private bool Test(ICredentials credentials, HttpUrl url, string expectedUserName, string expectedPassword)
{
Uri uri = new Uri(String.Format("{0}://{1}/", url.Scheme, url.Host));
return((credentials.GetCredential(uri, AuthenticationScheme).UserName == expectedUserName) &&
(credentials.GetCredential(uri, AuthenticationScheme).Password == expectedPassword));
}
public Authorization Authenticate(string challenge, WebRequest request, ICredentials credentials)
{
int index = challenge.ToLower ().IndexOf (auth_type.ToLower ());
if (index == -1)
{
index = challenge.ToLower ().IndexOf (hackish_auth_type.ToLower ());
if (index == -1)
return null;
}
if (GoogleClient.auth_token != null)
{
return new Authorization(auth_type + " auth=" + GoogleClient.auth_token);
}
string username = credentials.GetCredential (request.RequestUri, auth_type).UserName;
string password = credentials.GetCredential (request.RequestUri, auth_type).Password;
byte[] login_data = Encoding.ASCII.GetBytes (String.Format (
"Email={0}&Passwd={1}&source=Tomboy-Blogposter-0.4.4&service=blogger",
HttpUtility.UrlEncode (username), HttpUtility.UrlEncode (password)));
HttpWebRequest login_request = (HttpWebRequest) WebRequest.Create("https://www.google.com/accounts/ClientLogin");
ServicePointManager.Expect100Continue = false;
login_request.Method = "POST";
login_request.ContentType = "application/x-www-form-urlencoded";
login_request.ContentLength = login_data.Length;
Stream login_request_stream = login_request.GetRequestStream ();
login_request_stream.Write (login_data, 0, login_data.Length);
try
{
HttpWebResponse login_response = (HttpWebResponse) login_request.GetResponse ();
Stream login_response_stream = login_response.GetResponseStream ();
StreamReader login_response_stream_reader = new StreamReader (login_response_stream);
string lines = login_response_stream_reader.ReadToEnd ();
login_response.Close ();
login_response_stream.Close ();
login_response_stream_reader.Close ();
foreach (string line in lines.Split ('\n'))
{
if (line.StartsWith ("Auth="))
{
GoogleClient.auth_token = line.Substring (5);
break;
}
}
}
catch (WebException exception)
{
Logger.Log(((HttpWebResponse) exception.Response).StatusCode.ToString());
GoogleClient.auth_token = null;
exception.Response.Close ();
}
login_request_stream.Close ();
if (GoogleClient.auth_token != null)
return new Authorization(auth_type + " auth=" + GoogleClient.auth_token);
else
return null;
}
private static Authorization Lookup(HttpWebRequest httpWebRequest, ICredentials credentials)
{
GlobalLog.Print("BasicClient::Lookup(): ChallengedUri:" + httpWebRequest.ChallengedUri.ToString());
NetworkCredential NC = credentials.GetCredential(httpWebRequest.ChallengedUri, Signature);
GlobalLog.Print("BasicClient::Lookup() GetCredential() returns:" + ValidationHelper.ToString(NC));
if (NC == null)
{
return(null);
}
string username = NC.UserName;
string domain = NC.Domain;
if (ValidationHelper.IsBlankString(username))
{
return(null);
}
string rawString = ((!ValidationHelper.IsBlankString(domain)) ? (domain + "\\") : "") + username + ":" + NC.Password;
// The response is an "Authorization:" header where the value is
// the text "Basic" followed by BASE64 encoded (as defined by RFC1341) value
byte[] bytes = EncodingRightGetBytes(rawString);
string responseHeader = BasicClient.AuthType + " " + Convert.ToBase64String(bytes);
return(new Authorization(responseHeader));
}
static string GetBasicAuthenticationHeader(Uri requestUri, ICredentials credentials)
{
var foundCredential = credentials.GetCredential(requestUri, "basic");
if (foundCredential == null)
{
return(null);
}
string userName = foundCredential.UserName;
if (string.IsNullOrEmpty(userName))
{
return(null);
}
string password = foundCredential.Password;
string domain = foundCredential.Domain;
byte [] bytes;
// If domain is set, MS sends "domain\user:password".
if (string.IsNullOrEmpty(domain) || domain.Trim() == "")
{
bytes = GetBytes(userName + ":" + password);
}
else
{
bytes = GetBytes(domain + "\\" + userName + ":" + password);
}
return(Convert.ToBase64String(bytes));
}
private static void PrepareSharingNtlm(WebConnection cnc, HttpWebRequest request)
{
if (!cnc.NtlmAuthenticated)
{
return;
}
bool needs_reset = false;
NetworkCredential cnc_cred = cnc.NtlmCredential;
bool isProxy = (request.Proxy != null && !request.Proxy.IsBypassed(request.RequestUri));
ICredentials req_icreds = (!isProxy) ? request.Credentials : request.Proxy.Credentials;
NetworkCredential req_cred = (req_icreds != null) ? req_icreds.GetCredential(request.RequestUri, "NTLM") : null;
if (cnc_cred == null || req_cred == null || cnc_cred.Domain != req_cred.Domain || cnc_cred.UserName != req_cred.UserName ||
cnc_cred.Password != req_cred.Password)
{
needs_reset = true;
}
if (!needs_reset)
{
bool req_sharing = request.UnsafeAuthenticatedConnectionSharing;
bool cnc_sharing = cnc.UnsafeAuthenticatedConnectionSharing;
needs_reset = (req_sharing == false || req_sharing != cnc_sharing);
}
if (needs_reset)
{
cnc.Close(false); // closes the authenticated connection
cnc.ResetNtlm();
}
}
public Authorization Authenticate(WebRequest webRequest, ICredentials credentials)
{
if (parser == null)
{
throw new InvalidOperationException();
}
HttpWebRequest httpWebRequest = webRequest as HttpWebRequest;
if (httpWebRequest == null)
{
return(null);
}
lastUse = DateTime.Now;
NetworkCredential credential = credentials.GetCredential(httpWebRequest.RequestUri, "digest");
if (credential == null)
{
return(null);
}
string userName = credential.UserName;
if (userName == null || userName == string.Empty)
{
return(null);
}
string password = credential.Password;
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.AppendFormat("Digest username=\"{0}\", ", userName);
stringBuilder.AppendFormat("realm=\"{0}\", ", Realm);
stringBuilder.AppendFormat("nonce=\"{0}\", ", Nonce);
stringBuilder.AppendFormat("uri=\"{0}\", ", httpWebRequest.Address.PathAndQuery);
if (Algorithm != null)
{
stringBuilder.AppendFormat("algorithm=\"{0}\", ", Algorithm);
}
stringBuilder.AppendFormat("response=\"{0}\", ", Response(userName, password, httpWebRequest));
if (QOP != null)
{
stringBuilder.AppendFormat("qop=\"{0}\", ", QOP);
}
lock (this)
{
if (QOP != null)
{
stringBuilder.AppendFormat("nc={0:X8}, ", _nc);
_nc++;
}
}
if (CNonce != null)
{
stringBuilder.AppendFormat("cnonce=\"{0}\", ", CNonce);
}
if (Opaque != null)
{
stringBuilder.AppendFormat("opaque=\"{0}\", ", Opaque);
}
stringBuilder.Length -= 2;
return(new Authorization(stringBuilder.ToString()));
}
private static bool TryGetValidAuthenticationChallengeForScheme(string scheme, AuthenticationType authenticationType, Uri uri, ICredentials credentials,
HttpHeaderValueCollection <AuthenticationHeaderValue> authenticationHeaderValues, out AuthenticationChallenge challenge)
{
challenge = default;
if (!TryGetChallengeDataForScheme(scheme, authenticationHeaderValues, out string?challengeData))
{
return(false);
}
NetworkCredential?credential = credentials.GetCredential(uri, scheme);
if (credential == null)
{
// We have no credential for this auth type, so we can't respond to the challenge.
// We'll continue to look for a different auth type that we do have a credential for.
if (NetEventSource.IsEnabled)
{
NetEventSource.AuthenticationInfo(uri, $"Authentication scheme '{scheme}' supported by server, but not by client.");
}
return(false);
}
challenge = new AuthenticationChallenge(authenticationType, scheme, credential, challengeData);
if (NetEventSource.IsEnabled)
{
NetEventSource.AuthenticationInfo(uri, $"Authentication scheme '{scheme}' selected. Client username={challenge.Credential.UserName}");
}
return(true);
}
/// <summary>
/// Given a URI and credentials which failed to authenticate, returns
/// the username which failed to authenticate, in DOMAIN\user form.
/// </summary>
/// <param name="uri">Uri to which the credentials failed to authenticate</param>
/// <param name="failedCredentials">Credentials which failed to authenticate</param>
/// <returns>DOMAIN\user which failed to authenticate, or String.Empty</returns>
public static String FailedUserName(Uri uri, ICredentials failedCredentials)
{
String userName = String.Empty;
if (failedCredentials != null)
{
NetworkCredential cred = failedCredentials.GetCredential(uri, null);
if (cred != null)
{
if (cred.Domain.Length > 0 && cred.UserName.Length > 0)
{
userName = String.Concat(cred.Domain, "\\", cred.UserName);
}
else
{
userName = cred.UserName;
}
// Don't return a username that exceeds CREDUI_MAX_USERNAME_LENGTH.
