public void DecryptMessage(int messageLength, byte[] encryptedBytes, out byte[] decryptedBytes)
        {
            decryptedBytes = null;

            var encryptedMessage = new byte[messageLength];

            Array.Copy(encryptedBytes, 0, encryptedMessage, 0, messageLength);

            var securityTrailerLength = encryptedBytes.Length - messageLength;
            var securityTrailer       = new byte[securityTrailerLength];

            Array.Copy(encryptedBytes, messageLength, securityTrailer, 0, securityTrailerLength);

            var buffers = new[]
            {
                new SecurityBuffer(encryptedBytes, SecurityBufferType.Data),
                new SecurityBuffer(securityTrailer, SecurityBufferType.Stream)
            };

            var descriptor           = new SecurityBufferDescriptor(buffers);
            var contextAddRefSuccess = false;

            RuntimeHelpers.PrepareConstrainedRegions();
            try
            {
                DangerousAddRef(ref contextAddRefSuccess);
            }
            catch (Exception ex)
            {
                if (contextAddRefSuccess)
                {
                    DangerousRelease();
                    contextAddRefSuccess = false;
                }

                if (!(ex is ObjectDisposedException))
                {
                    throw;
                }
            }
            finally
            {
                try
                {
                    uint quality;
                    var  result = NativeMethods.DecryptMessage(ref _handle, ref descriptor, 0, out quality);
                    if (result != NativeMethods.SEC_E_OK)
                    {
                        throw Win32Exception.Create(result, "Unable to decrypt message.");
                    }

                    decryptedBytes = descriptor.ToByteArray();
                }
                finally
                {
                    descriptor.Free();
                }
            }
        }
        public void MakeSignature(byte[] inBytes, out byte[] outBytes)
        {
            outBytes = null;

            var contextAddRefSuccess = false;

            SecurityPackageContextSizes sizes;

            QueryBufferSizes(out sizes);

            var buffers = new[]
            {
                new SecurityBuffer(new byte[sizes.SecurityTrailer], SecurityBufferType.Token),
                new SecurityBuffer(inBytes, SecurityBufferType.Data),
                new SecurityBuffer(new byte[sizes.BlockSize], SecurityBufferType.Padding)
            };

            var descriptor = new SecurityBufferDescriptor(buffers);

            RuntimeHelpers.PrepareConstrainedRegions();
            try
            {
                DangerousAddRef(ref contextAddRefSuccess);
            }
            catch (Exception ex)
            {
                if (contextAddRefSuccess)
                {
                    DangerousRelease();
                    contextAddRefSuccess = false;
                }

                if (!(ex is ObjectDisposedException))
                {
                    throw;
                }
            }
            finally
            {
                try
                {
                    var result = NativeMethods.MakeSignature(ref _handle, MakeSignatureQualityOfProtection.None, ref descriptor, 0);

                    DangerousRelease();

                    if (result != NativeMethods.SEC_E_OK)
                    {
                        throw Win32Exception.Create(result, "Unable to encrypt message.");
                    }

                    outBytes = descriptor.ToByteArray();
                }
                finally
                {
                    descriptor.Free();
                }
            }
        }
        public void DecryptMessage(int messageLength, byte[] encryptedBytes, out byte[] decryptedBytes)
        {
            decryptedBytes = null;

            var encryptedMessage = new byte[messageLength];
            Array.Copy(encryptedBytes, 0, encryptedMessage, 0, messageLength);

            var securityTrailerLength = encryptedBytes.Length - messageLength;
            var securityTrailer = new byte[securityTrailerLength];
            Array.Copy(encryptedBytes, messageLength, securityTrailer, 0, securityTrailerLength);

            var buffers = new[]
            {
                new SecurityBuffer(encryptedBytes, SecurityBufferType.Data),
                new SecurityBuffer(securityTrailer, SecurityBufferType.Stream)
            };

