private WindowsIdentity Authenticate(ref Stream netStream, TcpServerSocketHandler streamManager) { // Use the identity for impersonation etc. NegotiateStream negoServer = null; try { negoServer = new NegotiateStream(netStream); // Block for authentication request TokenImpersonationLevel impLevel = TokenImpersonationLevel.Identification; if (_impersonate) { impLevel = TokenImpersonationLevel.Impersonation; } negoServer.AuthenticateAsServer((NetworkCredential)CredentialCache.DefaultCredentials, _protectionLevel, impLevel); netStream = negoServer; return((WindowsIdentity)negoServer.RemoteIdentity); } catch { streamManager.SendErrorResponse( String.Format(CultureInfo.CurrentCulture, CoreChannel.GetResourceString("Remoting_Tcp_ServerAuthenticationFailed")), false); if (negoServer != null) { negoServer.Close(); } throw; } }
//<snippet1> public static void AuthenticateClient(TcpClient clientRequest) { NetworkStream stream = clientRequest.GetStream(); // Create the NegotiateStream. NegotiateStream authStream = new NegotiateStream(stream, false); // Perform the server side of the authentication. authStream.AuthenticateAsServer(); // Display properties of the authenticated client. IIdentity id = authStream.RemoteIdentity; Console.WriteLine("{0} was authenticated using {1}.", id.Name, id.AuthenticationType ); // Read a message from the client. byte [] buffer = new byte[2048]; int charLength = authStream.Read(buffer, 0, buffer.Length); string messageData = new String(Encoding.UTF8.GetChars(buffer, 0, buffer.Length)); Console.WriteLine("READ {0}", messageData); // Finished with the current client. authStream.Close(); // Close the client connection. clientRequest.Close(); }
private WindowsIdentity Authenticate(ref Stream netStream, TcpServerSocketHandler streamManager) { NegotiateStream stream = null; WindowsIdentity remoteIdentity; try { stream = new NegotiateStream(netStream); TokenImpersonationLevel identification = TokenImpersonationLevel.Identification; if (this._impersonate) { identification = TokenImpersonationLevel.Impersonation; } stream.AuthenticateAsServer((NetworkCredential)CredentialCache.DefaultCredentials, this._protectionLevel, identification); netStream = stream; remoteIdentity = (WindowsIdentity)stream.RemoteIdentity; } catch { streamManager.SendErrorResponse(string.Format(CultureInfo.CurrentCulture, CoreChannel.GetResourceString("Remoting_Tcp_ServerAuthenticationFailed"), new object[0]), false); if (stream != null) { stream.Close(); } throw; } return(remoteIdentity); }
protected override Stream OnAcceptUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity) { // wrap stream NegotiateStream negotiateStream = new NegotiateStream(stream); // authenticate try { if (TD.WindowsStreamSecurityOnAcceptUpgradeIsEnabled()) { TD.WindowsStreamSecurityOnAcceptUpgrade(this.EventTraceActivity); } negotiateStream.AuthenticateAsServer(parent.ServerCredential, parent.ProtectionLevel, TokenImpersonationLevel.Identification); } catch (AuthenticationException exception) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message, exception)); } catch (IOException ioException) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException( SR.GetString(SR.NegotiationFailedIO, ioException.Message), ioException)); } remoteSecurity = CreateClientSecurity(negotiateStream, parent.ExtractGroupsForWindowsAccounts); return(negotiateStream); }