if (userName.Length > NativeMethods.CREDUI_MAX_USERNAME_LENGTH)
{
userName = userName.Substring(0, NativeMethods.CREDUI_MAX_USERNAME_LENGTH);
}
}
}
return(userName);
}
private AmazonS3Client GetClient(ICredentials credentials, RegionEndpoint region)
{
var basicCredential = credentials.GetCredential(this.Uri, "basic");
var client = new AmazonS3Client(new BasicAWSCredentials(basicCredential.UserName, basicCredential.Password), region);
return(client);
}
private ICredentials HttpUnauthorizedHandler(Uri requestUri, string authenticationType, Dictionary <string, string> authenticationAttributes, NetworkCredential usedCredentials)
{
lock (authenticationRequestSynchronizer)
{
ICredentials credentials = this.RequestCredentials;
if (credentials == null || usedCredentials == credentials.GetCredential(requestUri, authenticationType))
{
using (ManualResetEvent handler = new ManualResetEvent(false))
{
requestUri = new Uri(requestUri.AbsoluteUri);
this.Dispatcher.BeginInvoke(new Action <Uri, string, Dictionary <string, string>, ManualResetEvent>((uri, type, attributes, resetEvent) =>
{
this.OnHttpAuthenticationRequired(uri, type, attributes);
resetEvent.Set();
}),
requestUri,
authenticationType,
authenticationAttributes,
handler);
handler.WaitOne();
}
}
return(this.RequestCredentials);
}
}
public override Stream CreateUploadStream(IStorageProviderSession session, ICloudFileSystemEntry fileSystemEntry, long uploadSize)
{
// build the url
string url = GetResourceUrl(session, fileSystemEntry, null);
// get the session creds
ICredentials creds = session.SessionToken as ICredentials;
// Build the service
DavService svc = new DavService();
// get the service config
WebDavConfiguration conf = (WebDavConfiguration)session.ServiceConfiguration;
// build the webrequest
WebRequest networkRequest = svc.CreateWebRequestPUT(url, creds.GetCredential(null, null), conf.UploadDataStreambuffered);
// get the request stream
WebRequestStream requestStream = svc.GetRequestStream(networkRequest, uploadSize);
// add disposal opp
requestStream.PushPostDisposeOperation(CommitUploadStream, svc, networkRequest, fileSystemEntry, requestStream);
// go ahead
return(requestStream);
}
public Authorization Authenticate(string challenge, WebRequest request, ICredentials credentials)
{
Authorization result = null;
if (request == null || credentials == null)
{
result = null;
}
else
{
NetworkCredential creds = credentials.GetCredential(LoginServerUrl, TheAuthenticationType);
if (creds == null)
{
return(null);
}
ICredentialPolicy policy = AuthenticationManager.CredentialPolicy;
if (policy != null && !policy.ShouldSendCredential(LoginServerUrl, request, creds, this))
{
return(null);
}
string token = Convert.ToBase64String(Encoding.UTF8.GetBytes(string.Format("{0}:{1}", creds.UserName, creds.Password)));
result = new Authorization(string.Format("Basic {0}", token));
}
return(result);
}
private HttpWebRequest CreateWebRequest(Uri uri)
{
HttpWebRequest httpWebRequest = (HttpWebRequest)WebRequest.Create(uri);
httpWebRequest.UnsafeAuthenticatedConnectionSharing = !this.proxyInfo.RequiresImpersonation;
if (!this.proxyInfo.RequiresImpersonation)
{
httpWebRequest.ServicePoint.ConnectionLimit = GlobalSettings.ProxyConnectionPoolConnectionLimit;
}
httpWebRequest.ServicePoint.SetTcpKeepAlive(true, 240000, 5000);
httpWebRequest.PreAuthenticate = true;
httpWebRequest.AllowAutoRedirect = false;
httpWebRequest.KeepAlive = !this.proxyInfo.RequiresImpersonation;
CertificateValidationManager.SetComponentId(httpWebRequest, "AirSync");
if (this.proxyInfo.CanImpersonate)
{
ICredentials defaultCredentials = CredentialCache.DefaultCredentials;
httpWebRequest.Credentials = defaultCredentials.GetCredential(this.proxyInfo.RemoteUri, "Kerberos");
if (httpWebRequest.Credentials == null)
{
this.protocolLogger.SetValue(ProtocolLoggerData.Error, "NoKerberosCredentials");
throw new AirSyncPermanentException(HttpStatusCode.InternalServerError, StatusCode.ServerError, null, false);
}
}
return(httpWebRequest);
}
public async static Task <bool> TrySetDigestAuthToken(HttpRequestMessage request, ICredentials credentials, DigestResponse digestResponse, string authHeader)
{
NetworkCredential credential = credentials.GetCredential(request.RequestUri, Digest);
if (credential == null)
{
return(false);
}
string parameter = await GetDigestTokenForCredential(credential, request, digestResponse).ConfigureAwait(false);
// Any errors in obtaining parameter return false
if (string.IsNullOrEmpty(parameter))
{
return(false);
}
if (authHeader == HttpKnownHeaderNames.Authorization)
{
request.Headers.Authorization = new AuthenticationHeaderValue(Digest, parameter);
}
else if (authHeader == HttpKnownHeaderNames.ProxyAuthorization)
{
request.Headers.ProxyAuthorization = new AuthenticationHeaderValue(Digest, parameter);
}
return(true);
}
private static uint ChooseAuthScheme(uint supportedSchemes, Uri uri, ICredentials credentials)
{
if (credentials == null)
{
return(0);
}
if (uri == null && !(credentials is NetworkCredential))
{
// https://github.com/dotnet/runtime/issues/16737.
// If the credentials are a NetworkCredential, the uri isn't used when calling .GetCredential() since
// it will work against all uri's. Otherwise, credentials is probably a CredentialCache and passing in
// null for a uri is invalid.
return(0);
}
foreach (uint authScheme in s_authSchemePriorityOrder)
{
if ((supportedSchemes & authScheme) != 0 && credentials.GetCredential(uri, s_authSchemeStringMapping[authScheme]) != null)
{
return(authScheme);
}
}
return(0);
}
internal bool CanReuseConnection(WebOperation operation)
{
lock (this) {
if (Closed || currentOperation != null)
{
return(false);
}
if (!NtlmAuthenticated)
{
return(true);
}
NetworkCredential cnc_cred = NtlmCredential;
var request = operation.Request;
bool isProxy = (request.Proxy != null && !request.Proxy.IsBypassed(request.RequestUri));
ICredentials req_icreds = (!isProxy) ? request.Credentials : request.Proxy.Credentials;
NetworkCredential req_cred = (req_icreds != null) ? req_icreds.GetCredential(request.RequestUri, "NTLM") : null;
if (cnc_cred == null || req_cred == null ||
cnc_cred.Domain != req_cred.Domain || cnc_cred.UserName != req_cred.UserName ||
cnc_cred.Password != req_cred.Password)
{
return(false);
}
bool req_sharing = request.UnsafeAuthenticatedConnectionSharing;
bool cnc_sharing = UnsafeAuthenticatedConnectionSharing;
return(!(req_sharing == false || req_sharing != cnc_sharing));
}
}
bool PrepareSharingNtlm(WebOperation operation)
{
if (operation == null || !NtlmAuthenticated)
{
return(true);
}
bool needs_reset = false;
NetworkCredential cnc_cred = NtlmCredential;
var request = operation.Request;
bool isProxy = (request.Proxy != null && !request.Proxy.IsBypassed(request.RequestUri));
ICredentials req_icreds = (!isProxy) ? request.Credentials : request.Proxy.Credentials;
NetworkCredential req_cred = (req_icreds != null) ? req_icreds.GetCredential(request.RequestUri, "NTLM") : null;
if (cnc_cred == null || req_cred == null ||
cnc_cred.Domain != req_cred.Domain || cnc_cred.UserName != req_cred.UserName ||
cnc_cred.Password != req_cred.Password)
{
needs_reset = true;
}
if (!needs_reset)
{
bool req_sharing = request.UnsafeAuthenticatedConnectionSharing;
bool cnc_sharing = UnsafeAuthenticatedConnectionSharing;
needs_reset = (req_sharing == false || req_sharing != cnc_sharing);
}
return(needs_reset);
}
/// <summary>
/// Modifies the request to ensure that the authentication requirements are met.
