// // called when getting the final blob on the 200 OK from the server // public bool Update(string challenge, WebRequest webRequest) { GlobalLog.Print("NtlmClient::Update(): " + challenge); HttpWebRequest httpWebRequest = webRequest as HttpWebRequest; GlobalLog.Assert(httpWebRequest != null, "NtlmClient::Update() httpWebRequest==null", ""); GlobalLog.Assert(httpWebRequest.ChallengedUri != null, "NtlmClient::Update() httpWebRequest.ChallengedUri==null", ""); // // try to retrieve the state of the ongoing handshake // NTAuthentication authSession = sessions[httpWebRequest.CurrentAuthenticationState] as NTAuthentication; GlobalLog.Print("NtlmClient::Update() key:" + ValidationHelper.HashString(httpWebRequest.CurrentAuthenticationState) + " retrieved authSession:" + ValidationHelper.HashString(authSession)); if (authSession == null) { GlobalLog.Print("NtlmClient::Update() null session returning true"); return(true); } GlobalLog.Print("NtlmClient::Update() authSession.IsCompleted:" + authSession.IsCompleted.ToString()); if (!authSession.IsCompleted && httpWebRequest.CurrentAuthenticationState.StatusCodeMatch == httpWebRequest.ResponseStatusCode) { GlobalLog.Print("NtlmClient::Update() still handshaking (based on status code) returning false"); return(false); } // // the whole point here is to remove the session, so do it right away. // GlobalLog.Print("NtlmClient::Update() removing authSession:" + ValidationHelper.HashString(authSession) + " from:" + ValidationHelper.HashString(httpWebRequest.CurrentAuthenticationState)); sessions.Remove(httpWebRequest.CurrentAuthenticationState); // // now clean-up the ConnectionGroup after authentication is done. // if (!httpWebRequest.UnsafeAuthenticatedConnectionSharing) { GlobalLog.Print("NtlmClient::Update() releasing ConnectionGroup:" + httpWebRequest.GetConnectionGroupLine()); httpWebRequest.ServicePoint.ReleaseConnectionGroup(httpWebRequest.GetConnectionGroupLine()); } GlobalLog.Print("NtlmClient::Update() session removed and ConnectionGorup released returning true"); return(true); }
// // called when getting the final blob on the 200 OK from the server // public bool Update(string challenge, WebRequest webRequest) { GlobalLog.Print("NtlmClient::Update(): " + challenge); HttpWebRequest httpWebRequest = webRequest as HttpWebRequest; GlobalLog.Assert(httpWebRequest != null, "NtlmClient::Update()|httpWebRequest == null"); GlobalLog.Assert(httpWebRequest.ChallengedUri != null, "NtlmClient::Update()|httpWebRequest.ChallengedUri == null"); // // try to retrieve the state of the ongoing handshake // NTAuthentication authSession = httpWebRequest.CurrentAuthenticationState.GetSecurityContext(this); GlobalLog.Print("NtlmClient::Update() key:" + ValidationHelper.HashString(httpWebRequest.CurrentAuthenticationState) + " retrieved authSession:" + ValidationHelper.HashString(authSession)); if (authSession == null) { GlobalLog.Print("NtlmClient::Update() null session returning true"); return(true); } GlobalLog.Print("NtlmClient::Update() authSession.IsCompleted:" + authSession.IsCompleted.ToString()); if (!authSession.IsCompleted && httpWebRequest.CurrentAuthenticationState.StatusCodeMatch == httpWebRequest.ResponseStatusCode) { GlobalLog.Print("NtlmClient::Update() still handshaking (based on status code) returning false"); return(false); } ClearSession(httpWebRequest); // now possibly close the ConnectionGroup after authentication is done. if (!httpWebRequest.UnsafeOrProxyAuthenticatedConnectionSharing) { GlobalLog.Print("NtlmClient::Update() releasing ConnectionGroup:" + httpWebRequest.GetConnectionGroupLine()); httpWebRequest.ServicePoint.ReleaseConnectionGroup(httpWebRequest.GetConnectionGroupLine()); } // Extract the CBT we used and cache it for future requests that want to do preauth httpWebRequest.ServicePoint.SetCachedChannelBinding(httpWebRequest.ChallengedUri, authSession.ChannelBinding); GlobalLog.Print("NtlmClient::Update() session removed and ConnectionGorup released returning true"); return(true); }
