private WindowsIdentity Authenticate(ref Stream netStream, TcpServerSocketHandler streamManager)
{
// Use the identity for impersonation etc.
NegotiateStream negoServer = null;
try
{
negoServer = new NegotiateStream(netStream);
// Block for authentication request
TokenImpersonationLevel impLevel = TokenImpersonationLevel.Identification;
if (_impersonate)
{
impLevel = TokenImpersonationLevel.Impersonation;
}
negoServer.AuthenticateAsServer((NetworkCredential)CredentialCache.DefaultCredentials, _protectionLevel, impLevel);
netStream = negoServer;
return((WindowsIdentity)negoServer.RemoteIdentity);
}
catch
{
streamManager.SendErrorResponse(
String.Format(CultureInfo.CurrentCulture, CoreChannel.GetResourceString("Remoting_Tcp_ServerAuthenticationFailed")), false);
if (negoServer != null)
{
negoServer.Close();
}
throw;
}
}
//<snippet1>
public static void AuthenticateClient(TcpClient clientRequest)
{
NetworkStream stream = clientRequest.GetStream();
// Create the NegotiateStream.
NegotiateStream authStream = new NegotiateStream(stream, false);
// Perform the server side of the authentication.
authStream.AuthenticateAsServer();
// Display properties of the authenticated client.
IIdentity id = authStream.RemoteIdentity;
Console.WriteLine("{0} was authenticated using {1}.",
id.Name,
id.AuthenticationType
);
// Read a message from the client.
byte [] buffer = new byte[2048];
int charLength = authStream.Read(buffer, 0, buffer.Length);
string messageData = new String(Encoding.UTF8.GetChars(buffer, 0, buffer.Length));
Console.WriteLine("READ {0}", messageData);
// Finished with the current client.
authStream.Close();
// Close the client connection.
clientRequest.Close();
}
private WindowsIdentity Authenticate(ref Stream netStream, TcpServerSocketHandler streamManager)
{
NegotiateStream stream = null;
WindowsIdentity remoteIdentity;
try
{
stream = new NegotiateStream(netStream);
TokenImpersonationLevel identification = TokenImpersonationLevel.Identification;
if (this._impersonate)
{
identification = TokenImpersonationLevel.Impersonation;
}
stream.AuthenticateAsServer((NetworkCredential)CredentialCache.DefaultCredentials, this._protectionLevel, identification);
netStream = stream;
remoteIdentity = (WindowsIdentity)stream.RemoteIdentity;
}
catch
{
streamManager.SendErrorResponse(string.Format(CultureInfo.CurrentCulture, CoreChannel.GetResourceString("Remoting_Tcp_ServerAuthenticationFailed"), new object[0]), false);
if (stream != null)
{
stream.Close();
}
throw;
}
return(remoteIdentity);
}
protected override Stream OnAcceptUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity)
{
// wrap stream
NegotiateStream negotiateStream = new NegotiateStream(stream);
// authenticate
try
{
if (TD.WindowsStreamSecurityOnAcceptUpgradeIsEnabled())
{
TD.WindowsStreamSecurityOnAcceptUpgrade(this.EventTraceActivity);
}
negotiateStream.AuthenticateAsServer(parent.ServerCredential, parent.ProtectionLevel,
TokenImpersonationLevel.Identification);
}
catch (AuthenticationException exception)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message,
exception));
}
catch (IOException ioException)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(
SR.GetString(SR.NegotiationFailedIO, ioException.Message), ioException));
}
remoteSecurity = CreateClientSecurity(negotiateStream, parent.ExtractGroupsForWindowsAccounts);
return(negotiateStream);
}
/// <summary>
/// Logs in to domain
/// </summary>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <param name="domain"></param>
/// <returns></returns>
/// <example>
/// WindowsIdentity wi = SSPIHelper.LogonUser(token.Username, token.Password, "fintrax");
/// if (wi == null)
/// throw new SecurityException();
/// </example>
public static WindowsIdentity LogonUser(string userName, string password, string domain)
{
TcpListener tcpListener = new TcpListener(IPAddress.Loopback, 0);
tcpListener.Start();
WindowsIdentity id = null;
tcpListener.BeginAcceptTcpClient(delegate(IAsyncResult asyncResult)
{
using (NegotiateStream serverSide = new NegotiateStream(tcpListener.EndAcceptTcpClient(asyncResult).GetStream()))
{
serverSide.AuthenticateAsServer(
CredentialCache.DefaultNetworkCredentials,
ProtectionLevel.None,
