internal static IIdentity GetIdentity(NTAuthentication context) { IIdentity?result; string? name = context.IsServer ? null : context.Spn; string protocol = context.ProtocolName; if (context.IsServer) { SecurityContextTokenHandle?token = null; try { SafeDeleteContext?securityContext = context.GetContext(out SecurityStatusPal status); if (status.ErrorCode != SecurityStatusPalErrorCode.OK) { throw new Win32Exception((int)SecurityStatusAdapterPal.GetInteropFromSecurityStatusPal(status)); } name = QueryContextAssociatedName(securityContext !); if (NetEventSource.Log.IsEnabled()) { NetEventSource.Info(context, $"NTAuthentication: The context is associated with [{name}]"); } // This will return a client token when conducted authentication on server side. // This token can be used for impersonation. We use it to create a WindowsIdentity and hand it out to the server app. Interop.SECURITY_STATUS winStatus = (Interop.SECURITY_STATUS)SSPIWrapper.QuerySecurityContextToken( GlobalSSPI.SSPIAuth, securityContext !, out token); if (winStatus != Interop.SECURITY_STATUS.OK) { throw new Win32Exception((int)winStatus); } string authtype = context.ProtocolName; // The following call was also specifying WindowsAccountType.Normal, true. // WindowsIdentity.IsAuthenticated is no longer supported in .NET Core result = new WindowsIdentity(token.DangerousGetHandle(), authtype); return(result); } catch (SecurityException) { // Ignore and construct generic Identity if failed due to security problem. } finally { token?.Dispose(); } } // On the client we don't have access to the remote side identity. result = new GenericIdentity(name ?? string.Empty, protocol); return(result); }
internal static IIdentity GetIdentity(NTAuthentication context) { IIdentity result = null; string name = context.IsServer ? context.AssociatedName : context.Spn; string protocol = context.ProtocolName; if (context.IsServer) { SecurityContextTokenHandle token = null; try { SecurityStatusPal status; SafeDeleteContext securityContext = context.GetContext(out status); if (status.ErrorCode != SecurityStatusPalErrorCode.OK) { throw new Win32Exception((int)SecurityStatusAdapterPal.GetInteropFromSecurityStatusPal(status)); } // This will return a client token when conducted authentication on server side. // This token can be used for impersonation. We use it to create a WindowsIdentity and hand it out to the server app. Interop.SECURITY_STATUS winStatus = (Interop.SECURITY_STATUS)SSPIWrapper.QuerySecurityContextToken( GlobalSSPI.SSPIAuth, securityContext, out token); if (winStatus != Interop.SECURITY_STATUS.OK) { throw new Win32Exception((int)winStatus); } string authtype = context.ProtocolName; // TODO #5241: // The following call was also specifying WindowsAccountType.Normal, true. // WindowsIdentity.IsAuthenticated is no longer supported in CoreFX. result = new WindowsIdentity(token.DangerousGetHandle(), authtype); return(result); } catch (SecurityException) { // Ignore and construct generic Identity if failed due to security problem. } finally { if (token != null) { token.Dispose(); } } } // On the client we don't have access to the remote side identity. result = new GenericIdentity(name, protocol); return(result); }
internal IIdentity GetIdentity() { CheckThrow(true); IIdentity result = null; string name = _context.IsServer ? _context.AssociatedName : _context.Spn; string protocol = "NTLM"; protocol = _context.ProtocolName; if (_context.IsServer) { SecurityContextTokenHandle token = null; try { token = _context.GetContextToken(); string authtype = _context.ProtocolName; // TODO #5241: // The following call was also specifying WindowsAccountType.Normal, true. // WindowsIdentity.IsAuthenticated is no longer supported in CoreFX. result = new WindowsIdentity(token.DangerousGetHandle(), authtype); return(result); } catch (SecurityException) { // Ignore and construct generic Identity if failed due to security problem. } finally { if (token != null) { token.Dispose(); } } } // On the client we don't have access to the remote side identity. result = new GenericIdentity(name, protocol); return(result); }