public void CloseContext(object sessionCookie)
{
NegotiateAuthentication?clientContext = null;
lock (_sessions)
{
if (_sessions.TryGetValue(sessionCookie, out clientContext))
{
_sessions.Remove(sessionCookie);
}
}
clientContext?.Dispose();
}
internal static async Task HandleAuthenticationRequest(LoopbackServer.Connection connection, bool useNtlm, bool useNegotiate, bool closeConnection)
{
HttpRequestData request = await connection.ReadRequestDataAsync();
NegotiateAuthentication authContext = null;
string authHeader = null;
foreach (HttpHeaderData header in request.Headers)
{
if (header.Name == "Authorization")
{
authHeader = header.Value;
break;
}
}
if (string.IsNullOrEmpty(authHeader))
{
// This is initial request, we reject with showing supported mechanisms.
authHeader = string.Empty;
if (useNtlm)
{
authHeader += NtlmAuthHeader + "\r\n";
}
if (useNegotiate)
{
authHeader += NegotiateAuthHeader + "\r\n";
}
await connection.SendResponseAsync(HttpStatusCode.Unauthorized, authHeader).ConfigureAwait(false);
connection.CompleteRequestProcessing();
// Read next requests and fall-back to loop bellow to process it.
request = await connection.ReadRequestDataAsync();
}
NegotiateAuthenticationStatusCode statusCode;
do
{
foreach (HttpHeaderData header in request.Headers)
{
if (header.Name == "Authorization")
{
authHeader = header.Value;
break;
}
}
Assert.NotNull(authHeader);
var tokens = authHeader.Split(' ', 2, StringSplitOptions.TrimEntries);
// Should be type and base64 encoded blob
Assert.Equal(2, tokens.Length);
authContext ??= new NegotiateAuthentication(new NegotiateAuthenticationServerOptions {
Package = tokens[0]
});
byte[]? outBlob = authContext.GetOutgoingBlob(Convert.FromBase64String(tokens[1]), out statusCode);
if (outBlob != null && statusCode == NegotiateAuthenticationStatusCode.ContinueNeeded)
{
authHeader = $"WWW-Authenticate: {tokens[0]} {Convert.ToBase64String(outBlob)}\r\n";
await connection.SendResponseAsync(HttpStatusCode.Unauthorized, authHeader);
connection.CompleteRequestProcessing();
request = await connection.ReadRequestDataAsync();
}
}while (statusCode == NegotiateAuthenticationStatusCode.ContinueNeeded);
if (statusCode == NegotiateAuthenticationStatusCode.Completed)
{
// If authentication succeeded ask Windows about the identity and send it back as custom header.
IIdentity identity = authContext.RemoteIdentity;
authHeader = $"{UserHeaderName}: {identity.Name}\r\n";
if (closeConnection)
{
authHeader += "Connection: close\r\n";
}
await connection.SendResponseAsync(HttpStatusCode.OK, authHeader, "foo");
authContext.Dispose();
}
else
{
await connection.SendResponseAsync(HttpStatusCode.Forbidden, "Connection: close\r\n", "boo");
}
}