TokenImpersonationLevel.Impersonation);
id = (WindowsIdentity)serverSide.RemoteIdentity;
}
}, null);
using (NegotiateStream clientSide = new NegotiateStream(new TcpClient(IPAddress.Loopback.ToString(), ((IPEndPoint)tcpListener.LocalEndpoint).Port).GetStream()))
{
clientSide.AuthenticateAsClient(new NetworkCredential(userName, password, domain), "", ProtectionLevel.None, TokenImpersonationLevel.Impersonation);
}
return(id);
}
private static void ProcessDebugRequest(object socket)
{
Socket request = (Socket)socket;
try {
var secureStream = new NegotiateStream(new NetworkStream(request, false), true);
secureStream.AuthenticateAsServer();
if (!secureStream.IsAuthenticated || !secureStream.IsEncrypted)
{
request.Close();
return;
}
WindowsIdentity winIdentity = secureStream.RemoteIdentity as WindowsIdentity;
if (winIdentity == null ||
winIdentity.User != System.Security.Principal.WindowsIdentity.GetCurrent().User)
{
request.Close();
return;
}
var reader = new StreamReader(secureStream);
string auth = reader.ReadLine();
Guid g;
if (!Guid.TryParse(auth, out g) || g != _authGuid)
{
request.Close();
return;
}
string exe = reader.ReadLine();
string curDir = reader.ReadLine();
string projectDir = reader.ReadLine();
string args = reader.ReadLine();
string machineName = reader.ReadLine();
string options = reader.ReadLine();
uint pid = 0;
string errorText = "";
var res = _pumpForm.BeginInvoke((Action)(() => {
pid = LaunchDebugger(exe, curDir, projectDir, args, machineName, options, out errorText);
}));
res.AsyncWaitHandle.WaitOne();
var writer = new StreamWriter(secureStream);
writer.WriteLine(pid.ToString());
if (pid == 0)
{
writer.WriteLine(errorText.Length);
writer.WriteLine(errorText);
}
writer.Flush();
} catch (IOException) {
} catch (Exception) {
Debug.Assert(false);
}
}
/// <summary>
/// Processes the entire request / response communication using
/// a NegotiateStream object which enables secure client/server
/// communication.
/// </summary>
/// <param name="client"></param>
private void HandleClientComm(object client)
{
TcpClient tcpClient = (TcpClient)client;
NetworkStream clientStream = tcpClient.GetStream();
// Create the NegotiateStream.
NegotiateStream authStream = new NegotiateStream(clientStream, false);
authStream.AuthenticateAsServer();
// Get properties of the authenticated client.
// This will be used to provide authorisation
// in a later version.
IIdentity id = authStream.RemoteIdentity;
byte[] message = new byte[4096];
int bytesRead;
while (true)
{
bytesRead = 0;
try
{
//blocks until a client sends a message
bytesRead = authStream.Read(message, 0, 4096);
}
catch
{
//a socket error has occured
break;
}
if (bytesRead == 0)
{
//the client has disconnected from the server
break;
}
// Use BinaryFormatter to get exact copy of string[] variable from client
MemoryStream ms = new MemoryStream(message);
BinaryFormatter bf = new BinaryFormatter();
var args = (string[])bf.Deserialize(ms);
// Process message
var result = Execute(args);
// send back result
ASCIIEncoding encoder = new ASCIIEncoding();
byte[] buffer = encoder.GetBytes((string)result);
authStream.Write(buffer, 0, buffer.Length);
authStream.Flush();
}
tcpClient.Close();
}
private void CreateServer(object state)
{
try
{
var nsServer = new NegotiateStream(listener.AcceptTcpClient().GetStream());
nsServer.AuthenticateAsServer(CredentialCache.DefaultNetworkCredentials, ProtectionLevel.None, TokenImpersonationLevel.Impersonation);
}
catch (Exception ex)
{
//LogEvent.LogError(ex);
}
}
// Token: 0x06001894 RID: 6292 RVA: 0x00064FAC File Offset: 0x000631AC
public static TcpServerChannel AuthenticateAsServer(TcpListener listener, Socket connection)
{
TcpServerChannel tcpServerChannel = null;
int iotimeoutInMSec = listener.ListenerConfig.IOTimeoutInMSec;
NegotiateStream negotiateStream = null;
using (DisposeGuard disposeGuard = default(DisposeGuard))
{
NetworkStream networkStream = new NetworkStream(connection, false);
disposeGuard.Add <NetworkStream>(networkStream);
negotiateStream = new NegotiateStream(networkStream, false);
disposeGuard.Add <NegotiateStream>(negotiateStream);
negotiateStream.WriteTimeout = iotimeoutInMSec;
negotiateStream.ReadTimeout = iotimeoutInMSec;