/// <summary> /// Logs in to domain /// </summary> /// <param name="userName"></param> /// <param name="password"></param> /// <param name="domain"></param> /// <returns></returns> /// <example> /// WindowsIdentity wi = SSPIHelper.LogonUser(token.Username, token.Password, "fintrax"); /// if (wi == null) /// throw new SecurityException(); /// </example> public static WindowsIdentity LogonUser(string userName, string password, string domain) { TcpListener tcpListener = new TcpListener(IPAddress.Loopback, 0); tcpListener.Start(); WindowsIdentity id = null; tcpListener.BeginAcceptTcpClient(delegate(IAsyncResult asyncResult) { using (NegotiateStream serverSide = new NegotiateStream(tcpListener.EndAcceptTcpClient(asyncResult).GetStream())) { serverSide.AuthenticateAsServer( CredentialCache.DefaultNetworkCredentials, ProtectionLevel.None, TokenImpersonationLevel.Impersonation); id = (WindowsIdentity)serverSide.RemoteIdentity; } }, null); using (NegotiateStream clientSide = new NegotiateStream(new TcpClient(IPAddress.Loopback.ToString(), ((IPEndPoint)tcpListener.LocalEndpoint).Port).GetStream())) { clientSide.AuthenticateAsClient(new NetworkCredential(userName, password, domain), "", ProtectionLevel.None, TokenImpersonationLevel.Impersonation); } return(id); }
private static void ProcessDebugRequest(object socket) { Socket request = (Socket)socket; try { var secureStream = new NegotiateStream(new NetworkStream(request, false), true); secureStream.AuthenticateAsServer(); if (!secureStream.IsAuthenticated || !secureStream.IsEncrypted) { request.Close(); return; } WindowsIdentity winIdentity = secureStream.RemoteIdentity as WindowsIdentity; if (winIdentity == null || winIdentity.User != System.Security.Principal.WindowsIdentity.GetCurrent().User) { request.Close(); return; } var reader = new StreamReader(secureStream); string auth = reader.ReadLine(); Guid g; if (!Guid.TryParse(auth, out g) || g != _authGuid) { request.Close(); return; } string exe = reader.ReadLine(); string curDir = reader.ReadLine(); string projectDir = reader.ReadLine(); string args = reader.ReadLine(); string machineName = reader.ReadLine(); string options = reader.ReadLine(); uint pid = 0; string errorText = ""; var res = _pumpForm.BeginInvoke((Action)(() => { pid = LaunchDebugger(exe, curDir, projectDir, args, machineName, options, out errorText); })); res.AsyncWaitHandle.WaitOne(); var writer = new StreamWriter(secureStream); writer.WriteLine(pid.ToString()); if (pid == 0) { writer.WriteLine(errorText.Length); writer.WriteLine(errorText); } writer.Flush(); } catch (IOException) { } catch (Exception) { Debug.Assert(false); } }
/// <summary> /// Processes the entire request / response communication using /// a NegotiateStream object which enables secure client/server /// communication. /// </summary> /// <param name="client"></param> private void HandleClientComm(object client) { TcpClient tcpClient = (TcpClient)client; NetworkStream clientStream = tcpClient.GetStream(); // Create the NegotiateStream. NegotiateStream authStream = new NegotiateStream(clientStream, false); authStream.AuthenticateAsServer(); // Get properties of the authenticated client. // This will be used to provide authorisation // in a later version. IIdentity id = authStream.RemoteIdentity; byte[] message = new byte[4096]; int bytesRead; while (true) { bytesRead = 0; try { //blocks until a client sends a message bytesRead = authStream.Read(message, 0, 4096); } catch { //a socket error has occured break; } if (bytesRead == 0) { //the client has disconnected from the server break; } // Use BinaryFormatter to get exact copy of string[] variable from client MemoryStream ms = new MemoryStream(message); BinaryFormatter bf = new BinaryFormatter(); var args = (string[])bf.Deserialize(ms); // Process message var result = Execute(args); // send back result ASCIIEncoding encoder = new ASCIIEncoding(); byte[] buffer = encoder.GetBytes((string)result); authStream.Write(buffer, 0, buffer.Length); authStream.Flush(); } tcpClient.Close(); }
private void CreateServer(object state) { try { var nsServer = new NegotiateStream(listener.AcceptTcpClient().GetStream()); nsServer.AuthenticateAsServer(CredentialCache.DefaultNetworkCredentials, ProtectionLevel.None, TokenImpersonationLevel.Impersonation); } catch (Exception ex) { //LogEvent.LogError(ex); } }