/// </summary>
/// <param name="client">Client executing this request</param>
/// <param name="request">Request to authenticate</param>
/// <param name="credentials">The credentials used for the authentication</param>
/// <returns>The task the authentication is performed on</returns>
public Task PreAuthenticate(IRestClient client, IRestRequest request, ICredentials credentials)
{
if (credentials == null)
{
throw new InvalidOperationException("The credentials must be set using the IRestClient.Credential property.");
}
var cred = credentials.GetCredential(client.BuildUri(request, false), AuthenticationMethod);
if (cred == null)
{
throw new InvalidOperationException($"No credentials provided for the {AuthenticationMethod} authentication type.");
}
request.Parameters.AddOrUpdate(new Parameter {
Type = _parameterType, Name = _usernameKey, Value = cred.UserName, ValidateOnAdd = false
});
request.Parameters.AddOrUpdate(new Parameter {
Type = _parameterType, Name = _passwordKey, Value = cred.Password, ValidateOnAdd = false
});
#if USE_TASKEX
return(TaskEx.FromResult(0));
#else
return(Task.FromResult(0));
#endif
}
public static void DownloadPackage(string packageId, NuGetVersion version, Uri feedUri, ICredentials feedCredentials, string targetFilePath)
{
ILogger logger = new NugetLogger();
var sourceRepository = Repository.Factory.GetCoreV3(feedUri.AbsoluteUri);
if (feedCredentials != null)
{
var cred = feedCredentials.GetCredential(feedUri, "basic");
sourceRepository.PackageSource.Credentials = new PackageSourceCredential("octopus", cred.UserName, cred.Password, true);
}
var providers = new SourceRepositoryDependencyProvider(sourceRepository, logger, new SourceCacheContext());
var libraryIdentity = new LibraryIdentity(packageId, version, LibraryType.Package);
var targetPath = Directory.GetParent(targetFilePath).FullName;
if (!Directory.Exists(targetPath))
{
Directory.CreateDirectory(targetPath);
}
string targetTempNupkg = Path.Combine(targetPath, Path.GetRandomFileName());
using (var nupkgStream = new FileStream(targetTempNupkg, FileMode.Create, FileAccess.ReadWrite, FileShare.ReadWrite | FileShare.Delete, 4096, true))
{
providers.CopyToAsync(libraryIdentity, nupkgStream, CancellationToken.None)
.GetAwaiter()
.GetResult();
}
File.Move(targetTempNupkg, targetFilePath);
}
public static async ValueTask EstablishSocksTunnelAsync(Stream stream, string host, int port, Uri proxyUri, ICredentials?proxyCredentials, bool async, CancellationToken cancellationToken)
{
using (cancellationToken.Register(s => ((Stream)s !).Dispose(), stream))
{
try
{
NetworkCredential?credentials = proxyCredentials?.GetCredential(proxyUri, proxyUri.Scheme);
if (string.Equals(proxyUri.Scheme, "socks5", StringComparison.OrdinalIgnoreCase))
{
await EstablishSocks5TunnelAsync(stream, host, port, proxyUri, credentials, async).ConfigureAwait(false);
}
else if (string.Equals(proxyUri.Scheme, "socks4a", StringComparison.OrdinalIgnoreCase))
{
await EstablishSocks4TunnelAsync(stream, isVersion4a : true, host, port, proxyUri, credentials, async, cancellationToken).ConfigureAwait(false);
}
else if (string.Equals(proxyUri.Scheme, "socks4", StringComparison.OrdinalIgnoreCase))
{
await EstablishSocks4TunnelAsync(stream, isVersion4a : false, host, port, proxyUri, credentials, async, cancellationToken).ConfigureAwait(false);
}
else
{
Debug.Fail("Bad socks version.");
}
}
catch
{
stream.Dispose();
throw;
}
}
}
private bool HttpUnauthorizedResponse(HttpWebResponse response)
{
this.authenticationType = string.Empty;
this.requestCredentials = null;
string authenticationHeader = response.GetResponseHeader("WWW-Authenticate");
if (!string.IsNullOrEmpty(authenticationHeader))
{
Regex authTypeRegex = new Regex(@"^([^\s]+)");
Match authTypeMatch = authTypeRegex.Match(authenticationHeader);
if (authTypeMatch.Success)
{
this.authenticationType = authTypeMatch.Groups[1].Value;
Dictionary <string, string> authenticationAttributes = new Dictionary <string, string>();
Regex authRealmRegex = new Regex(@"(\s+|\s*,\s*)(?<token>[^\s]+)\=""(?<value>[^""]+)""");
MatchCollection matches = authRealmRegex.Matches(authenticationHeader);
foreach (Match match in matches)
{
authenticationAttributes.Add(match.Groups["token"].Value, match.Groups["value"].Value);
}
ICredentials credentials = this.httpAuthenticationHandler(this.uri, this.authenticationType, authenticationAttributes, this.usedCredentials);
if (credentials != null)
{
this.requestCredentials = credentials;
NetworkCredential newCredential = credentials.GetCredential(this.uri, this.authenticationType);
return(newCredential == null || newCredential == this.usedCredentials);
}
}
}
return(true);
}
public static HttpClientHandler CreateClientHandler(string serviceUrl, ICredentials credentials, bool useCookies = false)
{
if (serviceUrl == null)
{
throw new ArgumentNullException("serviceUrl");
}
// Set up our own HttpClientHandler and configure it
HttpClientHandler clientHandler = new HttpClientHandler();
if (credentials != null)
{
// Set up credentials cache which will handle basic authentication
CredentialCache credentialCache = new CredentialCache();
// Get base address without terminating slash
string credentialAddress = new Uri(serviceUrl).GetLeftPart(UriPartial.Authority).TrimEnd(uriPathSeparator);
// Add credentials to cache and associate with handler
NetworkCredential networkCredentials = credentials.GetCredential(new Uri(credentialAddress), "Basic");
credentialCache.Add(new Uri(credentialAddress), "Basic", networkCredentials);
clientHandler.Credentials = credentialCache;
clientHandler.PreAuthenticate = true;
}
// HttpClient's default UseCookies is true (meaning always roundtripping cookie back)
// However, our api will default to false to cover multiple instance scenarios
clientHandler.UseCookies = useCookies;
// Our handler is ready
return(clientHandler);
}
private static KeyValuePair <NetworkCredential, CURLAUTH> GetCredentials(Uri requestUri, ICredentials credentials, KeyValuePair <string, CURLAUTH>[] validAuthTypes)
{
NetworkCredential nc = null;
CURLAUTH curlAuthScheme = CURLAUTH.None;
if (credentials != null)
{
// For each auth type we consider valid, try to get a credential for it.
// Union together the auth types for which we could get credentials, but validate
// that the found credentials are all the same, as libcurl doesn't support differentiating
// by auth type.
for (int i = 0; i < validAuthTypes.Length; i++)
{
NetworkCredential networkCredential = credentials.GetCredential(requestUri, validAuthTypes[i].Key);
if (networkCredential != null)
{
curlAuthScheme |= validAuthTypes[i].Value;
if (nc == null)
{
nc = networkCredential;
}
else if (!AreEqualNetworkCredentials(nc, networkCredential))
{
throw new PlatformNotSupportedException(SR.Format(SR.net_http_unix_invalid_credential, CurlVersionDescription));
}
}
}
}
EventSourceTrace("Authentication scheme: {0}", curlAuthScheme);
return(new KeyValuePair <NetworkCredential, CURLAUTH>(nc, curlAuthScheme));;
}
public static HttpClientHandler CreateClientHandler(string serviceUrl, ICredentials credentials, bool useCookies = false)
{
if (serviceUrl == null)
{
throw new ArgumentNullException("serviceUrl");
}
// Set up our own HttpClientHandler and configure it
HttpClientHandler clientHandler = new HttpClientHandler();
if (credentials != null)
{
// Set up credentials cache which will handle basic authentication
CredentialCache credentialCache = new CredentialCache();
// Get base address without terminating slash
string credentialAddress = new Uri(serviceUrl).GetLeftPart(UriPartial.Authority).TrimEnd(uriPathSeparator);
// Add credentials to cache and associate with handler
NetworkCredential networkCredentials = credentials.GetCredential(new Uri(credentialAddress), "Basic");
credentialCache.Add(new Uri(credentialAddress), "Basic", networkCredentials);
clientHandler.Credentials = credentialCache;
clientHandler.PreAuthenticate = true;
}
// HttpClient's default UseCookies is true (meaning always roundtripping cookie back)
// However, our api will default to false to cover multiple instance scenarios
clientHandler.UseCookies = useCookies;
// Our handler is ready
return clientHandler;
}
/// <summary>
/// Determines if the authentication module can handle the challenge sent with the response.
/// </summary>
/// <param name="client">The REST client the response is assigned to</param>
/// <param name="request">The REST request the response is assigned to</param>
/// <param name="credentials">The credentials to be used for the authentication</param>
/// <param name="response">The response that returned the authentication challenge</param>
/// <returns>true when the authenticator can handle the sent challenge</returns>
public virtual bool CanHandleChallenge(IHttpClient client, IHttpRequestMessage request, ICredentials credentials, IHttpResponseMessage response)
{
// No credentials defined?
if (credentials == null)
{
return(false);
}
// No challenge header found?
var authModeInfo = response.GetAuthenticationMethodValue(_authHeader, AuthenticationMethod);
if (authModeInfo == null)
{
return(false);
}
// Search for credential for request URI
var responseUri = client.GetRequestUri(request, response);
var credential = credentials.GetCredential(responseUri, AuthenticationMethod);
if (credential == null)
{
return(false);
}
// Did we already try to use the found credentials?
if (ReferenceEquals(credential, _authCredential))
{
// Yes, so we don't retry the authentication.
return(false);
}
return(true);
}
static Authorization InternalAuthenticate (WebRequest webRequest, ICredentials credentials)
{
HttpWebRequest request = webRequest as HttpWebRequest;
if (request == null || credentials == null)
return null;
NetworkCredential cred = credentials.GetCredential (request.AuthUri, "basic");
if (cred == null)
return null;
string userName = cred.UserName;
if (userName == null || userName == "")
return null;
string password = cred.Password;
string domain = cred.Domain;
byte [] bytes;
// If domain is set, MS sends "domain\user:password".
if (domain == null || domain == "" || domain.Trim () == "")
bytes = GetBytes (userName + ":" + password);
else
bytes = GetBytes (domain + "\\" + userName + ":" + password);
string auth = "Basic " + Convert.ToBase64String (bytes);
return new Authorization (auth);
}
PackagePhysicalFileMetadata DownloadChart(string packageId, IVersion version, Uri feedUri,
ICredentials feedCredentials, string cacheDirectory)
{
var cred = feedCredentials.GetCredential(feedUri, "basic");
var tempDirectory = fileSystem.CreateTemporaryDirectory();
using (new TemporaryDirectory(tempDirectory))
{
var homeDir = Path.Combine(tempDirectory, "helm");
if (!Directory.Exists(homeDir))
{
Directory.CreateDirectory(homeDir);
}
var stagingDir = Path.Combine(tempDirectory, "staging");
if (!Directory.Exists(stagingDir))
{
Directory.CreateDirectory(stagingDir);
}
var log = new LogWrapper();
Invoke($"init --home \"{homeDir}\" --client-only", tempDirectory, log);
Invoke($"repo add --home \"{homeDir}\" {(string.IsNullOrEmpty(cred.UserName) ? "" : $"--username \"{cred.UserName}\" --password \"{cred.Password}\"")} {TempRepoName} {feedUri.ToString()}", tempDirectory, log);
Invoke($"fetch --home \"{homeDir}\" --version \"{version}\" --destination \"{stagingDir}\" {TempRepoName}/{packageId}", tempDirectory, log);
var localDownloadName =
Path.Combine(cacheDirectory, PackageName.ToCachedFileName(packageId, version, Extension));
fileSystem.MoveFile(Directory.GetFiles(stagingDir)[0], localDownloadName);
return(PackagePhysicalFileMetadata.Build(localDownloadName));
}
/// <summary>
/// Authenticates the user with the specified AD FS endpoint and
/// yields the SAML response data for subsequent parsing.
/// </summary>
/// <param name="identityProvider">
/// The https endpoint of the federated identity provider.
/// </param>
/// <param name="credentials">
/// Credentials for the call. If null, the user's default network credentials
/// will be used in a temporary impersonation context.
/// </param>
/// <param name="authenticationType">
/// The authentication type to be used with the endpoint. Valid values are 'NTLM',
/// 'Digest', 'Kerberos' and 'Negotiate'.