negotiateStream.AuthenticateAsServer(CredentialCache.DefaultNetworkCredentials, ProtectionLevel.None, TokenImpersonationLevel.Identification);
if (!negotiateStream.IsAuthenticated)
{
string text = "Authentication failed";
ExTraceGlobals.TcpServerTracer.TraceError((long)connection.GetHashCode(), text);
ReplayCrimsonEvents.ServerSideConnectionFailure.LogPeriodic <string, string, string>(Environment.MachineName, DiagCore.DefaultEventSuppressionInterval, connection.RemoteEndPoint.ToString(), connection.LocalEndPoint.ToString(), text);
}
if (!negotiateStream.IsMutuallyAuthenticated)
{
ExTraceGlobals.TcpServerTracer.TraceError((long)connection.GetHashCode(), "Mutual Authentication failed");
}
WindowsIdentity wid = negotiateStream.RemoteIdentity as WindowsIdentity;
string text2 = null;
try
{
text2 = negotiateStream.RemoteIdentity.Name;
}
catch (SystemException ex)
{
string text3 = string.Format("RemoteIdentity.Name failed: {0}", ex.ToString());
ExTraceGlobals.TcpServerTracer.TraceError((long)connection.GetHashCode(), text3);
ReplayCrimsonEvents.ServerSideConnectionFailure.LogPeriodic <string, string, string>(Environment.MachineName, DiagCore.DefaultEventSuppressionInterval, connection.RemoteEndPoint.ToString(), connection.LocalEndPoint.ToString(), text3);
}
if (!RemoteDataProvider.AuthorizeRequest(wid))
{
ExTraceGlobals.TcpServerTracer.TraceError <string, string>((long)connection.GetHashCode(), "Authorization failed. ClientMachine={0}, User={1}", connection.RemoteEndPoint.ToString(), text2);
ReplayCrimsonEvents.ServerSideConnectionFailure.LogPeriodic <string, string, string>(Environment.MachineName, DiagCore.DefaultEventSuppressionInterval, connection.RemoteEndPoint.ToString(), connection.LocalEndPoint.ToString(), string.Format("AuthorizeRequest failed. User={0}", text2));
return(null);
}
tcpServerChannel = new TcpServerChannel(connection, negotiateStream, listener.ListenerConfig.IOTimeoutInMSec, listener.ListenerConfig.IdleLimit);
ExTraceGlobals.TcpServerTracer.TraceDebug <string, bool, bool>((long)tcpServerChannel.GetHashCode(), "Connection authenticated as {0}. Encrypted={1} Signed={2}", text2, negotiateStream.IsEncrypted, negotiateStream.IsSigned);
if (tcpServerChannel != null)
{
disposeGuard.Success();
}
}
return(tcpServerChannel);
}
private void CreateServer(object state)
{
try
{
NegotiateStream nsServer = new NegotiateStream(
this.listener.AcceptTcpClient().GetStream()
);
nsServer.AuthenticateAsServer(
CredentialCache.DefaultNetworkCredentials,
ProtectionLevel.None,
TokenImpersonationLevel.Impersonation
);
}
catch (AuthenticationException) {}
}
/// <summary>
/// Creates security stream and authenticates as server.
/// </summary>
/// <param name="source">The stream wrapped by the security stream.</param>
/// <returns>Security stream of type NegotiateStream.</returns>
public Stream CreateSecurityStreamAndAuthenticate(Stream source)
{
using (EneterTrace.Entering())
{
try
{
NegotiateStream aNegotiateStream = new NegotiateStream(source, false);
aNegotiateStream.AuthenticateAsServer();
return(aNegotiateStream);
}
catch (Exception err)
{
EneterTrace.Error(TracedObject + "failed to authenticate the server.", err);
throw;
}
}
}
public static IInteractor Create(TcpClient tcpClient, DistributorRole distributorRole, EventQueue <InteractorEventArgs> eventQueue, CancellationToken token)
{
var stream = new NegotiateStream(tcpClient.GetStream());
try
{
stream.AuthenticateAsServer();
}
catch (Exception error)
{
Log.Warn("Failed to negotiate stream", error);
return(null);
}
var interactor = new Interactor(stream, stream.RemoteIdentity.Name, ((IPEndPoint)tcpClient.Client.RemoteEndPoint).Address, distributorRole, eventQueue, token);
return(interactor);
}
public static void AuthenticateClient(TcpClient clientRequest)
{
NetworkStream stream = clientRequest.GetStream();
var authStream = new NegotiateStream(stream, false);
var builder = new StringBuilder();
try
{
authStream.AuthenticateAsServer(
CredentialCache.DefaultNetworkCredentials,
ProtectionLevel.EncryptAndSign,
TokenImpersonationLevel.Identification);
DisplayProperties(authStream);
var buffer = new byte[65536];
int bytesRead;
while (true)
{
bytesRead = authStream.Read(buffer, 0, buffer.Length);
if (bytesRead == 0)
{