// Token: 0x06001894 RID: 6292 RVA: 0x00064FAC File Offset: 0x000631AC public static TcpServerChannel AuthenticateAsServer(TcpListener listener, Socket connection) { TcpServerChannel tcpServerChannel = null; int iotimeoutInMSec = listener.ListenerConfig.IOTimeoutInMSec; NegotiateStream negotiateStream = null; using (DisposeGuard disposeGuard = default(DisposeGuard)) { NetworkStream networkStream = new NetworkStream(connection, false); disposeGuard.Add <NetworkStream>(networkStream); negotiateStream = new NegotiateStream(networkStream, false); disposeGuard.Add <NegotiateStream>(negotiateStream); negotiateStream.WriteTimeout = iotimeoutInMSec; negotiateStream.ReadTimeout = iotimeoutInMSec; negotiateStream.AuthenticateAsServer(CredentialCache.DefaultNetworkCredentials, ProtectionLevel.None, TokenImpersonationLevel.Identification); if (!negotiateStream.IsAuthenticated) { string text = "Authentication failed"; ExTraceGlobals.TcpServerTracer.TraceError((long)connection.GetHashCode(), text); ReplayCrimsonEvents.ServerSideConnectionFailure.LogPeriodic <string, string, string>(Environment.MachineName, DiagCore.DefaultEventSuppressionInterval, connection.RemoteEndPoint.ToString(), connection.LocalEndPoint.ToString(), text); } if (!negotiateStream.IsMutuallyAuthenticated) { ExTraceGlobals.TcpServerTracer.TraceError((long)connection.GetHashCode(), "Mutual Authentication failed"); } WindowsIdentity wid = negotiateStream.RemoteIdentity as WindowsIdentity; string text2 = null; try { text2 = negotiateStream.RemoteIdentity.Name; } catch (SystemException ex) { string text3 = string.Format("RemoteIdentity.Name failed: {0}", ex.ToString()); ExTraceGlobals.TcpServerTracer.TraceError((long)connection.GetHashCode(), text3); ReplayCrimsonEvents.ServerSideConnectionFailure.LogPeriodic <string, string, string>(Environment.MachineName, DiagCore.DefaultEventSuppressionInterval, connection.RemoteEndPoint.ToString(), connection.LocalEndPoint.ToString(), text3); } if (!RemoteDataProvider.AuthorizeRequest(wid)) { ExTraceGlobals.TcpServerTracer.TraceError <string, string>((long)connection.GetHashCode(), "Authorization failed. ClientMachine={0}, User={1}", connection.RemoteEndPoint.ToString(), text2); ReplayCrimsonEvents.ServerSideConnectionFailure.LogPeriodic <string, string, string>(Environment.MachineName, DiagCore.DefaultEventSuppressionInterval, connection.RemoteEndPoint.ToString(), connection.LocalEndPoint.ToString(), string.Format("AuthorizeRequest failed. User={0}", text2)); return(null); } tcpServerChannel = new TcpServerChannel(connection, negotiateStream, listener.ListenerConfig.IOTimeoutInMSec, listener.ListenerConfig.IdleLimit); ExTraceGlobals.TcpServerTracer.TraceDebug <string, bool, bool>((long)tcpServerChannel.GetHashCode(), "Connection authenticated as {0}. Encrypted={1} Signed={2}", text2, negotiateStream.IsEncrypted, negotiateStream.IsSigned); if (tcpServerChannel != null) { disposeGuard.Success(); } } return(tcpServerChannel); }
private void CreateServer(object state) { try { NegotiateStream nsServer = new NegotiateStream( this.listener.AcceptTcpClient().GetStream() ); nsServer.AuthenticateAsServer( CredentialCache.DefaultNetworkCredentials, ProtectionLevel.None, TokenImpersonationLevel.Impersonation ); } catch (AuthenticationException) {} }
/// <summary> /// Creates security stream and authenticates as server. /// </summary> /// <param name="source">The stream wrapped by the security stream.</param> /// <returns>Security stream of type NegotiateStream.</returns> public Stream CreateSecurityStreamAndAuthenticate(Stream source) { using (EneterTrace.Entering()) { try { NegotiateStream aNegotiateStream = new NegotiateStream(source, false); aNegotiateStream.AuthenticateAsServer(); return(aNegotiateStream); } catch (Exception err) { EneterTrace.Error(TracedObject + "failed to authenticate the server.", err); throw; } } }