public bool Update(string challenge, WebRequest webRequest) { HttpWebRequest request = webRequest as HttpWebRequest; NTAuthentication securityContext = request.CurrentAuthenticationState.GetSecurityContext(this); if (securityContext != null) { if (!securityContext.IsCompleted && (request.CurrentAuthenticationState.StatusCodeMatch == request.ResponseStatusCode)) { return(false); } this.ClearSession(request); if (!request.UnsafeOrProxyAuthenticatedConnectionSharing) { request.ServicePoint.ReleaseConnectionGroup(request.GetConnectionGroupLine()); } request.ServicePoint.SetCachedChannelBinding(request.ChallengedUri, securityContext.ChannelBinding); } return(true); }
public bool Update(string challenge, WebRequest webRequest) { HttpWebRequest request = webRequest as HttpWebRequest; NTAuthentication securityContext = request.CurrentAuthenticationState.GetSecurityContext(this); if (securityContext != null) { if (!securityContext.IsCompleted && (request.CurrentAuthenticationState.StatusCodeMatch == request.ResponseStatusCode)) { return(false); } if (!request.UnsafeOrProxyAuthenticatedConnectionSharing) { request.ServicePoint.ReleaseConnectionGroup(request.GetConnectionGroupLine()); } bool flag = true; int num = (challenge == null) ? -1 : GetSignatureIndex(challenge, out flag); if (num >= 0) { int startIndex = num + (flag ? "nego2".Length : "negotiate".Length); string incomingBlob = null; if ((challenge.Length > startIndex) && (challenge[startIndex] != ',')) { startIndex++; } else { num = -1; } if ((num >= 0) && (challenge.Length > startIndex)) { incomingBlob = challenge.Substring(startIndex); } securityContext.GetOutgoingBlob(incomingBlob); request.CurrentAuthenticationState.Authorization.MutuallyAuthenticated = securityContext.IsMutualAuthFlag; } request.ServicePoint.SetCachedChannelBinding(request.ChallengedUri, securityContext.ChannelBinding); this.ClearSession(request); } return(true); }
// // called when getting the final blob on the 200 OK from the server // public bool Update(string challenge, WebRequest webRequest) { GlobalLog.Print("NegotiateClient::Update(): " + challenge); HttpWebRequest httpWebRequest = webRequest as HttpWebRequest; GlobalLog.Assert(httpWebRequest != null, "NegotiateClient::Update()|httpWebRequest == null"); GlobalLog.Assert(httpWebRequest.ChallengedUri != null, "NegotiateClient::Update()|httpWebRequest.ChallengedUri == null"); // // try to retrieve the state of the ongoing handshake // NTAuthentication authSession = httpWebRequest.CurrentAuthenticationState.GetSecurityContext(this); GlobalLog.Print("NegotiateClient::Update() key:" + ValidationHelper.HashString(httpWebRequest.CurrentAuthenticationState) + " retrieved authSession:" + ValidationHelper.HashString(authSession)); if (authSession == null) { GlobalLog.Print("NegotiateClient::Update() null session returning true"); return(true); } GlobalLog.Print("NegotiateClient::Update() authSession.IsCompleted:" + authSession.IsCompleted.ToString()); if (!authSession.IsCompleted && httpWebRequest.CurrentAuthenticationState.StatusCodeMatch == httpWebRequest.ResponseStatusCode) { GlobalLog.Print("NegotiateClient::Update() still handshaking (based on status code) returning false"); return(false); } // now possibly close the ConnectionGroup after authentication is done. if (!httpWebRequest.UnsafeOrProxyAuthenticatedConnectionSharing) { GlobalLog.Print("NegotiateClient::Update() releasing ConnectionGroup:" + httpWebRequest.GetConnectionGroupLine()); httpWebRequest.ServicePoint.ReleaseConnectionGroup(httpWebRequest.GetConnectionGroupLine()); } // // the whole point here is to close the Security Context (this will complete the authentication handshake // with server authentication for schemese that support it such as Kerberos) // bool useNego2 = true; int index = challenge == null ? -1 : GetSignatureIndex(challenge, out useNego2); if (index >= 0) { int blobBegin = index + (useNego2 ? nego2Signature.Length : negotiateSignature.Length); string incoming = null; // // there may be multiple challenges. If the next character after the // package name is not a comma then it is challenge data // if (challenge.Length > blobBegin && challenge[blobBegin] != ',') { ++blobBegin; } else { index = -1; } if (index >= 0 && challenge.Length > blobBegin) { incoming = challenge.Substring(blobBegin); } GlobalLog.Print("NegotiateClient::Update() this must be a final incoming blob:[" + ValidationHelper.ToString(incoming) + "]"); string clientResponse = authSession.GetOutgoingBlob(incoming); httpWebRequest.CurrentAuthenticationState.Authorization.MutuallyAuthenticated = authSession.IsMutualAuthFlag; GlobalLog.Print("NegotiateClient::Update() GetOutgoingBlob() returns clientResponse:[" + ValidationHelper.ToString(clientResponse) + "] IsCompleted:" + authSession.IsCompleted.ToString()); } // Extract the CBT we used and cache it for future requests that want to do preauth httpWebRequest.ServicePoint.SetCachedChannelBinding(httpWebRequest.ChallengedUri, authSession.ChannelBinding); GlobalLog.Print("NegotiateClient::Update() session removed and ConnectionGroup released returning true"); ClearSession(httpWebRequest); return(true); }
// // called when getting the final blob on the 200 OK from the server // public bool Update(string challenge, WebRequest webRequest) { GlobalLog.Print("NegotiateClient::Update(): " + challenge); HttpWebRequest httpWebRequest = webRequest as HttpWebRequest; GlobalLog.Assert(httpWebRequest != null, "NegotiateClient::Update() httpWebRequest==null", ""); GlobalLog.Assert(httpWebRequest.ChallengedUri != null, "NegotiateClient::Update() httpWebRequest.ChallengedUri==null", ""); // // try to retrieve the state of the ongoing handshake // NTAuthentication authSession = sessions[httpWebRequest.CurrentAuthenticationState] as NTAuthentication; GlobalLog.Print("NegotiateClient::Update() key:" + ValidationHelper.HashString(httpWebRequest.CurrentAuthenticationState) + " retrieved authSession:" + ValidationHelper.HashString(authSession)); if (authSession == null) { GlobalLog.Print("NegotiateClient::Update() null session returning true"); return(true); } GlobalLog.Print("NegotiateClient::Update() authSession.IsCompleted:" + authSession.IsCompleted.ToString()); if (!authSession.IsCompleted && httpWebRequest.CurrentAuthenticationState.StatusCodeMatch == httpWebRequest.ResponseStatusCode) { GlobalLog.Print("NegotiateClient::Update() still handshaking (based on status code) returning false"); return(false); } // // the whole point here is to remove the session, so do it right away, and then try // to close the Security Context (this will complete the authentication handshake // with server authentication for schemese that support it such as Kerberos) // GlobalLog.Print("NegotiateClient::Update() removing authSession:" + ValidationHelper.HashString(authSession) + " from:" + ValidationHelper.HashString(httpWebRequest.CurrentAuthenticationState)); sessions.Remove(httpWebRequest.CurrentAuthenticationState); // // now clean-up the ConnectionGroup after authentication is done. // if (!httpWebRequest.UnsafeAuthenticatedConnectionSharing) { GlobalLog.Print("NegotiateClient::Update() releasing ConnectionGroup:" + httpWebRequest.GetConnectionGroupLine()); httpWebRequest.ServicePoint.ReleaseConnectionGroup(httpWebRequest.GetConnectionGroupLine()); } int index = challenge == null ? -1 : AuthenticationManager.FindSubstringNotInQuotes(challenge.ToLower(CultureInfo.InvariantCulture), Signature); if (index < 0) { return(true); } int blobBegin = index + SignatureSize; string incoming = null; // // there may be multiple challenges. If the next character after the // package name is not a comma then it is challenge data // if (challenge.Length > blobBegin && challenge[blobBegin] != ',') { ++blobBegin; } else { index = -1; } if (index >= 0 && challenge.Length > blobBegin) { incoming = challenge.Substring(blobBegin); } GlobalLog.Print("NegotiateClient::Update() closing security context using last incoming blob:[" + ValidationHelper.ToString(incoming) + "]"); bool handshakeComplete; string clientResponse = authSession.GetOutgoingBlob(incoming, out handshakeComplete); GlobalLog.Print("NegotiateClient::Update() GetOutgoingBlob() returns clientResponse:[" + ValidationHelper.ToString(clientResponse) + "] handshakeComplete:" + handshakeComplete.ToString()); GlobalLog.Print("NegotiateClient::Update() session removed and ConnectionGorup released returning true"); return(true); }