/// </param>
/// <param name="proxySettings">Null or configured proxy settings for the HTTPS call.</param>
/// <returns>The response data from a successful authentication request.</returns>
public string Authenticate(Uri identityProvider, ICredentials credentials, string authenticationType, WebProxy proxySettings)
{
string responseStreamData = null;
ImpersonationState impersonationState = null;
try
{
if (credentials != null)
{
var networkCredentials = credentials.GetCredential(identityProvider, authenticationType);
impersonationState = ImpersonationState.Impersonate(networkCredentials);
}
using (var response = QueryProvider(identityProvider, authenticationType, proxySettings))
{
using (var reader = new StreamReader(response.GetResponseStream()))
{
responseStreamData = reader.ReadToEnd();
}
}
}
catch (Exception e)
{
throw new AdfsAuthenticationControllerException(e.ToString(), e);
}
finally
{
if (impersonationState != null)
{
impersonationState.Dispose();
}
}
return(responseStreamData);
}
private static Authorization InternalAuthenticate(WebRequest webRequest, ICredentials credentials)
{
HttpWebRequest httpWebRequest = webRequest as HttpWebRequest;
if (httpWebRequest == null || credentials == null)
{
return(null);
}
NetworkCredential credential = credentials.GetCredential(httpWebRequest.AuthUri, "basic");
if (credential == null)
{
return(null);
}
string userName = credential.UserName;
if (userName == null || userName == string.Empty)
{
return(null);
}
string password = credential.Password;
string domain = credential.Domain;
byte[] inArray = (domain != null && !(domain == string.Empty) && !(domain.Trim() == string.Empty)) ? GetBytes(domain + "\\" + userName + ":" + password) : GetBytes(userName + ":" + password);
string token = "Basic " + Convert.ToBase64String(inArray);
return(new Authorization(token));
}
public void Proxy_BypassFalse_GetRequestGoesThroughCustomProxy(ICredentials creds)
{
int port;
Task <LoopbackGetRequestHttpProxy.ProxyResult> proxyTask = LoopbackGetRequestHttpProxy.StartAsync(
out port,
requireAuth: creds != null && creds != CredentialCache.DefaultCredentials,
expectCreds: true);
Uri proxyUrl = new Uri($"http://localhost:{port}");
using (var handler = new HttpClientHandler()
{
Proxy = new UseSpecifiedUriWebProxy(proxyUrl, creds)
})
using (var client = new HttpClient(handler))
{
Task <HttpResponseMessage> responseTask = client.GetAsync(HttpTestServers.RemoteEchoServer);
Task <string> responseStringTask = responseTask.ContinueWith(t => t.Result.Content.ReadAsStringAsync(), TaskScheduler.Default).Unwrap();
Task.WaitAll(proxyTask, responseTask, responseStringTask);
TestHelper.VerifyResponseBody(responseStringTask.Result, responseTask.Result.Content.Headers.ContentMD5, false, null);
Assert.Equal(Encoding.ASCII.GetString(proxyTask.Result.ResponseContent), responseStringTask.Result);
NetworkCredential nc = creds != null?creds.GetCredential(proxyUrl, "Basic") : null;
string expectedAuth =
nc == null || nc == CredentialCache.DefaultCredentials ? null :
string.IsNullOrEmpty(nc.Domain) ? $"{nc.UserName}:{nc.Password}" :
$"{nc.Domain}\\{nc.UserName}:{nc.Password}";
Assert.Equal(expectedAuth, proxyTask.Result.AuthenticationHeaderValue);
}
}
public static HttpClientHandler CreateClientHandler(string serviceUrl, ICredentials credentials)
{
if (serviceUrl == null)
{
throw new ArgumentNullException("serviceUrl");
}
// Set up our own HttpClientHandler and configure it
HttpClientHandler clientHandler = new HttpClientHandler();
if (credentials != null)
{
// Set up credentials cache which will handle basic authentication
CredentialCache credentialCache = new CredentialCache();
// Get base address without terminating slash
string credentialAddress = new Uri(serviceUrl).GetLeftPart(UriPartial.Authority).TrimEnd(uriPathSeparator);
// Add credentials to cache and associate with handler
NetworkCredential networkCredentials = credentials.GetCredential(new Uri(credentialAddress), "Basic");
credentialCache.Add(new Uri(credentialAddress), "Basic", networkCredentials);
clientHandler.Credentials = credentialCache;
clientHandler.PreAuthenticate = true;
}
// Our handler is ready
return clientHandler;
}
private static KeyValuePair <NetworkCredential, CURLAUTH> GetCredentials(ICredentials credentials, Uri requestUri)
{
NetworkCredential nc = null;
CURLAUTH curlAuthScheme = CURLAUTH.None;
if (credentials != null)
{
// we collect all the schemes that are accepted by libcurl for which there is a non-null network credential.
// But CurlHandler works under following assumption:
// for a given server, the credentials do not vary across authentication schemes.
for (int i = 0; i < s_authSchemePriorityOrder.Length; i++)
{
NetworkCredential networkCredential = credentials.GetCredential(requestUri, s_authenticationSchemes[i]);
if (networkCredential != null)
{
curlAuthScheme |= s_authSchemePriorityOrder[i];
if (nc == null)
{
nc = networkCredential;
}
else if (!AreEqualNetworkCredentials(nc, networkCredential))
{
throw new PlatformNotSupportedException(SR.net_http_unix_invalid_credential);
}
}
}
}
VerboseTrace("curlAuthScheme = " + curlAuthScheme);
return(new KeyValuePair <NetworkCredential, CURLAUTH>(nc, curlAuthScheme));;
}
public static HttpClientHandler CreateHttpClientHandler(string endpoint, ICredentials credentials)
{
if (endpoint == null)
{
throw new ArgumentNullException("endpoint");
}
// Set up our own HttpClientHandler and configure it
HttpClientHandler clientHandler = new HttpClientHandler();
if (credentials != null)
{
// Set up credentials cache which will handle basic authentication
CredentialCache credentialCache = new CredentialCache();
// Get base address without terminating slash
string credentialAddress = new Uri(endpoint).GetLeftPart(UriPartial.Authority).TrimEnd(uriPathSeparator);
// Add credentials to cache and associate with handler
NetworkCredential networkCredentials = credentials.GetCredential(new Uri(credentialAddress), "Basic");
credentialCache.Add(new Uri(credentialAddress), "Basic", networkCredentials);
clientHandler.Credentials = credentialCache;
clientHandler.PreAuthenticate = true;
}
// Our handler is ready
return(clientHandler);
}
Authorization InternalAuthenticate(HttpURLConnection request, ICredentials credentials)
{
if (request == null || credentials == null)
{
return(null);
}
NetworkCredential cred = credentials.GetCredential(new Uri(request.URL.ToString()), AuthenticationType.ToLowerInvariant());
if (cred == null)
{
return(null);
}
if (String.IsNullOrEmpty(cred.UserName))
{
return(null);
}
string domain = cred.Domain?.Trim();
string response = String.Empty;
// If domain is set, MS sends "domain\user:password".
if (!String.IsNullOrEmpty(domain))
{
response = domain + "\\";
}
response += cred.UserName + ":" + cred.Password;
return(new Authorization($"{AuthenticationType} {Convert.ToBase64String (Encoding.ASCII.GetBytes (response))}"));
}
/// <summary>
/// Does the authentication module supports pre-authentication?
/// </summary>
/// <param name="client">Client executing this request</param>
/// <param name="request">Request to authenticate</param>
/// <param name="credentials">The credentials to be used for the authentication</param>
/// <returns>true when the authentication module supports pre-authentication</returns>
public bool CanPreAuthenticate(IRestClient client, IRestRequest request, ICredentials credentials)
{
if (credentials == null)
return false;
var cred = credentials.GetCredential(client.BuildUri(request, false), AuthenticationMethod);
if (cred == null)
return false;
return true;
}
public Authorization Authenticate (string challenge, WebRequest webRequest, ICredentials credentials)
{
HttpWebRequest request = webRequest as HttpWebRequest;
if (request == null)
return null;
NetworkCredential cred = credentials.GetCredential (request.RequestUri, "NTLM");
if (cred == null)
return null;
string userName = cred.UserName;
string domain = cred.Domain;
string password = cred.Password;
if (userName == null || userName == "")
return null;
domain = domain != null && domain.Length > 0 ? domain : request.Headers ["Host"];
bool completed = false;
if (message == null) {
Type1Message type1 = new Type1Message ();
type1.Domain = domain;
message = type1;
} else if (message.Type == 1) {
// Should I check the credentials?
if (challenge == null) {
message = null;
return null;
}
Type2Message type2 = new Type2Message (Convert.FromBase64String (challenge));
if (password == null)
password = "";
Type3Message type3 = new Type3Message ();
type3.Domain = domain;
type3.Username = userName;
type3.Challenge = type2.Nonce;
type3.Password = password;
message = type3;
completed = true;
} else {
// Should I check the credentials?
// type must be 3 here
if (challenge == null || challenge == String.Empty) {
Type1Message type1 = new Type1Message ();
type1.Domain = domain;
message = type1;
} else {
completed = true;
}
}
string token = "NTLM " + Convert.ToBase64String (message.GetBytes ());
return new Authorization (token, completed);
}
/// <summary>
/// Modifies the request to ensure that the authentication requirements are met.