public static IInteractor Create(TcpClient tcpClient, DistributorRole distributorRole, EventQueue <InteractorEventArgs> eventQueue, CancellationToken token) { var stream = new NegotiateStream(tcpClient.GetStream()); try { stream.AuthenticateAsServer(); } catch (Exception error) { Log.Warn("Failed to negotiate stream", error); return(null); } var interactor = new Interactor(stream, stream.RemoteIdentity.Name, ((IPEndPoint)tcpClient.Client.RemoteEndPoint).Address, distributorRole, eventQueue, token); return(interactor); }
public static void AuthenticateClient(TcpClient clientRequest) { NetworkStream stream = clientRequest.GetStream(); var authStream = new NegotiateStream(stream, false); var builder = new StringBuilder(); try { authStream.AuthenticateAsServer( CredentialCache.DefaultNetworkCredentials, ProtectionLevel.EncryptAndSign, TokenImpersonationLevel.Identification); DisplayProperties(authStream); var buffer = new byte[65536]; int bytesRead; while (true) { bytesRead = authStream.Read(buffer, 0, buffer.Length); if (bytesRead == 0) { break; } builder.Append(Encoding.UTF8.GetString(buffer, 0, bytesRead)); } IIdentity id = authStream.RemoteIdentity; string message = builder.ToString(); Console.WriteLine("{0} sent a message of length: {1}", id.Name, message.Length); Console.WriteLine("Client disconnected."); Console.WriteLine(); } catch (Exception e) { Console.WriteLine($"Client message exception: {e.ToString()}"); } finally { authStream.Close(); } }
protected override Stream OnAcceptUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity) { NegotiateStream negotiateStream = new NegotiateStream(stream); try { negotiateStream.AuthenticateAsServer(this.parent.ServerCredential, this.parent.ProtectionLevel, TokenImpersonationLevel.Identification); } catch (AuthenticationException exception) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message, exception)); } catch (IOException exception2) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NegotiationFailedIO", new object[] { exception2.Message }), exception2)); } remoteSecurity = this.CreateClientSecurity(negotiateStream, this.parent.ExtractGroupsForWindowsAccounts); return(negotiateStream); }
public string AuthenticateAsServer(Stream stream) { using (var negotiateStream = new NegotiateStream(stream, true)) { try { negotiateStream.AuthenticateAsServer(); } catch (Exception) { return(null); } if (Users.Exists(negotiateStream.RemoteIdentity)) { return(""); } return(""); } }
private static WindowsIdentity LogonUserTCPListen(string userName, string domain, string password) { // need a full duplex stream - loopback is easiest way to get that TcpListener tcpListener = new TcpListener(IPAddress.Loopback, 0); tcpListener.Start(); ManualResetEvent done = new ManualResetEvent(false); WindowsIdentity id = null; tcpListener.BeginAcceptTcpClient(delegate(IAsyncResult asyncResult) { try { using (NegotiateStream serverSide = new NegotiateStream( tcpListener.EndAcceptTcpClient(asyncResult).GetStream())) { serverSide.AuthenticateAsServer(CredentialCache.DefaultNetworkCredentials, ProtectionLevel.None, TokenImpersonationLevel.Impersonation); id = (WindowsIdentity)serverSide.RemoteIdentity; } } catch { id = null; } finally { done.Set(); } }, null); using (NegotiateStream clientSide = new NegotiateStream(new TcpClient("localhost", ((IPEndPoint)tcpListener.LocalEndpoint).Port).GetStream())) { try { clientSide.AuthenticateAsClient(new NetworkCredential(userName, password, domain), "", ProtectionLevel.None, TokenImpersonationLevel.Impersonation); } catch { id = null; }//When the authentication fails it throws an exception } tcpListener.Stop(); done.WaitOne();//Wait until we really have the id populated to continue return(id); }
internal TCPListenerClient(TCPListener listener, Socket socket) : base(socket, listener.Handler) { //创建Socket网络流 Stream = new NetworkStream(socket); if (listener.IsUseAuthenticate) { NegotiateStream negotiate = new NegotiateStream(Stream); negotiate.AuthenticateAsServer(); while (!negotiate.IsMutuallyAuthenticated) { Thread.Sleep(10); } } //设置服务器 Listener = listener; listener.Handler.OnError = (x) => { this.Disconnect(); }; }