            var descriptor = new SecurityBufferDescriptor(buffers);
            var contextAddRefSuccess = false;
            RuntimeHelpers.PrepareConstrainedRegions();
            try
            {
                DangerousAddRef(ref contextAddRefSuccess);
            }
            catch (Exception ex)
            {
                if (contextAddRefSuccess)
                {
                    DangerousRelease();
                    contextAddRefSuccess = false;
                }

                if (!(ex is ObjectDisposedException))
                    throw;
            }
            finally
            {
                try
                {
                    uint quality;
                    var result = NativeMethods.DecryptMessage(ref _handle, ref descriptor, 0, out quality);
                    if (result != NativeMethods.SEC_E_OK)
                        throw Win32Exception.Create(result, "Unable to decrypt message.");

                    decryptedBytes = descriptor.ToByteArray();
                }
                finally
                {
                    descriptor.Free();
                }
            }
        }
        public void AcceptToken(byte[] inBytes, out byte[] outBytes)
        {
            outBytes = null;

            var outputBuffer = new SecurityBufferDescriptor((int)_credential.PackageInfo.MaxTokenSize);

            var credentialAddRefSuccess = false;
            var contextAddRefSuccess    = false;

            RuntimeHelpers.PrepareConstrainedRegions();
            try
            {
                _credential.DangerousAddRef(ref credentialAddRefSuccess);
                DangerousAddRef(ref contextAddRefSuccess);
            }
            catch (Exception ex)
            {
                if (credentialAddRefSuccess)
                {
                    _credential.DangerousRelease();
                    credentialAddRefSuccess = false;
                }
                if (contextAddRefSuccess)
                {
                    DangerousRelease();
                    contextAddRefSuccess = false;
                }

                if (!(ex is ObjectDisposedException))
                {
                    throw;
                }
            }
            finally
            {
                try
                {
                    var flags       = SspiContextFlags.MutualAuth;
                    var clientToken = new SecurityBufferDescriptor(inBytes);

                    uint result;
                    long timestamp;
                    var  credentialHandle = _credential.Handle;
                    if (_handle.IsZero)
                    {
                        result = NativeMethods.AcceptSecurityContext(
                            ref credentialHandle,
                            IntPtr.Zero,
                            ref clientToken,
                            flags,
                            DataRepresentation.Network,
                            ref _handle,
                            ref outputBuffer,
                            out flags,
                            out timestamp);
                    }
                    else
                    {
                        try
                        {
                            result = NativeMethods.AcceptSecurityContext(
                                ref credentialHandle,
                                ref _handle,
                                ref clientToken,
                                flags,
                                DataRepresentation.Network,
                                ref _handle,
                                ref outputBuffer,
                                out flags,
                                out timestamp);
                        }
                        finally
                        {
                            clientToken.Free();
                        }
                    }

                    _credential.DangerousRelease();
                    DangerousRelease();

                    if (result != NativeMethods.SEC_E_OK && result != NativeMethods.SEC_I_CONTINUE_NEEDED)
                    {
                        throw Win32Exception.Create(result, "Unable to initialize security context.");
                    }

                    outBytes      = outputBuffer.ToByteArray();
                    IsInitialized = result == NativeMethods.SEC_E_OK;
                }
                finally
                {
                    outputBuffer.Free();
                }
            }
        }
        public void Initialize(string servicePrincipalName, byte[] inBytes, out byte[] outBytes)
        {
            outBytes = null;

            var outputBuffer = new SecurityBufferDescriptor((int)_credential.PackageInfo.MaxTokenSize);

            var credentialAddRefSuccess = false;
            var contextAddRefSuccess    = false;

