AuthenticateAsServerAsync() public method

public AuthenticateAsServerAsync ( ) : Task
return Task
Exemplo n.º 1
0
        public void NegotiateStream_EchoServer_ClientWriteRead_Successive_Async_Success()
        {
            if (!_isKrbAvailable)
            {
                _output.WriteLine("skipping NegotiateStream_EchoServer_ClientWriteRead_Successive_Async_Success");
                return;
            }

            VirtualNetwork network = new VirtualNetwork();

            byte[] firstRecvBuffer  = new byte[_firstMessage.Length];
            byte[] secondRecvBuffer = new byte[_secondMessage.Length];

            using (var clientStream = new VirtualNetworkStream(network, isServer: false))
                using (var serverStream = new VirtualNetworkStream(network, isServer: true))
                    using (var client = new NegotiateStream(clientStream))
                        using (var server = new UnixGssFakeNegotiateStream(serverStream))
                        {
                            Assert.False(client.IsAuthenticated, "client is not authenticated before AuthenticateAsClient call");

                            Task[]            auth       = new Task[2];
                            string            user       = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm);
                            string            target     = string.Format("{0}@{1}", TestConfiguration.HostTarget, TestConfiguration.Realm);
                            NetworkCredential credential = new NetworkCredential(user, _fixture.password);
                            auth[0] = client.AuthenticateAsClientAsync(credential, target);
                            auth[1] = server.AuthenticateAsServerAsync();
                            bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds);
                            Assert.True(finished, "Handshake completed in the allotted time");

                            Task   serverTask = server.PollMessageAsync(2);
                            Task[] msgTasks   = new Task[3];
                            msgTasks[0] = client.WriteAsync(_firstMessage, 0, _firstMessage.Length).ContinueWith((t) =>
                                                                                                                 client.WriteAsync(_secondMessage, 0, _secondMessage.Length));
                            msgTasks[1] = client.ReadAsync(firstRecvBuffer, 0, firstRecvBuffer.Length).ContinueWith((t) =>
                                                                                                                    client.ReadAsync(secondRecvBuffer, 0, secondRecvBuffer.Length));
                            msgTasks[2] = serverTask;
                            finished    = Task.WaitAll(msgTasks, TestConfiguration.PassingTestTimeoutMilliseconds);
                            Assert.True(finished, "Messages sent and received in the allotted time");
                            Assert.True(_firstMessage.SequenceEqual(firstRecvBuffer), "The first message received is as expected");
                            Assert.True(_secondMessage.SequenceEqual(secondRecvBuffer), "The second message received is as expected");
                        }
        }
Exemplo n.º 2
0
        public void NegotiateStream_StreamToStream_AuthToHttpTarget_Success()
        {
            if (!_isKrbAvailable)
            {
                _output.WriteLine("skipping NegotiateStream_StreamToStream_AuthToHttpTarget_Success");
                return;
            }

            VirtualNetwork network = new VirtualNetwork();

            using (var clientStream = new VirtualNetworkStream(network, isServer: false))
                using (var serverStream = new VirtualNetworkStream(network, isServer: true))
                    using (var client = new NegotiateStream(clientStream))
                        using (var server = new UnixGssFakeNegotiateStream(serverStream))
                        {
                            Assert.False(client.IsAuthenticated);

                            Task[]            auth       = new Task[2];
                            string            user       = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm);
                            string            target     = string.Format("{0}@{1}", TestConfiguration.HttpTarget, TestConfiguration.Realm);
                            NetworkCredential credential = new NetworkCredential(user, _fixture.password);
                            auth[0] = client.AuthenticateAsClientAsync(credential, target);
                            auth[1] = server.AuthenticateAsServerAsync();

                            bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds);
                            Assert.True(finished, "Handshake completed in the allotted time");

                            // Expected Client property values:
                            Assert.True(client.IsAuthenticated, "client.IsAuthenticated");
                            Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel);
                            Assert.True(client.IsEncrypted, "client.IsEncrypted");
                            Assert.True(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated");
                            Assert.False(client.IsServer, "client.IsServer");
                            Assert.True(client.IsSigned, "client.IsSigned");
                            Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStream");

                            IIdentity serverIdentity = client.RemoteIdentity;
                            Assert.Equal("Kerberos", serverIdentity.AuthenticationType);
                            Assert.True(serverIdentity.IsAuthenticated, "serverIdentity.IsAuthenticated");
                            IdentityValidator.AssertHasName(serverIdentity, target);
                        }
        }
Exemplo n.º 3
0
        public void NegotiateStream_StreamToStream_NtlmAuthentication_Fallback_Success()
        {
            if (!_isNtlmAvailable)
            {
                _output.WriteLine("skipping NegotiateStream_StreamToStream_NtlmAuthentication_EmptyTarget_KerberosUser_Fallback_Success");
                return;
            }