internal TCPListenerClient(TCPListener listener, Socket socket) : base(socket, listener.Handler) { //创建Socket网络流 Stream = new NetworkStream(socket); if (listener.IsUseAuthenticate) { NegotiateStream negotiate = new NegotiateStream(Stream); negotiate.AuthenticateAsServer(); while (!negotiate.IsMutuallyAuthenticated) { Thread.Sleep(10); } } //设置服务器 this.Listener = listener; //开始异步接收数据 SocketAsyncState state = new SocketAsyncState(); Handler.BeginReceive(Stream, EndReceive, state); }
public void NegotiateStream_InvalidPolicy_Throws() { var policy = new ExtendedProtectionPolicy(PolicyEnforcement.Never); (Stream stream1, Stream stream2) = ConnectedStreams.CreateBidirectional(); using (var client = new NegotiateStream(stream1)) using (var server = new NegotiateStream(stream2)) { // If ExtendedProtection is on, either CustomChannelBinding or CustomServiceNames must be set. AssertExtensions.Throws <ArgumentException>(nameof(policy), () => server.AuthenticateAsServer(policy)); } }
public static void Main() { NegotiateStream negotiateStream = null; try { // Set the TcpListener on port 13000. Int32 port = 13000; IPAddress localAddr = IPAddress.Loopback; // TcpListener server = new TcpListener(port); TcpListener server = new TcpListener(localAddr, port); // Start listening for client requests. server.Start(); // Buffer for reading data Byte[] bytes = new Byte[256]; String data = null; // Enter the listening loop. while (true) { Console.Write("Waiting for a connection... "); // Perform a blocking call to accept requests. // You could also user server.AcceptSocket() here. TcpClient client = server.AcceptTcpClient(); Console.WriteLine("Connected!"); data = null; // Get a stream object for reading and writing // Wrap it in a NegotiateStream. negotiateStream = new NegotiateStream(client.GetStream()); negotiateStream.AuthenticateAsServer(); if (negotiateStream.IsAuthenticated) { Console.WriteLine( "IsAuthenticated: {0}", negotiateStream.IsAuthenticated); Console.WriteLine( "IsMutuallyAuthenticated: {0}", negotiateStream.IsMutuallyAuthenticated); Console.WriteLine( "IsEncrypted: {0}", negotiateStream.IsEncrypted); Console.WriteLine( "IsSigned: {0}", negotiateStream.IsSigned); Console.WriteLine( "IsServer: {0}", negotiateStream.IsServer); IIdentity remoteIdentity = negotiateStream.RemoteIdentity; Console.WriteLine( "Client identity: {0}", remoteIdentity.Name); Console.WriteLine( "Authentication Type: {0}", remoteIdentity.AuthenticationType); } int i; // Loop to receive all the data sent by the client. while ( (i = negotiateStream.Read(bytes, 0, bytes.Length)) != 0) { // Translate data bytes to a string. // The encoding used is application specific. data = System.Text.Encoding.ASCII.GetString(bytes, 0, i); Console.WriteLine("Received: {0}", data); // Process the data sent by the client. data = data.ToUpper( System.Globalization.CultureInfo.CurrentCulture); byte[] msg = System.Text.Encoding.ASCII.GetBytes(data); // Send back a response. negotiateStream.Write(msg, 0, msg.Length); Console.WriteLine("Sent: {0}", data); } } } catch (AuthenticationException ex) { Console.WriteLine(ex.Message); } catch (SocketException ex) { Console.WriteLine(ex.Message); } catch (IOException ex) { Console.WriteLine(ex.Message); } finally { if (negotiateStream != null) { negotiateStream.Close(); } } Console.WriteLine("\nHit enter to continue..."); Console.Read(); }
protected override Task AuthenticateAsServerAsync(NegotiateStream server) => Task.Run(() => server.AuthenticateAsServer());