            RuntimeHelpers.PrepareConstrainedRegions();
            try
            {
                _credential.DangerousAddRef(ref credentialAddRefSuccess);
                DangerousAddRef(ref contextAddRefSuccess);
            }
            catch (Exception ex)
            {
                if (credentialAddRefSuccess)
                {
                    _credential.DangerousRelease();
                    credentialAddRefSuccess = false;
                }
                if (contextAddRefSuccess)
                {
                    DangerousRelease();
                    contextAddRefSuccess = false;
                }

                if (!(ex is ObjectDisposedException))
                {
                    throw;
                }
            }
            finally
            {
                try
                {
                    uint result;
                    long timestamp;
                    var  credentialHandle = _credential.Handle;
                    if (inBytes == null || inBytes.Length == 0)
                    {
                        result = NativeMethods.InitializeSecurityContext(
                            ref credentialHandle,
                            IntPtr.Zero,
                            servicePrincipalName,
                            _requestedContextFlags,
                            0,
                            DataRepresentation.Network,
                            IntPtr.Zero,
                            0,
                            ref _handle,
                            ref outputBuffer,
                            out _receivedContextFlags,
                            out timestamp);
                    }
                    else
                    {
                        var serverToken = new SecurityBufferDescriptor(inBytes);

                        try
                        {
                            result = NativeMethods.InitializeSecurityContext(
                                ref credentialHandle,
                                ref _handle,
                                servicePrincipalName,
                                _requestedContextFlags,
                                0,
                                DataRepresentation.Network,
                                ref serverToken,
                                0,
                                ref _handle,
                                ref outputBuffer,
                                out _receivedContextFlags,
                                out timestamp);
                        }
                        finally
                        {
                            serverToken.Free();
                        }
                    }

                    _credential.DangerousRelease();
                    DangerousRelease();

                    if (result != NativeMethods.SEC_E_OK && result != NativeMethods.SEC_I_CONTINUE_NEEDED)
                    {
                        throw Win32Exception.Create(result, "Unable to initialize security context.");
                    }

                    outBytes      = outputBuffer.ToByteArray();
                    IsInitialized = result == NativeMethods.SEC_E_OK;
                }
                finally
                {
                    outputBuffer.Free();
                }
            }
        }
        public void VerifySignature(byte[] inBytes, out byte[] outBytes)
        {
            bool contextAddRefSuccess = false;

            SecurityPackageContextSizes sizes;

            QueryBufferSizes(out sizes);

            var buffers = new[]
            {
                new SecurityBuffer(new byte[sizes.SecurityTrailer], SecurityBufferType.Token),
                new SecurityBuffer(inBytes, SecurityBufferType.Data),
                new SecurityBuffer(new byte[sizes.BlockSize], SecurityBufferType.Padding)
            };

            var descriptor = new SecurityBufferDescriptor(buffers);

            RuntimeHelpers.PrepareConstrainedRegions();
            try
            {
                DangerousAddRef(ref contextAddRefSuccess);
            }
            catch (Exception ex)
            {
                if (contextAddRefSuccess)
                {
                    DangerousRelease();
                    contextAddRefSuccess = false;
                }

                if (!(ex is ObjectDisposedException))
                {
                    throw;
                }
            }
            finally
            {
                try
                {
                    var status = NativeMethods.VerifySignature(ref _handle, ref descriptor, 0, MakeSignatureQualityOfProtection.None);

                    DangerousRelease();

                    switch ((long)status)
                    {
                    case NativeMethods.SEC_E_OK:
                        outBytes = descriptor.ToByteArray();
                        break;

                    case NativeMethods.SEC_E_OUT_OF_SEQUENCE:
                    case NativeMethods.SEC_E_MESSAGE_ALTERED:
                        outBytes = null;
                        break;

                    default:
                        throw Win32Exception.Create(status, "Unable to encrypt message.");
                    }
                }
                finally
                {
                    descriptor.Free();
                }
            }
        }
        public void AcceptToken(byte[] inBytes, out byte[] outBytes)
        {
            outBytes = null;

            var outputBuffer = new SecurityBufferDescriptor((int)_credential.PackageInfo.MaxTokenSize);

            var credentialAddRefSuccess = false;
            var contextAddRefSuccess = false;