            VirtualNetwork network = new VirtualNetwork();

            using (var clientStream = new VirtualNetworkStream(network, isServer: false))
                using (var serverStream = new VirtualNetworkStream(network, isServer: true))
                    using (var client = new NegotiateStream(clientStream))
                        using (var server = new UnixGssFakeNegotiateStream(serverStream))
                        {
                            Assert.False(client.IsAuthenticated, "client.IsAuthenticated");
                            Assert.False(server.IsAuthenticated, "server.IsAuthenticated");

                            string            user       = string.Format("{0}@{1}", TestConfiguration.NtlmUser, TestConfiguration.Domain);
                            NetworkCredential credential = new NetworkCredential(user, TestConfiguration.NtlmPassword);
                            Task[]            auth       = new Task[] {
                                client.AuthenticateAsClientAsync(credential, TestConfiguration.HostTarget),
                                server.AuthenticateAsServerAsync()
                            };

                            bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds);
                            Assert.True(finished, "Handshake completed in the allotted time");

                            // Expected Client property values:
                            Assert.True(client.IsAuthenticated, "client.IsAuthenticated");
                            Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel);
                            Assert.True(client.IsEncrypted, "client.IsEncrypted");
                            Assert.False(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated");
                            Assert.False(client.IsServer, "client.IsServer");
                            Assert.True(client.IsSigned, "client.IsSigned");
                            Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStreamOpen");

                            IIdentity serverIdentity = client.RemoteIdentity;
                            Assert.Equal("NTLM", serverIdentity.AuthenticationType);
                            Assert.False(serverIdentity.IsAuthenticated, "serverIdentity.IsAuthenticated");
                        }
        }
Exemplo n.º 4
0
        public void NegotiateStream_StreamToStream_NtlmAuthentication_NtlmUser_InvalidCredentials_Fail(NetworkCredential credential)
        {
            if (!_isNtlmAvailable)
            {
                _output.WriteLine("skipping NegotiateStream_StreamToStream_NtlmAuthentication_NtlmUser_InvalidCredentials_Fail");
                return;
            }

            VirtualNetwork network = new VirtualNetwork();

            using (var clientStream = new VirtualNetworkStream(network, isServer: false))
                using (var serverStream = new VirtualNetworkStream(network, isServer: true))
                    using (var client = new NegotiateStream(clientStream))
                        using (var server = new UnixGssFakeNegotiateStream(serverStream))
                        {
                            Assert.False(client.IsAuthenticated, "client.IsAuthenticated");
                            Assert.ThrowsAsync <AuthenticationException>(() => server.AuthenticateAsServerAsync());
                            Assert.ThrowsAsync <AuthenticationException>(() => client.AuthenticateAsClientAsync(credential, _testTarget, ProtectionLevel.None, TokenImpersonationLevel.Identification));
                        }
        }
        public async Task NegotiateStream_StreamToStream_NtlmAuthentication_KerberosCreds_Success()
        {
            if (!_isNtlmAvailable)
            {
                _output.WriteLine("skipping NegotiateStream_StreamToStream_NtlmAuthentication_KerberosCreds_Success");
                return;
            }

            VirtualNetwork network = new VirtualNetwork();

            using (var clientStream = new VirtualNetworkStream(network, isServer: false))
                using (var serverStream = new VirtualNetworkStream(network, isServer: true))
                    using (var client = new NegotiateStream(clientStream))
                        using (var server = new UnixGssFakeNegotiateStream(serverStream))
                        {
                            Assert.False(client.IsAuthenticated, "client.IsAuthenticated");
                            Assert.False(server.IsAuthenticated, "server.IsAuthenticated");

                            string            user       = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm);
                            NetworkCredential credential = new NetworkCredential(user, _fixture.password);
                            Task[]            auth       = new Task[] {
                                client.AuthenticateAsClientAsync(credential, TestConfiguration.HttpTarget, ProtectionLevel.None, TokenImpersonationLevel.Identification),
                                server.AuthenticateAsServerAsync()
                            };
                            await TestConfiguration.WhenAllOrAnyFailedWithTimeout(auth);

                            // Expected Client property values:
                            Assert.True(client.IsAuthenticated, "client.IsAuthenticated");
                            Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel);
                            Assert.False(client.IsEncrypted, "client.IsEncrypted");
                            Assert.False(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated");
                            Assert.False(client.IsServer, "client.IsServer");
                            Assert.False(client.IsSigned, "client.IsSigned");
                            Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStreamOpen");

                            IIdentity serverIdentity = client.RemoteIdentity;
                            Assert.Equal("NTLM", serverIdentity.AuthenticationType);
                            Assert.True(serverIdentity.IsAuthenticated, "server identity is authenticated");
                            IdentityValidator.AssertHasName(serverIdentity, TestConfiguration.HttpTarget);
                        }
        }
Exemplo n.º 6
0
        public void NegotiateStream_StreamToStream_NtlmAuthentication_ValidCredentials_Success(NetworkCredential credential)
        {
            if (!_isNtlmAvailable)
            {
                _output.WriteLine("skipping NegotiateStream_StreamToStream_NtlmAuthentication_ValidCredentials_Success");
                return;
            }

