/// <summary> /// Checks there's a Kerberos Ticket in current user's Windows Ticket Cache matched with the service principal name. /// If there's a valid ticket, then show the Ticket Information on the console. /// </summary> /// <returns></returns> public bool ShowCachedTicket() { try { byte[] ticket = KerberosSupplementalTicketManager.GetKerberosTicketFromWindowsTicketCache(_kerberosServicePrincipalName, _logonId); if (ticket != null && ticket.Length > 32) { var encode = Convert.ToBase64String(ticket); AADKerberosLogger.PrintLines(2); AADKerberosLogger.Save($"---Find cached Ticket: {ticket.Length} bytes"); AADKerberosLogger.PrintBinaryData(ticket); TicketDecoder decoder = new TicketDecoder(); decoder.ShowApReqTicket(encode); return(true); } Console.WriteLine($"There's no ticket associated with '{_kerberosServicePrincipalName}'"); } catch (Win32Exception ex) { Console.WriteLine($"ERROR while finding Kerberos Ticket for '{_kerberosServicePrincipalName}': {ex.Message}"); } return(false); }
/// <summary> /// Checks there's a valid Kerberos Ticket information within the received authentication token. /// If there's a valid one, show the ticket information and cache it into current user's /// Windows Ticket Cache so that it can be shared with other Kerberos-aware applications. /// </summary> /// <param name="result">The <see cref="AuthenticationResult"/> from token request.</param> private void ProcessKerberosTicket(AuthenticationResult result) { KerberosSupplementalTicket ticket; if (_ticketContainer == KerberosTicketContainer.IdToken) { // 1. Get the Kerberos Ticket contained in the Id Token. ticket = KerberosSupplementalTicketManager.FromIdToken(result.IdToken); if (ticket == null) { AADKerberosLogger.Save("ERROR: There's no Kerberos Ticket information within the IdToken."); return; } AADKerberosLogger.PrintLines(2); try { // 2. Save the Kerberos Ticket into current user's Windows Ticket Cache. KerberosSupplementalTicketManager.SaveToWindowsTicketCache(ticket, _logonId); AADKerberosLogger.Save("---Kerberos Ticket cached into user's Ticket Cache\n"); } catch (Win32Exception ex) { AADKerberosLogger.Save("---Kerberos Ticket caching failed: " + ex.Message); } AADKerberosLogger.PrintLines(2); AADKerberosLogger.Save("KerberosSupplementalTicket {"); AADKerberosLogger.Save(" Client Key: " + ticket.ClientKey); AADKerberosLogger.Save(" Key Type: " + ticket.KeyType); AADKerberosLogger.Save(" Errorr Message: " + ticket.ErrorMessage); AADKerberosLogger.Save(" Realm: " + ticket.Realm); AADKerberosLogger.Save(" Service Principal Name: " + ticket.ServicePrincipalName); AADKerberosLogger.Save(" Client Name: " + ticket.ClientName); AADKerberosLogger.Save(" KerberosMessageBuffer: " + ticket.KerberosMessageBuffer); AADKerberosLogger.Save("}\n"); // shows detailed ticket information. TicketDecoder decoder = new TicketDecoder(); decoder.ShowKrbCredTicket(ticket.KerberosMessageBuffer); } else { AADKerberosLogger.PrintLines(2); AADKerberosLogger.Save("Kerberos Ticket handling is not supported for access token."); } }