break;
}
builder.Append(Encoding.UTF8.GetString(buffer, 0, bytesRead));
}
IIdentity id = authStream.RemoteIdentity;
string message = builder.ToString();
Console.WriteLine("{0} sent a message of length: {1}", id.Name, message.Length);
Console.WriteLine("Client disconnected.");
Console.WriteLine();
}
catch (Exception e)
{
Console.WriteLine($"Client message exception: {e.ToString()}");
}
finally
{
authStream.Close();
}
}
protected override Stream OnAcceptUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity)
{
NegotiateStream negotiateStream = new NegotiateStream(stream);
try
{
negotiateStream.AuthenticateAsServer(this.parent.ServerCredential, this.parent.ProtectionLevel, TokenImpersonationLevel.Identification);
}
catch (AuthenticationException exception)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message, exception));
}
catch (IOException exception2)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NegotiationFailedIO", new object[] { exception2.Message }), exception2));
}
remoteSecurity = this.CreateClientSecurity(negotiateStream, this.parent.ExtractGroupsForWindowsAccounts);
return(negotiateStream);
}
public string AuthenticateAsServer(Stream stream)
{
using (var negotiateStream = new NegotiateStream(stream, true))
{
try
{
negotiateStream.AuthenticateAsServer();
}
catch (Exception)
{
return(null);
}
if (Users.Exists(negotiateStream.RemoteIdentity))
{
return("");
}
return("");
}
}
private static WindowsIdentity LogonUserTCPListen(string userName, string domain, string password)
{
// need a full duplex stream - loopback is easiest way to get that
TcpListener tcpListener = new TcpListener(IPAddress.Loopback, 0);
tcpListener.Start();
ManualResetEvent done = new ManualResetEvent(false);
WindowsIdentity id = null;
tcpListener.BeginAcceptTcpClient(delegate(IAsyncResult asyncResult)
{
try
{
using (NegotiateStream serverSide = new NegotiateStream(
tcpListener.EndAcceptTcpClient(asyncResult).GetStream()))
{
serverSide.AuthenticateAsServer(CredentialCache.DefaultNetworkCredentials,
ProtectionLevel.None, TokenImpersonationLevel.Impersonation);
id = (WindowsIdentity)serverSide.RemoteIdentity;
}
}
catch
{ id = null; }
finally
{ done.Set(); }
}, null);
using (NegotiateStream clientSide = new NegotiateStream(new TcpClient("localhost",
((IPEndPoint)tcpListener.LocalEndpoint).Port).GetStream()))
{
try
{
clientSide.AuthenticateAsClient(new NetworkCredential(userName, password, domain),
"", ProtectionLevel.None, TokenImpersonationLevel.Impersonation);
}
catch
{ id = null; }//When the authentication fails it throws an exception
}
tcpListener.Stop();
done.WaitOne();//Wait until we really have the id populated to continue
return(id);
}
internal TCPListenerClient(TCPListener listener, Socket socket)
: base(socket, listener.Handler)
{
//创建Socket网络流
Stream = new NetworkStream(socket);
if (listener.IsUseAuthenticate)
{
NegotiateStream negotiate = new NegotiateStream(Stream);
negotiate.AuthenticateAsServer();
while (!negotiate.IsMutuallyAuthenticated)
{
Thread.Sleep(10);
}
}
//设置服务器
Listener = listener;
listener.Handler.OnError = (x) => {
this.Disconnect();
};
}
internal TCPListenerClient(TCPListener listener, Socket socket) : base(socket, listener.Handler)
{
//创建Socket网络流
Stream = new NetworkStream(socket);
if (listener.IsUseAuthenticate)
{
NegotiateStream negotiate = new NegotiateStream(Stream);
negotiate.AuthenticateAsServer();
while (!negotiate.IsMutuallyAuthenticated)
{
Thread.Sleep(10);
}
}
//设置服务器
this.Listener = listener;
//开始异步接收数据
SocketAsyncState state = new SocketAsyncState();
Handler.BeginReceive(Stream, EndReceive, state);
}
public void NegotiateStream_InvalidPolicy_Throws()
{
var policy = new ExtendedProtectionPolicy(PolicyEnforcement.Never);
(Stream stream1, Stream stream2) = ConnectedStreams.CreateBidirectional();
using (var client = new NegotiateStream(stream1))
using (var server = new NegotiateStream(stream2))
{
// If ExtendedProtection is on, either CustomChannelBinding or CustomServiceNames must be set.
AssertExtensions.Throws <ArgumentException>(nameof(policy), () => server.AuthenticateAsServer(policy));
}
}
public static void Main()
{
NegotiateStream negotiateStream = null;
try
{
// Set the TcpListener on port 13000.