/// </summary>
/// <param name="client">Client executing this request</param>
/// <param name="request">Request to authenticate</param>
/// <param name="credentials">The credentials used for the authentication</param>
/// <returns>The task the authentication is performed on</returns>
public Task PreAuthenticate(IRestClient client, IRestRequest request, ICredentials credentials)
{
return Task.Factory.StartNew(() =>
{
if (credentials == null)
throw new InvalidOperationException("The credentials must be set using the IRestClient.Credential property.");
var cred = credentials.GetCredential(client.BuildUri(request, false), AuthenticationMethod);
if (cred == null)
throw new InvalidOperationException($"No credentials provided for the {AuthenticationMethod} authentication type.");
request.AddParameter(_usernameKey, cred.UserName, _parameterType);
request.AddParameter(_passwordKey, cred.Password, _parameterType);
});
}
private Authorization Lookup(HttpWebRequest httpWebRequest, ICredentials credentials) {
//NetworkCredential credential = credentials.GetCredential(httpWebRequest.ChallengedUri, BasicClient.Signature);
var net_cred = credentials.GetCredential(httpWebRequest.RequestUri, "Basic");
if (net_cred == null) {
return null;
}
ICredentialPolicy credentialPolicy = AuthenticationManager.CredentialPolicy;
if (credentialPolicy != null && !credentialPolicy.ShouldSendCredential(httpWebRequest.RequestUri, httpWebRequest, net_cred, this)) {
return null;
}
var user_pass = String.Join(":", net_cred.UserName, net_cred.Password).ToUtf8();
string authToken = "Basic " + user_pass.ToBase64();
return new Authorization(authToken, true);
}
public static NetworkCredential GetCredentialsForUriFromICredentials (Uri uri, ICredentials credentials)
{
if (credentials == null)
return null;
NetworkCredential cred = null;
foreach (var scheme in AuthenticationSchemes) {
cred = credentials.GetCredential (uri, scheme);
if (cred != null)
break;
}
return cred;
}
private Authorization AuthenticateInternal(WebRequest request,
ICredentials credentials)
{
String user,password,domain;
NetworkCredential netcredentials=credentials.GetCredential(
request.RequestUri, "Basic");
user=netcredentials.UserName;
password=netcredentials.Password;
domain=netcredentials.Domain;
String response=((domain==null || domain=="") ? "" :
(domain + "\\"))
+ user + ":" + password;
byte[] buf=Encoding.Default.GetBytes(response);
return new Authorization("Basic "+ToBase64String(buf));
}
private static HttpClient BuildHttpClient(Uri uri, ICredentials credentials = null)
{
var handler = new HttpClientHandler();
var client = new HttpClient(handler);
if (credentials != null)
{
handler.PreAuthenticate = true;
handler.Credentials = credentials;
var basicCredentials = credentials.GetCredential(uri, authType: "Basic");
if (basicCredentials != null)
SetBasicAuthHeader(client, basicCredentials);
}
return client;
}
public Authorization PreAuthenticate(WebRequest request, ICredentials credentials)
{
NetworkCredential credential = credentials.GetCredential(request.RequestUri, AuthenticationType);
string username = credential.UserName;
string password = credential.Password;
string created, nonce;
string passwordDigest = GeneratePasswordDigest(password, out created, out nonce);
request.Headers.Add("X-WSSE", string.Format(
CultureInfo.InvariantCulture,
"UsernameToken Username=\"{0}\", PasswordDigest=\"{1}\", Created=\"{2}\", Nonce=\"{3}\"",
username,
passwordDigest,
created,
nonce));
return new Authorization("WSSE profile=\"UsernameToken\"", true);
}
private Authorization Lookup(HttpWebRequest httpWebRequest, ICredentials credentials)
{
NetworkCredential credential = credentials.GetCredential(httpWebRequest.ChallengedUri, Signature);
if (credential == null)
{
return null;
}
ICredentialPolicy credentialPolicy = AuthenticationManager.CredentialPolicy;
if ((credentialPolicy != null) && !credentialPolicy.ShouldSendCredential(httpWebRequest.ChallengedUri, httpWebRequest, credential, this))
{
return null;
}
string userName = credential.InternalGetUserName();
string domain = credential.InternalGetDomain();
if (ValidationHelper.IsBlankString(userName))
{
return null;
}
byte[] inArray = EncodingRightGetBytes((!ValidationHelper.IsBlankString(domain) ? (domain + @"\") : "") + userName + ":" + credential.InternalGetPassword());
return new Authorization("Basic " + Convert.ToBase64String(inArray), true);
}
/// <summary>
/// Authenticates the user with the specified AD FS endpoint and
/// yields the SAML response data for subsequent parsing.
/// </summary>
/// <param name="identityProvider">
/// The https endpoint of the federated identity provider.
/// </param>
/// <param name="credentials">
/// Credentials for the call. If null, the user's default network credentials
/// will be used in a temporary impersonation context.
/// </param>
/// <param name="authenticationType">
/// The authentication type to be used with the endpoint. Valid values are 'NTLM',
/// 'Digest', 'Kerberos' and 'Negotiate'.
/// </param>
/// <returns>The response data from a successful authentication request.</returns>
public string Authenticate(Uri identityProvider, ICredentials credentials, string authenticationType)
{
string responseStreamData = null;
ImpersonationState impersonationState = null;
try
{
if (credentials != null)
{
var networkCredentials = credentials.GetCredential(identityProvider, authenticationType);
impersonationState = ImpersonationState.Impersonate(networkCredentials);
}
using (var response = QueryProvider(identityProvider, authenticationType))
{
using (var reader = new StreamReader(response.GetResponseStream()))
{
responseStreamData = reader.ReadToEnd();
}
}
}
catch (Exception e)
{
var sb = new StringBuilder(e.Message);
if (e.InnerException != null)
sb.AppendFormat("(Inner exception '{0}')", e.InnerException.Message);
throw new AdfsAuthenticationControllerException(sb.ToString(), e);
}
finally
{
if (impersonationState != null)
impersonationState.Dispose();
}
return responseStreamData;
}
private void SaveServerCredentialsToCache(Uri uri, uint authScheme, ICredentials serverCredentials)
{
string authType = s_authSchemeStringMapping[authScheme];
Debug.Assert(!string.IsNullOrEmpty(authType));
NetworkCredential cred = serverCredentials.GetCredential(uri, authType);
if (cred != null)
{
lock (_credentialCacheLock)
{
try
{
_credentialCache.Add(uri, authType, cred);
}
catch (ArgumentException)
{
// The credential was already added.
}
}
}
}
/// <summary>
/// Authenticates using the supplied credentials.
/// </summary>
/// <remarks>
/// <para>If the server supports one or more SASL authentication mechanisms, then
/// the SASL mechanisms that both the client and server support are tried
/// in order of greatest security to weakest security. Once a SASL
/// authentication mechanism is found that both client and server support,
/// the credentials are used to authenticate.</para>
/// <para>If the server does not support SASL or if no common SASL mechanisms
/// can be found, then LOGIN command is used as a fallback.</para>
/// </remarks>
/// <param name="credentials">The user's credentials.</param>
/// <param name="cancellationToken">A cancellation token.</param>
/// <exception cref="System.ArgumentNullException">
/// <paramref name="credentials"/> is <c>null</c>.
/// </exception>
/// <exception cref="System.ObjectDisposedException">
/// The <see cref="ImapClient"/> has been disposed.
/// </exception>
/// <exception cref="System.InvalidOperationException">
/// The <see cref="ImapClient"/> is not connected or is already authenticated.
/// </exception>
/// <exception cref="System.OperationCanceledException">
/// The operation was canceled via the cancellation token.
/// </exception>
/// <exception cref="MailKit.Security.AuthenticationException">
/// Authentication using the supplied credentials has failed.
/// </exception>
/// <exception cref="MailKit.Security.SaslException">
/// A SASL authentication error occurred.
/// </exception>
/// <exception cref="System.IO.IOException">
/// An I/O error occurred.
/// </exception>
/// <exception cref="ImapProtocolException">
/// An IMAP protocol error occurred.
/// </exception>
public void Authenticate(ICredentials credentials, CancellationToken cancellationToken)
{
CheckDisposed ();
if (!IsConnected)
throw new InvalidOperationException ("The ImapClient must be connected before you can authenticate.");
if (engine.State >= ImapEngineState.Authenticated)
throw new InvalidOperationException ("The ImapClient is already authenticated.");
if (credentials == null)
throw new ArgumentNullException ("credentials");
int capabilitiesVersion = engine.CapabilitiesVersion;
var uri = new Uri ("imap://" + host);
NetworkCredential cred;
ImapCommand ic;
foreach (var authmech in SaslMechanism.AuthMechanismRank) {
if (!engine.AuthenticationMechanisms.Contains (authmech))
continue;
var sasl = SaslMechanism.Create (authmech, uri, credentials);
cancellationToken.ThrowIfCancellationRequested ();
var command = string.Format ("AUTHENTICATE {0}", sasl.MechanismName);
var ir = sasl.Challenge (null);
if ((engine.Capabilities & ImapCapabilities.SaslIR) != 0 && ir != null) {
command += " " + ir + "\r\n";
} else {
command += "\r\n";
sasl.Reset ();
}
ic = engine.QueueCommand (cancellationToken, null, command);
ic.ContinuationHandler = (imap, cmd, text) => {
string challenge;
if (sasl.IsAuthenticated) {
// the server claims we aren't done authenticating, but our SASL mechanism thinks we are...
// FIXME: will sending an empty string abort the AUTHENTICATE command?
challenge = string.Empty;
} else {
challenge = sasl.Challenge (text);
}
cmd.CancellationToken.ThrowIfCancellationRequested ();
var buf = Encoding.ASCII.GetBytes (challenge + "\r\n");
imap.Stream.Write (buf, 0, buf.Length);
imap.Stream.Flush ();
};
engine.Wait (ic);
if (ic.Result != ImapCommandResult.Ok)
continue;
engine.State = ImapEngineState.Authenticated;
// Query the CAPABILITIES again if the server did not include an
// untagged CAPABILITIES response to the AUTHENTICATE command.
if (engine.CapabilitiesVersion == capabilitiesVersion)
engine.QueryCapabilities (cancellationToken);
engine.QueryNamespaces (cancellationToken);
engine.QuerySpecialFolders (cancellationToken);
return;
}
if ((Capabilities & ImapCapabilities.LoginDisabled) != 0)
throw new AuthenticationException ();
// fall back to the classic LOGIN command...
cred = credentials.GetCredential (uri, "LOGIN");
ic = engine.QueueCommand (cancellationToken, null, "LOGIN %S %S\r\n", cred.UserName, cred.Password);
engine.Wait (ic);
if (ic.Result != ImapCommandResult.Ok)
throw new AuthenticationException ();
engine.State = ImapEngineState.Authenticated;
// Query the CAPABILITIES again if the server did not include an
// untagged CAPABILITIES response to the LOGIN command.