/// <summary> /// Authenticates the client stream /// </summary> /// <param name="stream">The stream to autenticate</param> /// <param name="userToken">the user token associated with the identity match</param> /// <param name="additionalChallenge">Additional data that much match between the client and server /// for the connection to succeed.</param> /// <returns>true if successful authentication. False otherwise.</returns> public bool TryAuthenticateAsServer(Stream stream, out Guid userToken, byte[] additionalChallenge = null) { userToken = Guid.Empty; if (additionalChallenge is null) { additionalChallenge = new byte[] { } } ; if (additionalChallenge.Length > short.MaxValue) { throw new ArgumentOutOfRangeException("additionalChallenge", "Must be less than 32767 bytes"); } using (NegotiateStream negotiateStream = new NegotiateStream(stream, true)) { try { negotiateStream.AuthenticateAsServer(CredentialCache.DefaultNetworkCredentials, ProtectionLevel.EncryptAndSign, TokenImpersonationLevel.Identification); } catch (Exception ex) { Log.Publish(MessageLevel.Info, "Security Login Failed", "Attempting an integrated security login failed", null, ex); return(false); } negotiateStream.Write((short)additionalChallenge.Length); if (additionalChallenge.Length > 0) { negotiateStream.Write(additionalChallenge); } negotiateStream.Flush(); int len = negotiateStream.ReadInt16(); if (len < 0) { Log.Publish(MessageLevel.Info, "Security Login Failed", "Attempting an integrated security login failed", "Challenge Length is invalid: " + len.ToString()); return(false); } byte[] remoteChallenge; if (len == 0) { remoteChallenge = new byte[0]; } else { remoteChallenge = negotiateStream.ReadBytes(len); } if (remoteChallenge.SecureEquals(additionalChallenge)) { if (Users.TryGetToken(negotiateStream.RemoteIdentity, out userToken)) { return(true); } Log.Publish(MessageLevel.Info, "Security Login Failed", "Attempting an integrated security login failed", "User did not exist in the database: " + negotiateStream.RemoteIdentity.ToString()); return(false); } Log.Publish(MessageLevel.Info, "Security Login Failed", "Attempting an integrated security login failed", "Challenge did not match. Potential man in the middle attack."); return(false); } }
/// <summary> /// Handles the connection process of clients /// </summary> private void HandleClientComm(object sender) { //This conntects the client //first we need an rescue timer _BootUpTimer = new Timer(new TimerCallback(_BootUpTimer_Elapsed), null, 100, 100); bool leaveInnerStreamOpen = false; try { // encryption if (_Mode == VaserOptions.ModeKerberos) { QueueSend = QueueSendKerberos; _AuthStream = new NegotiateStream(new NetworkStream(_SocketTCPClient), leaveInnerStreamOpen); } if (_Mode == VaserOptions.ModeSSL) { QueueSend = QueueSendSSL; _sslStream = new SslStream(new NetworkStream(_SocketTCPClient), leaveInnerStreamOpen); } if (_Mode == VaserOptions.ModeNotEncrypted) { QueueSend = QueueSendNotEncrypted; } if (_Mode == VaserOptions.ModeNamedPipeServerStream) { //QueueSend = QueueSendNotEncrypted; } if (_Mode == VaserOptions.ModeNamedPipeClientStream) { //QueueSend = QueueSendNotEncrypted; } if (IsServer) { //server if (_Mode == VaserOptions.ModeKerberos) { if (_vKerberosS._policy == null) { if (_vKerberosS._credential == null) { _AuthStream.AuthenticateAsServer(); } else { _AuthStream.AuthenticateAsServer(_vKerberosS._credential, _vKerberosS._requiredProtectionLevel, _vKerberosS._requiredImpersonationLevel); } } else { if (_vKerberosS._credential == null) { _AuthStream.AuthenticateAsServer(_vKerberosS._policy); } else { _AuthStream.AuthenticateAsServer(_vKerberosS._credential, _vKerberosS._policy, _vKerberosS._requiredProtectionLevel, _vKerberosS._requiredImpersonationLevel); } } link.IsAuthenticated = _AuthStream.IsAuthenticated; link.IsEncrypted = _AuthStream.IsEncrypted; link.IsMutuallyAuthenticated = _AuthStream.IsMutuallyAuthenticated; link.IsSigned = _AuthStream.IsSigned; link.IsServer = _AuthStream.IsServer; IIdentity id = _AuthStream.RemoteIdentity; link.UserName = id.Name; } if (_Mode == VaserOptions.ModeSSL) { if (_vSSLS._enabledSslProtocols == SslProtocols.None) { _sslStream.AuthenticateAsServer(_vSSLS._serverCertificate); } else { _sslStream.AuthenticateAsServer(_vSSLS._serverCertificate, _vSSLS._clientCertificateRequired, _vSSLS._enabledSslProtocols, _vSSLS._checkCertificateRevocation); } link.IsEncrypted = true; link.IsServer = true; } if (_Mode == VaserOptions.ModeNotEncrypted) { link.IsServer = true; } if (_Mode == VaserOptions.ModeNamedPipeServerStream) { link.IsServer = true; } link.vServer = server; BootupDone = true; server.AddNewLink(link); } else { //client if (_Mode == VaserOptions.ModeKerberos) { if (_vKerberosC._binding == null) { if (_vKerberosC._credential == null) { _AuthStream.AuthenticateAsClient(); } else { if (_vKerberosC._requiredProtectionLevel == ProtectionLevel.None && _vKerberosC._requiredImpersonationLevel == TokenImpersonationLevel.None) { _AuthStream.AuthenticateAsClient(_vKerberosC._credential, _vKerberosC._targetName); } else { _AuthStream.AuthenticateAsClient(_vKerberosC._credential, _vKerberosC._targetName, _vKerberosC._requiredProtectionLevel, _vKerberosC._requiredImpersonationLevel); } } } else { if (_vKerberosC._requiredProtectionLevel == ProtectionLevel.None && _vKerberosC._requiredImpersonationLevel == TokenImpersonationLevel.None) { _AuthStream.AuthenticateAsClient(_vKerberosC._credential, _vKerberosC._binding, _vKerberosC._targetName); } else { _AuthStream.AuthenticateAsClient(_vKerberosC._credential, _vKerberosC._binding, _vKerberosC._targetName, _vKerberosC._requiredProtectionLevel, _vKerberosC._requiredImpersonationLevel); } } link.IsAuthenticated = _AuthStream.IsAuthenticated; link.IsEncrypted = _AuthStream.IsEncrypted; link.IsMutuallyAuthenticated = _AuthStream.IsMutuallyAuthenticated; link.IsSigned = _AuthStream.IsSigned; link.IsServer = _AuthStream.IsServer; IIdentity id = _AuthStream.RemoteIdentity; } if (_Mode == VaserOptions.ModeSSL) { if (_vSSLC._clientCertificates == null) { _sslStream.AuthenticateAsClient(_vSSLC._targetHost); } else { _sslStream.AuthenticateAsClient(_vSSLC._targetHost, _vSSLC._clientCertificates, _vSSLC._enabledSslProtocols, _vSSLC._checkCertificateRevocation); } link.IsEncrypted = true; } if (_Mode == VaserOptions.ModeNamedPipeClientStream) { } //Thread.Sleep(50); BootupDone = true; _IsAccepted = true; if (_Mode == VaserOptions.ModeNotEncrypted) { ThreadPool.QueueUserWorkItem(ReceiveNotEncrypted); } if (_Mode == VaserOptions.ModeKerberos) { ThreadPool.QueueUserWorkItem(ReceiveKerberos); } if (_Mode == VaserOptions.ModeSSL) { ThreadPool.QueueUserWorkItem(ReceiveSSL); } } if (EnableHeartbeat) { HeartbeatTimer = new Timer(new TimerCallback(OnHeartbeatEvent), null, HeartbeatMilliseconds, HeartbeatMilliseconds); } } catch (AuthenticationException e) { Debug.WriteLine("Authentication failed. " + e.ToString()); _BootUpTimer.Dispose(); Stop(); return; } catch (Exception e) { Debug.WriteLine("Authentication failed. " + e.ToString()); _BootUpTimer.Dispose(); Stop(); return; } // encryption END _BootUpTimer.Dispose(); _BootUpTimer = null; }
protected override Task AuthenticateAsServerAsync(NegotiateStream server) => Task.Run(() => server.AuthenticateAsServer(null));
protected override Task AuthenticateAsServerAsync(NegotiateStream server) => Task.Run(() => server.AuthenticateAsServer((NetworkCredential)CredentialCache.DefaultCredentials, ProtectionLevel.None, TokenImpersonationLevel.Identification));
public void NegotiateStream_InvalidPolicy_Throws() { var network = new VirtualNetwork(); var policy = new ExtendedProtectionPolicy(PolicyEnforcement.Never); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { // If ExtendedProtection is on, either CustomChannelBinding or CustomServiceNames must be set. AssertExtensions.Throws <ArgumentException>(nameof(policy), () => server.AuthenticateAsServer(policy)); } }