Int32 port = 13000;
IPAddress localAddr = IPAddress.Loopback;
// TcpListener server = new TcpListener(port);
TcpListener server = new TcpListener(localAddr, port);
// Start listening for client requests.
server.Start();
// Buffer for reading data
Byte[] bytes = new Byte[256];
String data = null;
// Enter the listening loop.
while (true)
{
Console.Write("Waiting for a connection... ");
// Perform a blocking call to accept requests.
// You could also user server.AcceptSocket() here.
TcpClient client = server.AcceptTcpClient();
Console.WriteLine("Connected!");
data = null;
// Get a stream object for reading and writing
// Wrap it in a NegotiateStream.
negotiateStream = new NegotiateStream(client.GetStream());
negotiateStream.AuthenticateAsServer();
if (negotiateStream.IsAuthenticated)
{
Console.WriteLine(
"IsAuthenticated: {0}",
negotiateStream.IsAuthenticated);
Console.WriteLine(
"IsMutuallyAuthenticated: {0}",
negotiateStream.IsMutuallyAuthenticated);
Console.WriteLine(
"IsEncrypted: {0}",
negotiateStream.IsEncrypted);
Console.WriteLine(
"IsSigned: {0}",
negotiateStream.IsSigned);
Console.WriteLine(
"IsServer: {0}",
negotiateStream.IsServer);
IIdentity remoteIdentity =
negotiateStream.RemoteIdentity;
Console.WriteLine(
"Client identity: {0}",
remoteIdentity.Name);
Console.WriteLine(
"Authentication Type: {0}",
remoteIdentity.AuthenticationType);
}
int i;
// Loop to receive all the data sent by the client.
while (
(i = negotiateStream.Read(bytes, 0, bytes.Length))
!= 0)
{
// Translate data bytes to a string.
// The encoding used is application specific.
data =
System.Text.Encoding.ASCII.GetString(bytes, 0, i);
Console.WriteLine("Received: {0}", data);
// Process the data sent by the client.
data = data.ToUpper(
System.Globalization.CultureInfo.CurrentCulture);
byte[] msg = System.Text.Encoding.ASCII.GetBytes(data);
// Send back a response.
negotiateStream.Write(msg, 0, msg.Length);
Console.WriteLine("Sent: {0}", data);
}
}
}
catch (AuthenticationException ex)
{
Console.WriteLine(ex.Message);
}
catch (SocketException ex)
{
Console.WriteLine(ex.Message);
}
catch (IOException ex)
{
Console.WriteLine(ex.Message);
}
finally
{
if (negotiateStream != null)
{
negotiateStream.Close();
}
}
Console.WriteLine("\nHit enter to continue...");
Console.Read();
}
protected override Task AuthenticateAsServerAsync(NegotiateStream server) =>
Task.Run(() => server.AuthenticateAsServer());
/// <summary>
/// Authenticates the client stream
/// </summary>
/// <param name="stream">The stream to autenticate</param>
/// <param name="userToken">the user token associated with the identity match</param>
/// <param name="additionalChallenge">Additional data that much match between the client and server
/// for the connection to succeed.</param>
/// <returns>true if successful authentication. False otherwise.</returns>
public bool TryAuthenticateAsServer(Stream stream, out Guid userToken, byte[] additionalChallenge = null)
{
userToken = Guid.Empty;
if (additionalChallenge is null)
{
additionalChallenge = new byte[] { }
}
;
if (additionalChallenge.Length > short.MaxValue)
{
throw new ArgumentOutOfRangeException("additionalChallenge", "Must be less than 32767 bytes");
}
using (NegotiateStream negotiateStream = new NegotiateStream(stream, true))
{
try
{
negotiateStream.AuthenticateAsServer(CredentialCache.DefaultNetworkCredentials, ProtectionLevel.EncryptAndSign, TokenImpersonationLevel.Identification);
}
catch (Exception ex)
{