if (engine.CapabilitiesVersion == capabilitiesVersion)
engine.QueryCapabilities (cancellationToken);
engine.QueryNamespaces (cancellationToken);
engine.QuerySpecialFolders (cancellationToken);
}
private void SetWinHttpCredential(
SafeWinHttpHandle requestHandle,
ICredentials credentials,
Uri uri,
uint authScheme,
uint authTarget)
{
Debug.Assert(credentials != null);
Debug.Assert(authScheme != 0);
Debug.Assert(authTarget == Interop.WinHttp.WINHTTP_AUTH_TARGET_PROXY ||
authTarget == Interop.WinHttp.WINHTTP_AUTH_TARGET_SERVER);
NetworkCredential networkCredential = credentials.GetCredential(uri, s_authSchemeStringMapping[authScheme]);
// Skip if no credentials or this is the default credential.
if (networkCredential == null || networkCredential == CredentialCache.DefaultNetworkCredentials)
{
return;
}
string userName = networkCredential.UserName;
string password = networkCredential.Password;
string domain = networkCredential.Domain;
// WinHTTP does not support a blank username. So, we will throw an exception.
if (string.IsNullOrEmpty(userName))
{
// TODO: Add error message.
throw new InvalidOperationException();
}
if (!string.IsNullOrEmpty(domain))
{
userName = domain + "\\" + userName;
}
if (!Interop.WinHttp.WinHttpSetCredentials(
requestHandle,
authTarget,
authScheme,
userName,
password,
IntPtr.Zero))
{
WinHttpException.ThrowExceptionUsingLastError();
}
}
private static NetworkCredential GetCredentials(ICredentials credentials, Uri requestUri)
{
if (credentials == null)
{
return null;
}
foreach (var authScheme in s_authenticationSchemes)
{
NetworkCredential networkCredential = credentials.GetCredential(requestUri, authScheme);
if (networkCredential != null)
{
return networkCredential;
}
}
return null;
}
public Authorization Authenticate (WebRequest webRequest, ICredentials credentials)
{
if (parser == null)
throw new InvalidOperationException ();
HttpWebRequest request = webRequest as HttpWebRequest;
if (request == null)
return null;
lastUse = DateTime.Now;
NetworkCredential cred = credentials.GetCredential (request.RequestUri, "digest");
if (cred == null)
return null;
string userName = cred.UserName;
if (userName == null || userName == "")
return null;
string password = cred.Password;
StringBuilder auth = new StringBuilder ();
auth.AppendFormat ("Digest username=\"{0}\", ", userName);
auth.AppendFormat ("realm=\"{0}\", ", Realm);
auth.AppendFormat ("nonce=\"{0}\", ", Nonce);
auth.AppendFormat ("uri=\"{0}\", ", request.Address.PathAndQuery);
if (Algorithm != null) { // hash algorithm (only MD5 in RFC2617)
auth.AppendFormat ("algorithm=\"{0}\", ", Algorithm);
}
auth.AppendFormat ("response=\"{0}\", ", Response (userName, password, request));
if (QOP != null) { // quality of protection (server decision)
auth.AppendFormat ("qop=\"{0}\", ", QOP);
}
lock (this) {
// _nc MUST NOT change from here...
// number of request using this nonce
if (QOP != null) {
auth.AppendFormat ("nc={0:X8}, ", _nc);
_nc++;
}
// until here, now _nc can change
}
if (CNonce != null) // opaque value from the client
auth.AppendFormat ("cnonce=\"{0}\", ", CNonce);
if (Opaque != null) // exact same opaque value as received from server
auth.AppendFormat ("opaque=\"{0}\", ", Opaque);
auth.Length -= 2; // remove ", "
return new Authorization (auth.ToString ());
}
private Authorization DoAuthenticate(string challenge, WebRequest webRequest, ICredentials credentials, bool preAuthenticate)
{
if (credentials == null)
{
return null;
}
HttpWebRequest request = webRequest as HttpWebRequest;
NTAuthentication securityContext = null;
string incomingBlob = null;
if (!preAuthenticate)
{
int index = AuthenticationManager.FindSubstringNotInQuotes(challenge, Signature);
if (index < 0)
{
return null;
}
int startIndex = index + SignatureSize;
if ((challenge.Length > startIndex) && (challenge[startIndex] != ','))
{
startIndex++;
}
else
{
index = -1;
}
if ((index >= 0) && (challenge.Length > startIndex))
{
index = challenge.IndexOf(',', startIndex);
if (index != -1)
{
incomingBlob = challenge.Substring(startIndex, index - startIndex);
}
else
{
incomingBlob = challenge.Substring(startIndex);
}
}
securityContext = request.CurrentAuthenticationState.GetSecurityContext(this);
}
if (securityContext == null)
{
NetworkCredential credential = credentials.GetCredential(request.ChallengedUri, Signature);
string str2 = string.Empty;
if ((credential == null) || (!(credential is SystemNetworkCredential) && ((str2 = credential.InternalGetUserName()).Length == 0)))
{
return null;
}
if (((str2.Length + credential.InternalGetPassword().Length) + credential.InternalGetDomain().Length) > 0x20f)
{
return null;
}
ICredentialPolicy credentialPolicy = AuthenticationManager.CredentialPolicy;
if ((credentialPolicy != null) && !credentialPolicy.ShouldSendCredential(request.ChallengedUri, request, credential, this))
{
return null;
}
string computeSpn = request.CurrentAuthenticationState.GetComputeSpn(request);
ChannelBinding channelBinding = null;
if (request.CurrentAuthenticationState.TransportContext != null)
{
channelBinding = request.CurrentAuthenticationState.TransportContext.GetChannelBinding(ChannelBindingKind.Endpoint);
}
securityContext = new NTAuthentication("NTLM", credential, computeSpn, request, channelBinding);
request.CurrentAuthenticationState.SetSecurityContext(securityContext, this);
}
string outgoingBlob = securityContext.GetOutgoingBlob(incomingBlob);
if (outgoingBlob == null)
{
return null;
}
bool unsafeOrProxyAuthenticatedConnectionSharing = request.UnsafeOrProxyAuthenticatedConnectionSharing;
if (unsafeOrProxyAuthenticatedConnectionSharing)
{
request.LockConnection = true;
}
request.NtlmKeepAlive = incomingBlob == null;
return AuthenticationManager.GetGroupAuthorization(this, "NTLM " + outgoingBlob, securityContext.IsCompleted, securityContext, unsafeOrProxyAuthenticatedConnectionSharing, false);
}
/// <summary>
/// Modifies the request to ensure that the authentication requirements are met.
/// </summary>
/// <param name="client">Client executing this request</param>
/// <param name="request">Request to authenticate</param>
/// <param name="credentials">The credentials used for the authentication</param>
/// <returns>The task the authentication is performed on</returns>
public Task PreAuthenticate(IRestClient client, IRestRequest request, ICredentials credentials)
{
if (credentials == null)
{
throw new InvalidOperationException("The credentials must be set using the IRestClient.Credential property.");
}
var cred = credentials.GetCredential(client.BuildUri(request, false), AuthenticationMethod);
if (cred == null)
{
throw new InvalidOperationException($"No credentials provided for the {AuthenticationMethod} authentication type.");
}
request.Parameters.AddOrUpdate(new Parameter { Type = _parameterType, Name = _usernameKey, Value = cred.UserName, ValidateOnAdd = false });
request.Parameters.AddOrUpdate(new Parameter { Type = _parameterType, Name = _passwordKey, Value = cred.Password, ValidateOnAdd = false });
#if USE_TASKEX
return TaskEx.FromResult(0);
#else
return Task.FromResult(0);
#endif
}
/// <summary>
/// Will be called when the authentication failed
/// </summary>
/// <param name="client">Client executing this request</param>
/// <param name="request">Request to authenticate</param>
/// <param name="credentials">The credentials used for the authentication</param>
/// <param name="response">Response of the failed request</param>
/// <returns>Task where the handler for a failed authentication gets executed</returns>
public Task HandleChallenge(IHttpClient client, IHttpRequestMessage request, ICredentials credentials, IHttpResponseMessage response)
{
return Task.Factory.StartNew(() =>
{
if (!CanHandleChallenge(client, request, credentials, response))
throw new InvalidOperationException();
var responseUri = client.GetRequestUri(request, response);
_authCredential = credentials.GetCredential(responseUri, AuthenticationMethod);
var authModeInfo = response.GetAuthenticationMethodValue(_authHeader, AuthenticationMethod);
ParseResponseHeader(authModeInfo);
});
}
/// <summary>
/// Determines if the authentication module can handle the challenge sent with the response.
/// </summary>
/// <param name="client">The REST client the response is assigned to</param>
/// <param name="request">The REST request the response is assigned to</param>
/// <param name="credentials">The credentials to be used for the authentication</param>
/// <param name="response">The response that returned the authentication challenge</param>
/// <returns>true when the authenticator can handle the sent challenge</returns>
public virtual bool CanHandleChallenge(IHttpClient client, IHttpRequestMessage request, ICredentials credentials, IHttpResponseMessage response)
{
// No credentials defined?
if (credentials == null)
return false;
// No challenge header found?
var authModeInfo = response.GetAuthenticationMethodValue(_authHeader, AuthenticationMethod);
if (authModeInfo == null)
return false;
// Search for credential for request URI
var responseUri = client.GetRequestUri(request, response);
var credential = credentials.GetCredential(responseUri, AuthenticationMethod);
if (credential == null)
return false;
// Did we already try to use the found credentials?
if (ReferenceEquals(credential, _authCredential))
{
// Yes, so we don't retry the authentication.
return false;
}
return true;
}
/// <summary>
/// Authenticates using the supplied credentials.
/// </summary>
/// <remarks>
/// <para>If the POP3 server supports the APOP authentication mechanism,
/// then APOP is used.</para>
/// <para>If the APOP authentication mechanism is not supported and the
/// server supports one or more SASL authentication mechanisms, then
/// the SASL mechanisms that both the client and server support are tried
/// in order of greatest security to weakest security. Once a SASL
/// authentication mechanism is found that both client and server support,
/// the credentials are used to authenticate.</para>
/// <para>If the server does not support SASL or if no common SASL mechanisms
/// can be found, then the USER and PASS commands are used as a fallback.</para>
/// </remarks>
/// <param name="credentials">The user's credentials.</param>
/// <param name="cancellationToken">A cancellation token.</param>
/// <exception cref="System.ArgumentNullException">
/// <paramref name="credentials"/> is <c>null</c>.