public void ServerThreadProc() { NegotiateStream negotiateStream = null; while (true) { try { // 處理用戶端連線 tcpClient = tcpListener.AcceptTcpClient(); // 取得本機相關的網路資訊 IPEndPoint serverInfo = (IPEndPoint)tcpListener.LocalEndpoint; // 以Client屬性取得用戶端之Socket物件 Socket clientSocket = tcpClient.Client; // 取得連線用戶端相關的網路連線資訊 IPEndPoint clientInfo = (IPEndPoint)clientSocket.RemoteEndPoint; Console.WriteLine("Client: " + clientInfo.Address.ToString() + ":" + clientInfo.Port.ToString()); Console.WriteLine("Server: " + serverInfo.Address.ToString() + ":" + serverInfo.Port.ToString()); // 建立支援用戶端與伺服端間交涉安全性通訊協定之資料串流 negotiateStream = new NegotiateStream(tcpClient.GetStream()); // 由伺服端呼叫驗證連接中之用戶端,並選擇性驗證伺服端 negotiateStream.AuthenticateAsServer(); // 判斷驗證(Authentication)是否成功 if (negotiateStream.IsAuthenticated) { System.Security.Principal.IIdentity remoteIdentity = negotiateStream.RemoteIdentity; Console.WriteLine("Client identity: {0}", remoteIdentity.Name); Console.WriteLine("Authentication Type: {0}", remoteIdentity.AuthenticationType); Console.WriteLine("IsAuthenticated: {0}", negotiateStream.IsAuthenticated); Console.WriteLine("IsMutuallyAuthenticated: {0}", negotiateStream.IsMutuallyAuthenticated); Console.WriteLine("IsEncrypted: {0}", negotiateStream.IsEncrypted); Console.WriteLine("IsSigned: {0}", negotiateStream.IsSigned); Console.WriteLine("IsServer: {0}", negotiateStream.IsServer); } // 判斷串流是否支援讀取功能 if (negotiateStream.CanRead) { byte[] bytes = new byte[1024]; // 自資料串流中讀取資料 int bytesReceived = negotiateStream.Read(bytes, 0, bytes.Length); string data = Encoding.ASCII.GetString(bytes, 0, bytesReceived); Console.WriteLine("接收的資料內容: " + "\r\n" + "{0}", data + "\r\n"); } else { Console.WriteLine("串流不支援讀取功能."); } // 判斷串流是否支援寫入功能 if (negotiateStream.CanWrite) { // 測試用 string htmlBody = "<html><head><title>Send Test</title></head><body><font size=2 face=Verdana>Sent OK.</font></body></html>"; string htmlHeader = "HTTP/1.0 200 OK" + "\r\n" + "Server: HTTP Server 1.0" + "\r\n" + "Content-Type: text/html" + "\r\n" + "Content-Length: " + htmlBody.Length + "\r\n" + "\r\n"; string htmlContent = htmlHeader + htmlBody; // 設定傳送資料緩衝區 byte[] msg = Encoding.ASCII.GetBytes(htmlContent); // 將資料寫入資料串流中 negotiateStream.Write(msg, 0, msg.Length); Console.WriteLine("傳送的資料內容: " + "\r\n" + "{0}", Encoding.UTF8.GetString(msg, 0, msg.Length) + "\r\n"); } else { Console.WriteLine("串流不支援寫入功能."); } } catch (AuthenticationException aex) { Console.WriteLine(aex.StackTrace.ToString()); } catch (SocketException ex) { Console.WriteLine(ex.StackTrace.ToString()); } catch (IOException ioex) { Console.WriteLine(ioex.StackTrace.ToString()); } finally { if (negotiateStream != null) { // 關閉串流 negotiateStream.Close(); } } } }
public bool validateUsers(string User, string Password) { string strDomain; strDomain = ""; int pos = User.IndexOf(@"\"); if (pos < 1) { TcpListener localUserValidate = new TcpListener(IPAddress.Loopback, 0); localUserValidate.Start(); ManualResetEvent done = new ManualResetEvent(false); WindowsIdentity id = null; localUserValidate.BeginAcceptTcpClient(delegate(IAsyncResult asyncResult) { try { using (NegotiateStream serverSide = new NegotiateStream(localUserValidate.EndAcceptTcpClient(asyncResult).GetStream())) { serverSide.AuthenticateAsServer(CredentialCache.DefaultNetworkCredentials, ProtectionLevel.None, TokenImpersonationLevel.Impersonation); id = (WindowsIdentity)serverSide.RemoteIdentity; } } catch (Exception ex) { id = null; } finally { done.Set(); } }, null); using (NegotiateStream clientSide = new NegotiateStream(new TcpClient("localhost", ((IPEndPoint)localUserValidate.LocalEndpoint).Port).GetStream())) { try { clientSide.AuthenticateAsClient(new NetworkCredential(User, Password, strDomain), "", ProtectionLevel.None, TokenImpersonationLevel.Impersonation); } catch (Exception ex) { id = null; } } localUserValidate.Stop(); done.WaitOne();//Wait until we really have the id populated to continue if (id == null) { return(false); } else { return(true); } } else { int len = User.Length; int pos2 = (pos + 1); int len2 = (len - pos2); strDomain = User.Substring(0, pos); User = User.Substring(pos2, len2); PrincipalContext pc2 = new PrincipalContext(ContextType.Domain, strDomain); try { return(pc2.ValidateCredentials(User, Password)); } catch (Exception ex) { return(false); } finally { pc2.Dispose(); } } }