Log.Publish(MessageLevel.Info, "Security Login Failed", "Attempting an integrated security login failed", null, ex);
return(false);
}
negotiateStream.Write((short)additionalChallenge.Length);
if (additionalChallenge.Length > 0)
{
negotiateStream.Write(additionalChallenge);
}
negotiateStream.Flush();
int len = negotiateStream.ReadInt16();
if (len < 0)
{
Log.Publish(MessageLevel.Info, "Security Login Failed", "Attempting an integrated security login failed", "Challenge Length is invalid: " + len.ToString());
return(false);
}
byte[] remoteChallenge;
if (len == 0)
{
remoteChallenge = new byte[0];
}
else
{
remoteChallenge = negotiateStream.ReadBytes(len);
}
if (remoteChallenge.SecureEquals(additionalChallenge))
{
if (Users.TryGetToken(negotiateStream.RemoteIdentity, out userToken))
{
return(true);
}
Log.Publish(MessageLevel.Info, "Security Login Failed", "Attempting an integrated security login failed", "User did not exist in the database: " + negotiateStream.RemoteIdentity.ToString());
return(false);
}
Log.Publish(MessageLevel.Info, "Security Login Failed", "Attempting an integrated security login failed", "Challenge did not match. Potential man in the middle attack.");
return(false);
}
}
/// <summary>
/// Handles the connection process of clients
/// </summary>
private void HandleClientComm(object sender)
{
//This conntects the client
//first we need an rescue timer
_BootUpTimer = new Timer(new TimerCallback(_BootUpTimer_Elapsed), null, 100, 100);
bool leaveInnerStreamOpen = false;
try
{
// encryption
if (_Mode == VaserOptions.ModeKerberos)
{
QueueSend = QueueSendKerberos;
_AuthStream = new NegotiateStream(new NetworkStream(_SocketTCPClient), leaveInnerStreamOpen);
}
if (_Mode == VaserOptions.ModeSSL)
{
QueueSend = QueueSendSSL;
_sslStream = new SslStream(new NetworkStream(_SocketTCPClient), leaveInnerStreamOpen);
}
if (_Mode == VaserOptions.ModeNotEncrypted)
{
QueueSend = QueueSendNotEncrypted;
}
if (_Mode == VaserOptions.ModeNamedPipeServerStream)
{
//QueueSend = QueueSendNotEncrypted;
}
if (_Mode == VaserOptions.ModeNamedPipeClientStream)
{
//QueueSend = QueueSendNotEncrypted;
}
if (IsServer)
{ //server
if (_Mode == VaserOptions.ModeKerberos)
{
if (_vKerberosS._policy == null)
{
if (_vKerberosS._credential == null)
{
_AuthStream.AuthenticateAsServer();
}
else
{
_AuthStream.AuthenticateAsServer(_vKerberosS._credential, _vKerberosS._requiredProtectionLevel, _vKerberosS._requiredImpersonationLevel);
}
}
else
{
if (_vKerberosS._credential == null)
{
_AuthStream.AuthenticateAsServer(_vKerberosS._policy);
}
else
{
_AuthStream.AuthenticateAsServer(_vKerberosS._credential, _vKerberosS._policy, _vKerberosS._requiredProtectionLevel, _vKerberosS._requiredImpersonationLevel);
}
}
link.IsAuthenticated = _AuthStream.IsAuthenticated;
link.IsEncrypted = _AuthStream.IsEncrypted;
link.IsMutuallyAuthenticated = _AuthStream.IsMutuallyAuthenticated;
link.IsSigned = _AuthStream.IsSigned;
link.IsServer = _AuthStream.IsServer;
IIdentity id = _AuthStream.RemoteIdentity;
link.UserName = id.Name;
}
if (_Mode == VaserOptions.ModeSSL)
{
if (_vSSLS._enabledSslProtocols == SslProtocols.None)
{
_sslStream.AuthenticateAsServer(_vSSLS._serverCertificate);
}
else
{
_sslStream.AuthenticateAsServer(_vSSLS._serverCertificate, _vSSLS._clientCertificateRequired, _vSSLS._enabledSslProtocols, _vSSLS._checkCertificateRevocation);
}
link.IsEncrypted = true;
link.IsServer = true;
}
if (_Mode == VaserOptions.ModeNotEncrypted)
{
link.IsServer = true;
}
if (_Mode == VaserOptions.ModeNamedPipeServerStream)