/// </exception>
/// <exception cref="System.ObjectDisposedException">
/// The <see cref="Pop3Client"/> has been disposed.
/// </exception>
/// <exception cref="System.InvalidOperationException">
/// The <see cref="Pop3Client"/> is not connected or is already authenticated.
/// </exception>
/// <exception cref="System.OperationCanceledException">
/// The operation was canceled via the cancellation token.
/// </exception>
/// <exception cref="MailKit.Security.AuthenticationException">
/// Authentication using the supplied credentials has failed.
/// </exception>
/// <exception cref="MailKit.Security.SaslException">
/// A SASL authentication error occurred.
/// </exception>
/// <exception cref="System.IO.IOException">
/// An I/O error occurred.
/// </exception>
/// <exception cref="Pop3CommandException">
/// A POP3 command failed.
/// </exception>
/// <exception cref="Pop3ProtocolException">
/// An POP3 protocol error occurred.
/// </exception>
public void Authenticate(ICredentials credentials, CancellationToken cancellationToken)
{
CheckDisposed ();
if (!IsConnected)
throw new InvalidOperationException ("The Pop3Client must be connected before you can authenticate.");
if (engine.State == Pop3EngineState.Transaction)
throw new InvalidOperationException ("The Pop3Client is already authenticated.");
if (credentials == null)
throw new ArgumentNullException ("credentials");
var uri = new Uri ("pop://" + host);
NetworkCredential cred;
string challenge;
Pop3Command pc;
// (Erik) Not sure what to do with these
#if !NETFX_CORE && !WINDOWS_APP && !WINDOWS_PHONE_APP
if ((engine.Capabilities & Pop3Capabilities.Apop) != 0) {
cred = credentials.GetCredential (uri, "APOP");
challenge = engine.ApopToken + cred.Password;
var md5sum = new StringBuilder ();
byte[] digest;
using (var md5 = HashAlgorithm.Create ("MD5")) {
digest = md5.ComputeHash (Encoding.UTF8.GetBytes (challenge));
}
for (int i = 0; i < digest.Length; i++)
md5sum.Append (digest[i].ToString ("x2"));
try {
SendCommand (cancellationToken, "APOP {0} {1}", cred.UserName, md5sum);
engine.State = Pop3EngineState.Transaction;
} catch (Pop3CommandException) {
}
if (engine.State == Pop3EngineState.Transaction) {
engine.QueryCapabilities (cancellationToken);
ProbeCapabilities (cancellationToken);
return;
}
}
if ((engine.Capabilities & Pop3Capabilities.Sasl) != 0) {
foreach (var authmech in SaslMechanism.AuthMechanismRank) {
if (!engine.AuthenticationMechanisms.Contains (authmech))
continue;
var sasl = SaslMechanism.Create (authmech, uri, credentials);
cancellationToken.ThrowIfCancellationRequested ();
pc = engine.QueueCommand (cancellationToken, (pop3, cmd, text) => {
while (!sasl.IsAuthenticated && cmd.Status == Pop3CommandStatus.Continue) {
challenge = sasl.Challenge (text);
string response;
var buf = Encoding.ASCII.GetBytes (challenge + "\r\n");
pop3.Stream.Write (buf, 0, buf.Length);
response = pop3.ReadLine (cmd.CancellationToken);
cmd.Status = Pop3Engine.GetCommandStatus (response, out text);
if (cmd.Status == Pop3CommandStatus.ProtocolError)
throw new Pop3ProtocolException (string.Format ("Unexpected response from server: {0}", response));
}
}, "AUTH {0}", authmech);
while (engine.Iterate () < pc.Id) {
// continue processing commands
}
if (pc.Status == Pop3CommandStatus.Error)
continue;
if (pc.Status != Pop3CommandStatus.Ok)
throw CreatePop3Exception (pc);
if (pc.Exception != null)
throw pc.Exception;
engine.State = Pop3EngineState.Transaction;
engine.QueryCapabilities (cancellationToken);
ProbeCapabilities (cancellationToken);
return;
}
}
#endif
// fall back to the classic USER & PASS commands...
cred = credentials.GetCredential (uri, "USER");
try {
SendCommand (cancellationToken, "USER {0}", cred.UserName);
SendCommand (cancellationToken, "PASS {0}", cred.Password);
} catch (Pop3CommandException) {
throw new AuthenticationException ();
}
engine.State = Pop3EngineState.Transaction;
engine.QueryCapabilities (cancellationToken);
ProbeCapabilities (cancellationToken);
}
private static KeyValuePair<NetworkCredential, CURLAUTH> GetCredentials(ICredentials credentials, Uri requestUri)
{
NetworkCredential nc = null;
CURLAUTH curlAuthScheme = CURLAUTH.None;
if (credentials != null)
{
// we collect all the schemes that are accepted by libcurl for which there is a non-null network credential.
// But CurlHandler works under following assumption:
// for a given server, the credentials do not vary across authentication schemes.
for (int i=0; i < s_authSchemePriorityOrder.Length; i++)
{
NetworkCredential networkCredential = credentials.GetCredential(requestUri, s_authenticationSchemes[i]);
if (networkCredential != null)
{
curlAuthScheme |= s_authSchemePriorityOrder[i];
if (nc == null)
{
nc = networkCredential;
}
else if(!AreEqualNetworkCredentials(nc, networkCredential))
{
throw new PlatformNotSupportedException(SR.net_http_unix_invalid_credential);
}
}
}
}
VerboseTrace("curlAuthScheme = " + curlAuthScheme);
return new KeyValuePair<NetworkCredential, CURLAUTH>(nc, curlAuthScheme); ;
}
private Authorization DoAuthenticate(string challenge, WebRequest webRequest, ICredentials credentials, bool preAuthenticate)
{
HttpDigestChallenge challenge2;
if (credentials == null)
{
return null;
}
HttpWebRequest httpWebRequest = webRequest as HttpWebRequest;
NetworkCredential credential = credentials.GetCredential(httpWebRequest.ChallengedUri, Signature);
if (credential is SystemNetworkCredential)
{
if (WDigestAvailable)
{
return this.XPDoAuthenticate(challenge, httpWebRequest, credentials, preAuthenticate);
}
return null;
}
if (!preAuthenticate)
{
int startingPoint = AuthenticationManager.FindSubstringNotInQuotes(challenge, Signature);
if (startingPoint < 0)
{
return null;
}
challenge2 = HttpDigest.Interpret(challenge, startingPoint, httpWebRequest);
}
else
{
challenge2 = challengeCache.Lookup(httpWebRequest.ChallengedUri.AbsoluteUri) as HttpDigestChallenge;
}
if (challenge2 == null)
{
return null;
}
if (!CheckQOP(challenge2))
{
if (Logging.On)
{
Logging.PrintError(Logging.Web, SR.GetString("net_log_digest_qop_not_supported", new object[] { challenge2.QualityOfProtection }));
}
return null;
}
if (preAuthenticate)
{
challenge2 = challenge2.CopyAndIncrementNonce();
challenge2.SetFromRequest(httpWebRequest);
}
if (credential == null)
{
return null;
}
ICredentialPolicy credentialPolicy = AuthenticationManager.CredentialPolicy;
if ((credentialPolicy != null) && !credentialPolicy.ShouldSendCredential(httpWebRequest.ChallengedUri, httpWebRequest, credential, this))
{
return null;
}
string computeSpn = httpWebRequest.CurrentAuthenticationState.GetComputeSpn(httpWebRequest);
ChannelBinding channelBinding = null;
if (httpWebRequest.CurrentAuthenticationState.TransportContext != null)
{
channelBinding = httpWebRequest.CurrentAuthenticationState.TransportContext.GetChannelBinding(ChannelBindingKind.Endpoint);
}
Authorization authorization = HttpDigest.Authenticate(challenge2, credential, computeSpn, channelBinding);
if ((!preAuthenticate && webRequest.PreAuthenticate) && (authorization != null))
{
string[] strArray = (challenge2.Domain == null) ? new string[] { httpWebRequest.ChallengedUri.GetParts(UriComponents.SchemeAndServer, UriFormat.UriEscaped) } : challenge2.Domain.Split(singleSpaceArray);
authorization.ProtectionRealm = (challenge2.Domain == null) ? null : strArray;
for (int i = 0; i < strArray.Length; i++)
{
challengeCache.Add(strArray[i], challenge2);
}
}
return authorization;
}
private Authorization XPDoAuthenticate(string challenge, HttpWebRequest httpWebRequest, ICredentials credentials, bool preAuthenticate)
{
NTAuthentication securityContext = null;
string incomingBlob = null;
SecurityStatus status;
if (!preAuthenticate)
{
int index = AuthenticationManager.FindSubstringNotInQuotes(challenge, Signature);
if (index < 0)
{
return null;
}
securityContext = httpWebRequest.CurrentAuthenticationState.GetSecurityContext(this);
incomingBlob = RefineDigestChallenge(challenge, index);
}
else
{
HttpDigestChallenge challenge2 = challengeCache.Lookup(httpWebRequest.ChallengedUri.AbsoluteUri) as HttpDigestChallenge;
if (challenge2 == null)
{
return null;
}
challenge2 = challenge2.CopyAndIncrementNonce();
challenge2.SetFromRequest(httpWebRequest);
incomingBlob = challenge2.ToBlob();
}
UriComponents uriParts = 0;
if (httpWebRequest.CurrentMethod.ConnectRequest)
{
uriParts = UriComponents.HostAndPort;
}
else if (httpWebRequest.UsesProxySemantics)
{
uriParts = UriComponents.HttpRequestUrl;
}
else
{
uriParts = UriComponents.PathAndQuery;
}
string parts = httpWebRequest.GetRemoteResourceUri().GetParts(uriParts, UriFormat.UriEscaped);
if (securityContext == null)
{
NetworkCredential credential = credentials.GetCredential(httpWebRequest.ChallengedUri, Signature);
if ((credential == null) || (!(credential is SystemNetworkCredential) && (credential.InternalGetUserName().Length == 0)))
{
return null;
}
ICredentialPolicy credentialPolicy = AuthenticationManager.CredentialPolicy;
if ((credentialPolicy != null) && !credentialPolicy.ShouldSendCredential(httpWebRequest.ChallengedUri, httpWebRequest, credential, this))
{
return null;
}
string computeSpn = httpWebRequest.CurrentAuthenticationState.GetComputeSpn(httpWebRequest);
ChannelBinding channelBinding = null;
if (httpWebRequest.CurrentAuthenticationState.TransportContext != null)
{
channelBinding = httpWebRequest.CurrentAuthenticationState.TransportContext.GetChannelBinding(ChannelBindingKind.Endpoint);
}
securityContext = new NTAuthentication("WDigest", credential, computeSpn, httpWebRequest, channelBinding);
httpWebRequest.CurrentAuthenticationState.SetSecurityContext(securityContext, this);
}
string str4 = securityContext.GetOutgoingDigestBlob(incomingBlob, httpWebRequest.CurrentMethod.Name, parts, null, false, false, out status);
if (str4 == null)
{
return null;
}
Authorization authorization = new Authorization("Digest " + str4, securityContext.IsCompleted, string.Empty, securityContext.IsMutualAuthFlag);
if (!preAuthenticate && httpWebRequest.PreAuthenticate)
{
HttpDigestChallenge challenge3 = HttpDigest.Interpret(incomingBlob, -1, httpWebRequest);
string[] strArray = (challenge3.Domain == null) ? new string[] { httpWebRequest.ChallengedUri.GetParts(UriComponents.SchemeAndServer, UriFormat.UriEscaped) } : challenge3.Domain.Split(singleSpaceArray);
authorization.ProtectionRealm = (challenge3.Domain == null) ? null : strArray;
for (int i = 0; i < strArray.Length; i++)
{
challengeCache.Add(strArray[i], challenge3);
}
}
return authorization;
}
/// <summary>
/// Authenticate using the supplied credentials.
