// // // internal SpnToken GetComputeSpn(HttpWebRequest httpWebRequest) { if (ChallengedSpn != null) { return(ChallengedSpn); } bool trustNewHost = true; // Assume trusted unless proven otherwise string spnKey = httpWebRequest.ChallengedUri.GetParts(UriComponents.Scheme | UriComponents.Host | UriComponents.Port | UriComponents.Path, UriFormat.SafeUnescaped); SpnToken spnToken = AuthenticationManager.SpnDictionary.InternalGet(spnKey); if (spnToken == null || spnToken.Spn == null) { string host; if (!IsProxyAuth && (httpWebRequest.ServicePoint.InternalProxyServicePoint || httpWebRequest.UseCustomHost)) { // Here the NT-Security folks need us to attempt a DNS lookup to figure out // the FQDN. only do the lookup for short names (no IP addresses or DNS names) // // Initialize a backup value host = httpWebRequest.ChallengedUri.Host; // This host comes from the request/user, assume Trusted unless proven otherwise. if (httpWebRequest.ChallengedUri.HostNameType != UriHostNameType.IPv6 && httpWebRequest.ChallengedUri.HostNameType != UriHostNameType.IPv4 && host.IndexOf('.') == -1) { try { // IPHostEntry result; if (Dns.TryInternalResolve(host, out result)) { host = result.HostName; trustNewHost &= result.isTrustedHost; // Can only lose trust } } catch (Exception exception) { if (NclUtilities.IsFatal(exception)) { throw; } GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::GetComputeSpn() GetHostByName(host) failed:" + ValidationHelper.ToString(exception)); } } } else { // For this cases we already did a DNS lookup // host = httpWebRequest.ServicePoint.Hostname; trustNewHost &= httpWebRequest.ServicePoint.IsTrustedHost; // Can only lose trust } string spn = "HTTP/" + host; spnKey = httpWebRequest.ChallengedUri.GetParts(UriComponents.SchemeAndServer, UriFormat.SafeUnescaped) + "/"; spnToken = new SpnToken(spn, trustNewHost); AuthenticationManager.SpnDictionary.InternalSet(spnKey, spnToken); } ChallengedSpn = spnToken; return(ChallengedSpn); }
internal void Resolve() { // // if we already resolved this name then don't do it again // if (cached) { return; } // // IP wildcards are not resolved // if (wildcard) { return; } // // IP addresses with wildcards are allowed in permissions // if (IsValidWildcard) { wildcard = true; cached = true; return; } // // Check if the permission was specified as numeric IP. // IPAddress ipaddr; if (IPAddress.TryParse(hostname, out ipaddr)) { address = new IPAddress[1]; address[0] = ipaddr; cached = true; return; } // // Not numeric: use GetHostByName to determine addresses // try { IPHostEntry ipHostEntry; if (Dns.TryInternalResolve(hostname, out ipHostEntry)) { address = ipHostEntry.AddressList; } // NB: It never caches DNS responses // } catch (SecurityException) { throw; } catch { // ignore second exception } }