{
link.IsServer = true;
}
link.vServer = server;
BootupDone = true;
server.AddNewLink(link);
}
else
{ //client
if (_Mode == VaserOptions.ModeKerberos)
{
if (_vKerberosC._binding == null)
{
if (_vKerberosC._credential == null)
{
_AuthStream.AuthenticateAsClient();
}
else
{
if (_vKerberosC._requiredProtectionLevel == ProtectionLevel.None && _vKerberosC._requiredImpersonationLevel == TokenImpersonationLevel.None)
{
_AuthStream.AuthenticateAsClient(_vKerberosC._credential, _vKerberosC._targetName);
}
else
{
_AuthStream.AuthenticateAsClient(_vKerberosC._credential, _vKerberosC._targetName, _vKerberosC._requiredProtectionLevel, _vKerberosC._requiredImpersonationLevel);
}
}
}
else
{
if (_vKerberosC._requiredProtectionLevel == ProtectionLevel.None && _vKerberosC._requiredImpersonationLevel == TokenImpersonationLevel.None)
{
_AuthStream.AuthenticateAsClient(_vKerberosC._credential, _vKerberosC._binding, _vKerberosC._targetName);
}
else
{
_AuthStream.AuthenticateAsClient(_vKerberosC._credential, _vKerberosC._binding, _vKerberosC._targetName, _vKerberosC._requiredProtectionLevel, _vKerberosC._requiredImpersonationLevel);
}
}
link.IsAuthenticated = _AuthStream.IsAuthenticated;
link.IsEncrypted = _AuthStream.IsEncrypted;
link.IsMutuallyAuthenticated = _AuthStream.IsMutuallyAuthenticated;
link.IsSigned = _AuthStream.IsSigned;
link.IsServer = _AuthStream.IsServer;
IIdentity id = _AuthStream.RemoteIdentity;
}
if (_Mode == VaserOptions.ModeSSL)
{
if (_vSSLC._clientCertificates == null)
{
_sslStream.AuthenticateAsClient(_vSSLC._targetHost);
}
else
{
_sslStream.AuthenticateAsClient(_vSSLC._targetHost, _vSSLC._clientCertificates, _vSSLC._enabledSslProtocols, _vSSLC._checkCertificateRevocation);
}
link.IsEncrypted = true;
}
if (_Mode == VaserOptions.ModeNamedPipeClientStream)
{
}
//Thread.Sleep(50);
BootupDone = true;
_IsAccepted = true;
if (_Mode == VaserOptions.ModeNotEncrypted)
{
ThreadPool.QueueUserWorkItem(ReceiveNotEncrypted);
}
if (_Mode == VaserOptions.ModeKerberos)
{
ThreadPool.QueueUserWorkItem(ReceiveKerberos);
}
if (_Mode == VaserOptions.ModeSSL)
{
ThreadPool.QueueUserWorkItem(ReceiveSSL);
}
}
if (EnableHeartbeat)
{
HeartbeatTimer = new Timer(new TimerCallback(OnHeartbeatEvent), null, HeartbeatMilliseconds, HeartbeatMilliseconds);
}
}
catch (AuthenticationException e)
{
Debug.WriteLine("Authentication failed. " + e.ToString());
_BootUpTimer.Dispose();
Stop();
return;
}
catch (Exception e)
{
Debug.WriteLine("Authentication failed. " + e.ToString());
_BootUpTimer.Dispose();
Stop();
return;
}
// encryption END
_BootUpTimer.Dispose();
_BootUpTimer = null;
}
protected override Task AuthenticateAsServerAsync(NegotiateStream server) => Task.Run(() => server.AuthenticateAsServer(null));
protected override Task AuthenticateAsServerAsync(NegotiateStream server) => Task.Run(() => server.AuthenticateAsServer((NetworkCredential)CredentialCache.DefaultCredentials, ProtectionLevel.None, TokenImpersonationLevel.Identification));
public void NegotiateStream_InvalidPolicy_Throws()
{
var network = new VirtualNetwork();
var policy = new ExtendedProtectionPolicy(PolicyEnforcement.Never);
using (var clientStream = new VirtualNetworkStream(network, isServer: false))
using (var serverStream = new VirtualNetworkStream(network, isServer: true))
using (var client = new NegotiateStream(clientStream))
using (var server = new NegotiateStream(serverStream))
{
// If ExtendedProtection is on, either CustomChannelBinding or CustomServiceNames must be set.