/// </summary>
/// <remarks>
/// <para>If the IMAP server supports one or more SASL authentication mechanisms,
/// then the SASL mechanisms that both the client and server support are tried
/// in order of greatest security to weakest security. Once a SASL
/// authentication mechanism is found that both client and server support,
/// the credentials are used to authenticate.</para>
/// <para>If the server does not support SASL or if no common SASL mechanisms
/// can be found, then LOGIN command is used as a fallback.</para>
/// <para>Note: To prevent the usage of certain authentication mechanisms,
/// simply remove them from the the <see cref="AuthenticationMechanisms"/> hash
/// set before calling the Authenticate() method.</para>
/// </remarks>
/// <param name="credentials">The user's credentials.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <exception cref="System.ArgumentNullException">
/// <paramref name="credentials"/> is <c>null</c>.
/// </exception>
/// <exception cref="System.ObjectDisposedException">
/// The <see cref="ImapClient"/> has been disposed.
/// </exception>
/// <exception cref="ServiceNotConnectedException">
/// The <see cref="ImapClient"/> is not connected.
/// </exception>
/// <exception cref="System.InvalidOperationException">
/// The <see cref="ImapClient"/> is already authenticated.
/// </exception>
/// <exception cref="System.OperationCanceledException">
/// The operation was canceled via the cancellation token.
/// </exception>
/// <exception cref="MailKit.Security.AuthenticationException">
/// Authentication using the supplied credentials has failed.
/// </exception>
/// <exception cref="MailKit.Security.SaslException">
/// A SASL authentication error occurred.
/// </exception>
/// <exception cref="System.IO.IOException">
/// An I/O error occurred.
/// </exception>
/// <exception cref="ImapProtocolException">
/// An IMAP protocol error occurred.
/// </exception>
public override void Authenticate (ICredentials credentials, CancellationToken cancellationToken = default (CancellationToken))
{
if (credentials == null)
throw new ArgumentNullException ("credentials");
CheckDisposed ();
CheckConnected ();
if (engine.State >= ImapEngineState.Authenticated)
throw new InvalidOperationException ("The ImapClient is already authenticated.");
int capabilitiesVersion = engine.CapabilitiesVersion;
var uri = new Uri ("imap://" + engine.Uri.Host);
NetworkCredential cred;
ImapCommand ic = null;
SaslMechanism sasl;
string id;
foreach (var authmech in SaslMechanism.AuthMechanismRank) {
if (!engine.AuthenticationMechanisms.Contains (authmech))
continue;
if ((sasl = SaslMechanism.Create (authmech, uri, credentials)) == null)
continue;
cancellationToken.ThrowIfCancellationRequested ();
var command = string.Format ("AUTHENTICATE {0}", sasl.MechanismName);
if ((engine.Capabilities & ImapCapabilities.SaslIR) != 0 && sasl.SupportsInitialResponse) {
var ir = sasl.Challenge (null);
command += " " + ir + "\r\n";
} else {
command += "\r\n";
}
ic = engine.QueueCommand (cancellationToken, null, command);
ic.ContinuationHandler = (imap, cmd, text) => {
string challenge;
if (sasl.IsAuthenticated) {
// The server claims we aren't done authenticating, but our SASL mechanism thinks we are...
// Send an empty string to abort the AUTHENTICATE command.
challenge = string.Empty;
} else {
challenge = sasl.Challenge (text);
}
var buf = Encoding.ASCII.GetBytes (challenge + "\r\n");
imap.Stream.Write (buf, 0, buf.Length, cmd.CancellationToken);
imap.Stream.Flush (cmd.CancellationToken);
};
engine.Wait (ic);
if (ic.Response != ImapCommandResponse.Ok)
continue;
engine.State = ImapEngineState.Authenticated;
cred = credentials.GetCredential (uri, sasl.MechanismName);
id = GetSessionIdentifier (cred.UserName);
if (id != identifier) {
engine.FolderCache.Clear ();
identifier = id;
}
// Query the CAPABILITIES again if the server did not include an
// untagged CAPABILITIES response to the AUTHENTICATE command.
if (engine.CapabilitiesVersion == capabilitiesVersion)
engine.QueryCapabilities (cancellationToken);
engine.QueryNamespaces (cancellationToken);
engine.QuerySpecialFolders (cancellationToken);
OnAuthenticated (ic.ResponseText);
return;
}
if ((Capabilities & ImapCapabilities.LoginDisabled) != 0) {
if (ic == null)
throw new AuthenticationException ("The LOGIN command is disabled.");
throw CreateAuthenticationException (ic);
}
// fall back to the classic LOGIN command...
cred = credentials.GetCredential (uri, "DEFAULT");
ic = engine.QueueCommand (cancellationToken, null, "LOGIN %S %S\r\n", cred.UserName, cred.Password);
engine.Wait (ic);
if (ic.Response != ImapCommandResponse.Ok)
throw CreateAuthenticationException (ic);
engine.State = ImapEngineState.Authenticated;
id = GetSessionIdentifier (cred.UserName);
if (id != identifier) {
engine.FolderCache.Clear ();
identifier = id;
}
// Query the CAPABILITIES again if the server did not include an
// untagged CAPABILITIES response to the LOGIN command.
if (engine.CapabilitiesVersion == capabilitiesVersion)
engine.QueryCapabilities (cancellationToken);
engine.QueryNamespaces (cancellationToken);
engine.QuerySpecialFolders (cancellationToken);
OnAuthenticated (ic.ResponseText);
}
public Authorization Authenticate (string challenge, WebRequest webRequest, ICredentials credentials)
{
HttpWebRequest request = webRequest as HttpWebRequest;
if (request == null)
return null;
NetworkCredential cred = credentials.GetCredential (request.RequestUri, "NTLM");
if (cred == null)
return null;
string userName = cred.UserName;
string domain = cred.Domain;
string password = cred.Password;
if (userName == null || userName == "")
return null;
if (String.IsNullOrEmpty (domain)) {
int idx = userName.IndexOf ('\\');
if (idx == -1) {
idx = userName.IndexOf ('/');
}
if (idx >= 0) {
domain = userName.Substring (0, idx);
userName = userName.Substring (idx + 1);
}
}
bool completed = false;
if (message == null) {
Type1Message type1 = new Type1Message ();
type1.Domain = domain;
type1.Host = ""; // MS does not send it
type1.Flags |= NtlmFlags.NegotiateNtlm2Key;
message = type1;
} else if (message.Type == 1) {
// Should I check the credentials?
if (challenge == null) {
message = null;
return null;
}
Type2Message type2 = new Type2Message (Convert.FromBase64String (challenge));
if (password == null)
password = "";
Type3Message type3 = new Type3Message (type2);
type3.Username = userName;
type3.Password = password;
type3.Domain = domain;
message = type3;
completed = true;
} else {
// Should I check the credentials?
// type must be 3 here
if (challenge == null || challenge == String.Empty) {
Type1Message type1 = new Type1Message ();
type1.Domain = domain;
type1.Host = ""; // MS does not send it
message = type1;
} else {
completed = true;
}
}
string token = "NTLM " + Convert.ToBase64String (message.GetBytes ());
return new Authorization (token, completed);
}
public Authorization Authenticate(string challenge, WebRequest request, ICredentials credentials)
{
if (!challenge.StartsWith("GoogleLogin ", StringComparison.OrdinalIgnoreCase))
return null;
HttpWebRequest httpRequest = (HttpWebRequest)request;
string service;
string realm;
ParseChallenge(challenge, out realm, out service);
if (realm != "http://www.google.com/accounts/ClientLogin")
return null;
NetworkCredential cred = credentials.GetCredential(request.RequestUri, AuthenticationType);
string auth = _gdataCred.GetCredentialsIfValid(cred.UserName, cred.Password, service);
if (auth != null)
{
return new Authorization(auth, true);
}
else
{
try
{
_gdataCred.EnsureLoggedIn(cred.UserName, cred.Password, service, !BlogClientUIContext.SilentModeForCurrentThread);
auth = _gdataCred.GetCredentialsIfValid(cred.UserName, cred.Password, service);
if (auth != null)
return new Authorization(auth, true);
else
return null;
}
catch (Exception e)
{
Trace.Fail(e.ToString());
return null;
}
}
}