            VirtualNetwork network = new VirtualNetwork();

            using (var clientStream = new VirtualNetworkStream(network, isServer: false))
                using (var serverStream = new VirtualNetworkStream(network, isServer: true))
                    using (var client = new NegotiateStream(clientStream))
                        using (var server = new UnixGssFakeNegotiateStream(serverStream))
                        {
                            Assert.False(client.IsAuthenticated, "client.IsAuthenticated");
                            Assert.False(server.IsAuthenticated, "server.IsAuthenticated");

                            Task[] auth = new Task[] {
                                client.AuthenticateAsClientAsync(credential, _testTarget, ProtectionLevel.None, TokenImpersonationLevel.Identification),
                                server.AuthenticateAsServerAsync()
                            };

                            bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds);
                            Assert.True(finished, "Handshake completed in the allotted time");

                            // Expected Client property values:
                            Assert.True(client.IsAuthenticated, "client.IsAuthenticated");
                            Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel);
                            Assert.False(client.IsEncrypted, "client.IsEncrypted");
                            Assert.False(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated");
                            Assert.False(client.IsServer, "client.IsServer");
                            Assert.False(client.IsSigned, "client.IsSigned");
                            Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStreamOpen");

                            IIdentity serverIdentity = client.RemoteIdentity;
                            Assert.Equal("NTLM", serverIdentity.AuthenticationType);
                            Assert.True(serverIdentity.IsAuthenticated, "serverIdentity.IsAuthenticated");
                            IdentityValidator.AssertHasName(serverIdentity, _testTarget);
                        }
        }
        public async Task NegotiateStream_EchoServer_ClientWriteRead_Successive_Sync_Success()
        {
            if (!_isKrbAvailable)
            {
                _output.WriteLine("skipping NegotiateStream_EchoServer_ClientWriteRead_Successive_Sync_Success");
                return;
            }

            VirtualNetwork network = new VirtualNetwork();

            byte[] firstRecvBuffer  = new byte[_firstMessage.Length];
            byte[] secondRecvBuffer = new byte[_secondMessage.Length];

            using (var clientStream = new VirtualNetworkStream(network, isServer: false))
                using (var serverStream = new VirtualNetworkStream(network, isServer: true))
                    using (var client = new NegotiateStream(clientStream))
                        using (var server = new UnixGssFakeNegotiateStream(serverStream))
                        {
                            Assert.False(client.IsAuthenticated, "client is not authenticated before AuthenticateAsClient call");

                            string            user       = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm);
                            string            target     = string.Format("{0}@{1}", TestConfiguration.HostTarget, TestConfiguration.Realm);
                            NetworkCredential credential = new NetworkCredential(user, _fixture.password);
                            Task[]            auth       = new Task[] {
                                client.AuthenticateAsClientAsync(credential, target),
                                server.AuthenticateAsServerAsync()
                            };
                            await TestConfiguration.WhenAllOrAnyFailedWithTimeout(auth);

                            Task svrMsgTask = server.PollMessageAsync(2);

                            client.Write(_firstMessage, 0, _firstMessage.Length);
                            client.Write(_secondMessage, 0, _secondMessage.Length);
                            client.Read(firstRecvBuffer, 0, firstRecvBuffer.Length);
                            client.Read(secondRecvBuffer, 0, secondRecvBuffer.Length);
                            Assert.True(_firstMessage.SequenceEqual(firstRecvBuffer), "first message received is as expected");
                            Assert.True(_secondMessage.SequenceEqual(secondRecvBuffer), "second message received is as expected");
                            await svrMsgTask.TimeoutAfter(TestConfiguration.PassingTestTimeoutMilliseconds);
                        }
        }
Exemplo n.º 8
0
        public void NegotiateStream_StreamToStream_KerberosAuthInvalidUser_Failure()
        {
            if (!_isKrbAvailable)
            {
                _output.WriteLine("skipping NegotiateStream_StreamToStream_KerberosAuthInvalidUser_Failure");
                return;
            }

            VirtualNetwork network = new VirtualNetwork();

            using (var clientStream = new VirtualNetworkStream(network, isServer: false))
                using (var serverStream = new VirtualNetworkStream(network, isServer: true))
                    using (var client = new NegotiateStream(clientStream))
                        using (var server = new UnixGssFakeNegotiateStream(serverStream))
                        {
                            Assert.False(client.IsAuthenticated, "client is not authenticated by default");

                            string            user       = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm);
                            string            target     = string.Format("{0}@{1}", TestConfiguration.HostTarget, TestConfiguration.Realm);
                            NetworkCredential credential = new NetworkCredential(user.Substring(1), _fixture.password);
                            Assert.ThrowsAsync <AuthenticationException>(() => client.AuthenticateAsClientAsync(credential, target));
                            Assert.ThrowsAsync <AuthenticationException>(() => server.AuthenticateAsServerAsync());
                        }
        }