AssertExtensions.Throws <ArgumentException>(nameof(policy), () => server.AuthenticateAsServer(policy));
}
}
public void ServerThreadProc()
{
NegotiateStream negotiateStream = null;
while (true)
{
try
{
// 處理用戶端連線
tcpClient = tcpListener.AcceptTcpClient();
// 取得本機相關的網路資訊
IPEndPoint serverInfo = (IPEndPoint)tcpListener.LocalEndpoint;
// 以Client屬性取得用戶端之Socket物件
Socket clientSocket = tcpClient.Client;
// 取得連線用戶端相關的網路連線資訊
IPEndPoint clientInfo = (IPEndPoint)clientSocket.RemoteEndPoint;
Console.WriteLine("Client: " + clientInfo.Address.ToString() + ":" + clientInfo.Port.ToString());
Console.WriteLine("Server: " + serverInfo.Address.ToString() + ":" + serverInfo.Port.ToString());
// 建立支援用戶端與伺服端間交涉安全性通訊協定之資料串流
negotiateStream = new NegotiateStream(tcpClient.GetStream());
// 由伺服端呼叫驗證連接中之用戶端,並選擇性驗證伺服端
negotiateStream.AuthenticateAsServer();
// 判斷驗證(Authentication)是否成功
if (negotiateStream.IsAuthenticated)
{
System.Security.Principal.IIdentity remoteIdentity = negotiateStream.RemoteIdentity;
Console.WriteLine("Client identity: {0}", remoteIdentity.Name);
Console.WriteLine("Authentication Type: {0}", remoteIdentity.AuthenticationType);
Console.WriteLine("IsAuthenticated: {0}", negotiateStream.IsAuthenticated);
Console.WriteLine("IsMutuallyAuthenticated: {0}", negotiateStream.IsMutuallyAuthenticated);
Console.WriteLine("IsEncrypted: {0}", negotiateStream.IsEncrypted);
Console.WriteLine("IsSigned: {0}", negotiateStream.IsSigned);
Console.WriteLine("IsServer: {0}", negotiateStream.IsServer);
}
// 判斷串流是否支援讀取功能
if (negotiateStream.CanRead)
{
byte[] bytes = new byte[1024];
// 自資料串流中讀取資料
int bytesReceived = negotiateStream.Read(bytes, 0, bytes.Length);
string data = Encoding.ASCII.GetString(bytes, 0, bytesReceived);
Console.WriteLine("接收的資料內容: " + "\r\n" + "{0}", data + "\r\n");
}
else
{
Console.WriteLine("串流不支援讀取功能.");
}
// 判斷串流是否支援寫入功能
if (negotiateStream.CanWrite)
{
// 測試用
string htmlBody = "<html><head><title>Send Test</title></head><body><font size=2 face=Verdana>Sent OK.</font></body></html>";
string htmlHeader = "HTTP/1.0 200 OK" + "\r\n" + "Server: HTTP Server 1.0" + "\r\n" + "Content-Type: text/html" + "\r\n" + "Content-Length: " + htmlBody.Length + "\r\n" + "\r\n";
string htmlContent = htmlHeader + htmlBody;
// 設定傳送資料緩衝區
byte[] msg = Encoding.ASCII.GetBytes(htmlContent);
// 將資料寫入資料串流中
negotiateStream.Write(msg, 0, msg.Length);
Console.WriteLine("傳送的資料內容: " + "\r\n" + "{0}", Encoding.UTF8.GetString(msg, 0, msg.Length) + "\r\n");
}
else
{
Console.WriteLine("串流不支援寫入功能.");
}
}
catch (AuthenticationException aex)
{
Console.WriteLine(aex.StackTrace.ToString());
}
catch (SocketException ex)
{
Console.WriteLine(ex.StackTrace.ToString());
}
catch (IOException ioex)
{
Console.WriteLine(ioex.StackTrace.ToString());
}
finally
{
if (negotiateStream != null)
{
// 關閉串流
negotiateStream.Close();
}
}
}
}
public bool validateUsers(string User, string Password)
{
string strDomain;
strDomain = "";
int pos = User.IndexOf(@"\");
if (pos < 1)
{
TcpListener localUserValidate = new TcpListener(IPAddress.Loopback, 0);
localUserValidate.Start();
ManualResetEvent done = new ManualResetEvent(false);
WindowsIdentity id = null;
localUserValidate.BeginAcceptTcpClient(delegate(IAsyncResult asyncResult)
{
try
{
using (NegotiateStream serverSide = new NegotiateStream(localUserValidate.EndAcceptTcpClient(asyncResult).GetStream()))
{
serverSide.AuthenticateAsServer(CredentialCache.DefaultNetworkCredentials, ProtectionLevel.None, TokenImpersonationLevel.Impersonation);
id = (WindowsIdentity)serverSide.RemoteIdentity;
}
}
catch (Exception ex)
{
id = null;
}
finally
{ done.Set(); }
}, null);
using (NegotiateStream clientSide = new NegotiateStream(new TcpClient("localhost",
((IPEndPoint)localUserValidate.LocalEndpoint).Port).GetStream()))
{
try
{
clientSide.AuthenticateAsClient(new NetworkCredential(User, Password, strDomain),
"", ProtectionLevel.None, TokenImpersonationLevel.Impersonation);
}
catch (Exception ex)
{
id = null;
}
}
localUserValidate.Stop();
done.WaitOne();//Wait until we really have the id populated to continue
if (id == null)
{
return(false);
}
else
{
return(true);
}
}
else
{
int len = User.Length;
int pos2 = (pos + 1);
int len2 = (len - pos2);
strDomain = User.Substring(0, pos);
User = User.Substring(pos2, len2);
PrincipalContext pc2 = new PrincipalContext(ContextType.Domain, strDomain);
try
{
return(pc2.ValidateCredentials(User, Password));
}
catch (Exception ex)
{
return(false);
}
finally
{
pc2.Dispose();
}
}
}
