예제 #1
0
        internal static IIdentity GetIdentity(NTAuthentication context)
        {
            IIdentity?result;
            string?   name     = context.IsServer ? null : context.Spn;
            string    protocol = context.ProtocolName;

            if (context.IsServer)
            {
                SecurityContextTokenHandle?token = null;
                try
                {
                    SafeDeleteContext?securityContext = context.GetContext(out SecurityStatusPal status);
                    if (status.ErrorCode != SecurityStatusPalErrorCode.OK)
                    {
                        throw new Win32Exception((int)SecurityStatusAdapterPal.GetInteropFromSecurityStatusPal(status));
                    }

                    name = QueryContextAssociatedName(securityContext !);
                    if (NetEventSource.Log.IsEnabled())
                    {
                        NetEventSource.Info(context, $"NTAuthentication: The context is associated with [{name}]");
                    }

                    // This will return a client token when conducted authentication on server side.
                    // This token can be used for impersonation. We use it to create a WindowsIdentity and hand it out to the server app.
                    Interop.SECURITY_STATUS winStatus = (Interop.SECURITY_STATUS)SSPIWrapper.QuerySecurityContextToken(
                        GlobalSSPI.SSPIAuth,
                        securityContext !,
                        out token);
                    if (winStatus != Interop.SECURITY_STATUS.OK)
                    {
                        throw new Win32Exception((int)winStatus);
                    }
                    string authtype = context.ProtocolName;

                    // The following call was also specifying WindowsAccountType.Normal, true.
                    // WindowsIdentity.IsAuthenticated is no longer supported in .NET Core
                    result = new WindowsIdentity(token.DangerousGetHandle(), authtype);
                    return(result);
                }
                catch (SecurityException)
                {
                    // Ignore and construct generic Identity if failed due to security problem.
                }
                finally
                {
                    token?.Dispose();
                }
            }

            // On the client we don't have access to the remote side identity.
            result = new GenericIdentity(name ?? string.Empty, protocol);
            return(result);
        }
예제 #2
0
        internal static IIdentity GetIdentity(NTAuthentication context)
        {
            IIdentity result   = null;
            string    name     = context.IsServer ? context.AssociatedName : context.Spn;
            string    protocol = context.ProtocolName;

            if (context.IsServer)
            {
                SecurityContextTokenHandle token = null;
                try
                {
                    SecurityStatusPal status;
                    SafeDeleteContext securityContext = context.GetContext(out status);
                    if (status.ErrorCode != SecurityStatusPalErrorCode.OK)
                    {
                        throw new Win32Exception((int)SecurityStatusAdapterPal.GetInteropFromSecurityStatusPal(status));
                    }

                    // This will return a client token when conducted authentication on server side.
                    // This token can be used for impersonation. We use it to create a WindowsIdentity and hand it out to the server app.
                    Interop.SECURITY_STATUS winStatus = (Interop.SECURITY_STATUS)SSPIWrapper.QuerySecurityContextToken(
                        GlobalSSPI.SSPIAuth,
                        securityContext,
                        out token);
                    if (winStatus != Interop.SECURITY_STATUS.OK)
                    {
                        throw new Win32Exception((int)winStatus);
                    }
                    string authtype = context.ProtocolName;

                    // TODO #5241:
                    // The following call was also specifying WindowsAccountType.Normal, true.
                    // WindowsIdentity.IsAuthenticated is no longer supported in CoreFX.
                    result = new WindowsIdentity(token.DangerousGetHandle(), authtype);
                    return(result);
                }
                catch (SecurityException)
                {
                    // Ignore and construct generic Identity if failed due to security problem.
                }
                finally
                {
                    if (token != null)
                    {
                        token.Dispose();
                    }
                }
            }

            // On the client we don't have access to the remote side identity.
            result = new GenericIdentity(name, protocol);
            return(result);
        }
예제 #3
0
        internal IIdentity GetIdentity()
        {
            CheckThrow(true);

            IIdentity result   = null;
            string    name     = _context.IsServer ? _context.AssociatedName : _context.Spn;
            string    protocol = "NTLM";

            protocol = _context.ProtocolName;

            if (_context.IsServer)
            {
                SecurityContextTokenHandle token = null;
                try
                {
                    token = _context.GetContextToken();
                    string authtype = _context.ProtocolName;

                    // TODO #5241:
                    // The following call was also specifying WindowsAccountType.Normal, true.
                    // WindowsIdentity.IsAuthenticated is no longer supported in CoreFX.
                    result = new WindowsIdentity(token.DangerousGetHandle(), authtype);
                    return(result);
                }
                catch (SecurityException)
                {
                    // Ignore and construct generic Identity if failed due to security problem.
                }
                finally
                {
                    if (token != null)
                    {
                        token.Dispose();
                    }
                }
            }

            // On the client we don't have access to the remote side identity.
            result = new GenericIdentity(name, protocol);
            return(result);
        }