            RuntimeHelpers.PrepareConstrainedRegions();
            try
            {
                _credential.DangerousAddRef(ref credentialAddRefSuccess);
                DangerousAddRef(ref contextAddRefSuccess);
            }
            catch (Exception ex)
            {
                if (credentialAddRefSuccess)
                {
                    _credential.DangerousRelease();
                    credentialAddRefSuccess = false;
                }
                if (contextAddRefSuccess)
                {
                    DangerousRelease();
                    contextAddRefSuccess = false;
                }

                if (!(ex is ObjectDisposedException))
                    throw;
            }
            finally
            {
                try
                {
                    var flags = SspiContextFlags.MutualAuth;
                    var clientToken = new SecurityBufferDescriptor(inBytes);

                    uint result;
                    long timestamp;
                    var credentialHandle = _credential.Handle;
                    if (_handle.IsZero)
                    {
                        result = NativeMethods.AcceptSecurityContext(
                            ref credentialHandle,
                            IntPtr.Zero,
                            ref clientToken,
                            flags,
                            DataRepresentation.Network,
                            ref _handle,
                            ref outputBuffer,
                            out flags,
                            out timestamp);
                    }
                    else
                    {

                        try
                        {
                            result = NativeMethods.AcceptSecurityContext(
                                ref credentialHandle,
                                ref _handle,
                                ref clientToken,
                                flags,
                                DataRepresentation.Network,
                                ref _handle,
                                ref outputBuffer,
                                out flags,
                                out timestamp);
                        }
                        finally
                        {
                            clientToken.Free();
                        }
                    }

                    _credential.DangerousRelease();
                    DangerousRelease();

                    if (result != NativeMethods.SEC_E_OK && result != NativeMethods.SEC_I_CONTINUE_NEEDED)
                        throw Win32Exception.Create(result, "Unable to initialize security context.");

                    outBytes = outputBuffer.ToByteArray();
                    IsInitialized = result == NativeMethods.SEC_E_OK;
                }
                finally
                {
                    outputBuffer.Free();
                }
            }
        }
        public void Initialize(string servicePrincipalName, byte[] inBytes, out byte[] outBytes)
        {
            outBytes = null;

            var outputBuffer = new SecurityBufferDescriptor((int)_credential.PackageInfo.MaxTokenSize);

            var credentialAddRefSuccess = false;
            var contextAddRefSuccess = false;

            RuntimeHelpers.PrepareConstrainedRegions();
            try
            {
                _credential.DangerousAddRef(ref credentialAddRefSuccess);
                DangerousAddRef(ref contextAddRefSuccess);
            }
            catch (Exception ex)
            {
                if (credentialAddRefSuccess)
                {
                    _credential.DangerousRelease();
                    credentialAddRefSuccess = false;
                }
                if (contextAddRefSuccess)
                {
                    DangerousRelease();
                    contextAddRefSuccess = false;
                }

                if (!(ex is ObjectDisposedException))
                    throw;
            }
            finally
            {
                try
                {
                    uint result;
                    long timestamp;
                    var credentialHandle = _credential.Handle;
                    if (inBytes == null || inBytes.Length == 0)
                    {
                        result = NativeMethods.InitializeSecurityContext(
                            ref credentialHandle,
                            IntPtr.Zero,
                            servicePrincipalName,
                            _requestedContextFlags,
                            0,
                            DataRepresentation.Network,
                            IntPtr.Zero,
                            0,
                            ref _handle,
                            ref outputBuffer,
                            out _receivedContextFlags,
                            out timestamp);
                    }
                    else
                    {
                        var serverToken = new SecurityBufferDescriptor(inBytes);

