ref credentials,
ref context,
targetName,
fContextReq,
0,
targetDataRep,
ref continueTokenBuffer,
0,
ref _context,
ref _token,
out _contextAttributes,
out _contextLifetime);
}
else
{
rc = Secur32.InitializeSecurityContext(
ref credentials,
IntPtr.Zero,
targetName,
fContextReq,
0,
targetDataRep,
IntPtr.Zero,
0,
ref _context,
ref _token,
out _contextAttributes,
out _contextLifetime);
}
switch (rc)
{
case Secur32.SEC_E_INSUFFICIENT_MEMORY:
tokenSize += Secur32.MAX_TOKEN_SIZE;
break;
case Secur32.SEC_E_OK:
break;
case Secur32.SEC_I_CONTINUE_NEEDED:
_continue = true;
break;
default:
throw new Win32Exception(rc);
}
} while (rc == Secur32.SEC_E_INSUFFICIENT_MEMORY);
}