static extern int InitializeSecurityContext(
ref SECURITY_HANDLE phCredential, //PCredHandle
ref SECURITY_HANDLE phContext, //PCtxtHandle
string pszTargetName,
int fContextReq,
int Reserved1,
int TargetDataRep,
ref SecBufferDesc SecBufferDesc, //PSecBufferDesc SecBufferDesc
int Reserved2,
out SECURITY_HANDLE phNewContext, //PCtxtHandle
out SecBufferDesc pOutput, //PSecBufferDesc SecBufferDesc
out uint pfContextAttr, //managed ulong == 64 bits!!!
out SECURITY_INTEGER ptsExpiry); //PTimeStamp
// This is what we use for all the token stuff.
public void InitializeServer(byte[] clientToken, out byte[] serverToken, out bool bContinueProcessing)
{
serverToken = null;
bContinueProcessing = true;
SECURITY_INTEGER NewLifeTime = new SECURITY_INTEGER(0);
if (!_bGotServerCredentials)
{
Console.WriteLine(_sAccountName);
if (AcquireCredentialsHandle(
_sAccountName,
"Negotiate",
SECPKG_CRED_INBOUND,
IntPtr.Zero,
IntPtr.Zero,
0,
IntPtr.Zero,
ref _hInboundCred,
ref NewLifeTime) != SEC_E_OK)
{
throw new Exception("Couldn't acquire server credentials handle!!!");
}
Console.WriteLine("AcquireCredentialsHandle DONE");
_bGotServerCredentials = true;
}
//
SecBufferDesc ServerToken = new SecBufferDesc(MAX_TOKEN_SIZE);
SecBufferDesc ClientToken = new SecBufferDesc(clientToken);
//
try
{
int ss = -1;
uint uNewContextAttr = 0;
if (!_bGotServerContext) // check if we have the context yet
{
ss = AcceptSecurityContext(ref _hInboundCred, // [in] handle to the credentials
IntPtr.Zero, // [in/out] handle partially formed context. NULL the first time
ref ClientToken, // [in] pointer to the input buffers
STANDARD_CONTEXT_ATTRIBUTES, // [in] required context attributes
SECURITY_NATIVE_DREP, // [in] data representation on the target
out _hServerContext, // [in/out] receives the new context handle
out ServerToken, // [in/out] pointer to the output buffers
out uNewContextAttr, // [out] receives the context attributes
out NewLifeTime); // [out] receives the life span of the security context
Console.WriteLine("AcceptSecurityContext__1 DONE");
}
else
{
ss = AcceptSecurityContext(ref _hInboundCred, // [in] handle to the credentials
ref _hServerContext, // [in/out] handle of partially formed context. NULL the first time
ref ClientToken, //NOT a token[InBuffDesc] // [in] pointer to the input buffers
STANDARD_CONTEXT_ATTRIBUTES, // [in] required context attributes
SECURITY_NATIVE_DREP, // [in] data representation on the target
out _hServerContext, // [in/out] receives the new context handle
out ServerToken, // [in/out] pointer to the output buffers
out uNewContextAttr, // [out] receives the context attributes
out NewLifeTime); // [out] receives the life span of the security context
Console.WriteLine("AcceptSecurityContext__2 DONE");
}
if (ss != SEC_E_OK && ss != SEC_I_CONTINUE_NEEDED)
{
Console.WriteLine("AcceptSecurityContext() failed!!!");
Console.WriteLine(new Win32Exception(Marshal.GetLastWin32Error()));
}
if (!_bGotServerContext)
{
_bGotServerContext = true;
}
serverToken = ServerToken.GetSecBufferByteArray();
bContinueProcessing = ss != SEC_E_OK;
}
finally
{
ClientToken.Dispose();
ServerToken.Dispose();
}
}
public void InitializeClient(out byte[] clientToken, byte[] serverToken, out bool bContinueProcessing)
{
clientToken = null;
bContinueProcessing = true;
SECURITY_INTEGER ClientLifeTime = new SECURITY_INTEGER(0);
if (!_bGotClientCredentials) // check if we already have a cred handle, if not call it.
{
if (AcquireCredentialsHandle(
_sAccountName, // NULL // or _sAccountName = WindowsIdentity.GetCurrent().Name;
"Negotiate", // lpPackageName = "Negotiate"
SECPKG_CRED_OUTBOUND, // SECPKG_CRED_OUTBOUND
IntPtr.Zero, // NULL
IntPtr.Zero, // NULL
0, // NULL
IntPtr.Zero, // NULL
ref _hOutboundCred, // &hCred
ref ClientLifeTime) != SEC_E_OK) //&Lifetime
{
throw new Exception("Couldn't acquire server credentials handle!!!");
}
_bGotClientCredentials = true;
}
int ss = -1;
SecBufferDesc ClientToken = new SecBufferDesc(MAX_TOKEN_SIZE);
try
{
uint ContextAttributes = 0;
if (serverToken == null)
{
ss = InitializeSecurityContext(ref _hOutboundCred, // hCred
IntPtr.Zero, // NULL first time
_sAccountName, // name of target "self",
STANDARD_CONTEXT_ATTRIBUTES, // ISC_REQ_CONFIDENTIALITY // "null/sess options in flags!!!"
0, // 0 // Reserved1,
SECURITY_NATIVE_DREP, // SECURITY_NATIVE_DREP
IntPtr.Zero, // NULL // only first time
0, // 0 Reserved2,
out _hClientContext, // pHandle CtxtHandle = SecHandle
out ClientToken, // ref SecBufferDesc // output "Hash"
out ContextAttributes, // ref int pfContextAttr, // out attributes [int]
out ClientLifeTime); //ref IntPtr ptsExpiry ); //PTimeStamp
}
else
{
SecBufferDesc ServerToken = new SecBufferDesc(serverToken);
try
{
ss = InitializeSecurityContext(ref _hOutboundCred,
ref _hClientContext,
_sAccountName, // null string pszTargetName,
STANDARD_CONTEXT_ATTRIBUTES,
0, //int Reserved1,
SECURITY_NATIVE_DREP, //int TargetDataRep
ref ServerToken, //Always zero first time around...
0, //int Reserved2,
out _hClientContext, //pHandle CtxtHandle = SecHandle
out ClientToken, //ref SecBufferDesc pOutput, //PSecBufferDesc
out ContextAttributes, //ref int pfContextAttr,
out ClientLifeTime); //ref IntPtr ptsExpiry ); //PTimeStamp
}
finally
{
ServerToken.Dispose();
}
}
//
if (ss != SEC_E_OK && ss != SEC_I_CONTINUE_NEEDED)
{
Console.WriteLine("InitializeSecurityContext() failed!!!");
Console.WriteLine(new Win32Exception(Marshal.GetLastWin32Error()));
}
clientToken = ClientToken.GetSecBufferByteArray();
}
finally
{
ClientToken.Dispose();
}
bContinueProcessing = ss != SEC_E_OK;
}