                        try
                        {
                            result = NativeMethods.InitializeSecurityContext(
                                ref credentialHandle,
                                ref _handle,
                                servicePrincipalName,
                                _requestedContextFlags,
                                0,
                                DataRepresentation.Network,
                                ref serverToken,
                                0,
                                ref _handle,
                                ref outputBuffer,
                                out _receivedContextFlags,
                                out timestamp);
                        }
                        finally
                        {
                            serverToken.Free();
                        }
                    }

                    _credential.DangerousRelease();
                    DangerousRelease();

                    if (result != NativeMethods.SEC_E_OK && result != NativeMethods.SEC_I_CONTINUE_NEEDED)
                        throw Win32Exception.Create(result, "Unable to initialize security context.");

                    outBytes = outputBuffer.ToByteArray();
                    IsInitialized = result == NativeMethods.SEC_E_OK;
                }
                finally
                {
                    outputBuffer.Free();
                }
            }
        }
        public void VerifySignature(byte[] inBytes, out byte[] outBytes)
        {
            bool contextAddRefSuccess = false;

            SecurityPackageContextSizes sizes;
            QueryBufferSizes(out sizes);

            var buffers = new[]
            {
                new SecurityBuffer(new byte[sizes.SecurityTrailer], SecurityBufferType.Token),
                new SecurityBuffer(inBytes, SecurityBufferType.Data),
                new SecurityBuffer(new byte[sizes.BlockSize], SecurityBufferType.Padding)
            };

            var descriptor = new SecurityBufferDescriptor(buffers);

            RuntimeHelpers.PrepareConstrainedRegions();
            try
            {
                DangerousAddRef(ref contextAddRefSuccess);
            }
            catch (Exception ex)
            {
                if (contextAddRefSuccess)
                {
                    DangerousRelease();
                    contextAddRefSuccess = false;
                }

                if (!(ex is ObjectDisposedException))
                    throw;
            }
            finally
            {
                try
                {
                    var status = NativeMethods.VerifySignature(ref _handle, ref descriptor, 0, MakeSignatureQualityOfProtection.None);

                    DangerousRelease();

                    switch ((long)status)
                    {
                        case NativeMethods.SEC_E_OK:
                            outBytes = descriptor.ToByteArray();
                            break;

                        case NativeMethods.SEC_E_OUT_OF_SEQUENCE:
                        case NativeMethods.SEC_E_MESSAGE_ALTERED:
                            outBytes = null;
                            break;

                        default:
                            throw Win32Exception.Create(status, "Unable to encrypt message.");
                    }
                }
                finally 
                {
                    descriptor.Free();
                }
            }
        }
        public void MakeSignature(byte[] inBytes, out byte[] outBytes)
        {
            outBytes = null;

            var contextAddRefSuccess = false;

            SecurityPackageContextSizes sizes;
            QueryBufferSizes(out sizes);

            var buffers = new[]
            {
                new SecurityBuffer(new byte[sizes.SecurityTrailer], SecurityBufferType.Token),
                new SecurityBuffer(inBytes, SecurityBufferType.Data),
                new SecurityBuffer(new byte[sizes.BlockSize], SecurityBufferType.Padding)
            };

            var descriptor = new SecurityBufferDescriptor(buffers);

            RuntimeHelpers.PrepareConstrainedRegions();
            try
            {
                DangerousAddRef(ref contextAddRefSuccess);
            }
            catch (Exception ex)
            {
                if (contextAddRefSuccess)
                {
                    DangerousRelease();
                    contextAddRefSuccess = false;
                }

                if (!(ex is ObjectDisposedException))
                    throw;
            }
            finally
            {
                try
                {
                    var result = NativeMethods.MakeSignature(ref _handle, MakeSignatureQualityOfProtection.None, ref descriptor, 0);

                    DangerousRelease();

                    if (result != NativeMethods.SEC_E_OK)
                        throw Win32Exception.Create(result, "Unable to encrypt message.");

                    outBytes = descriptor.ToByteArray();
                }
                finally
                {
                    descriptor.Free();
                }
            }
        }