public SecurityToken GetToken (TimeSpan timeout)
{
bool gss = (TargetAddress.Identity == null);
SspiClientSession sspi = new SspiClientSession ();
WstRequestSecurityToken rst =
new WstRequestSecurityToken ();
// send MessageType1
rst.BinaryExchange = new WstBinaryExchange (Constants.WstBinaryExchangeValueGss);
// When the TargetAddress does not contain the endpoint
// identity, then .net seems to use Kerberos instead of
// raw NTLM.
if (gss)
rst.BinaryExchange.Value = sspi.ProcessSpnegoInitialContextTokenRequest ();
else
rst.BinaryExchange.Value = sspi.ProcessMessageType1 ();
Message request = Message.CreateMessage (IssuerBinding.MessageVersion, Constants.WstIssueAction, rst);
request.Headers.MessageId = new UniqueId ();
request.Headers.ReplyTo = new EndpointAddress (Constants.WsaAnonymousUri);
request.Headers.To = TargetAddress.Uri;
MessageBuffer buffer = request.CreateBufferedCopy (0x10000);
// tlsctx.StoreMessage (buffer.CreateMessage ().GetReaderAtBodyContents ());
// receive MessageType2
Message response = proxy.Issue (buffer.CreateMessage ());
buffer = response.CreateBufferedCopy (0x10000);
// tlsctx.StoreMessage (buffer.CreateMessage ().GetReaderAtBodyContents ());
WSTrustRequestSecurityTokenResponseReader reader =
new WSTrustRequestSecurityTokenResponseReader (Constants.WstSpnegoProofTokenType, buffer.CreateMessage ().GetReaderAtBodyContents (), SecurityTokenSerializer, null);
reader.Read ();
byte [] raw = reader.Value.BinaryExchange.Value;
if (gss)
sspi.ProcessSpnegoInitialContextTokenResponse (raw);
else
sspi.ProcessMessageType2 (raw);
// send MessageType3
WstRequestSecurityTokenResponse rstr =
new WstRequestSecurityTokenResponse (SecurityTokenSerializer);
rstr.Context = reader.Value.Context;
rstr.BinaryExchange = new WstBinaryExchange (Constants.WstBinaryExchangeValueGss);
NetworkCredential cred = owner.Manager.ClientCredentials.Windows.ClientCredential;
string user = string.IsNullOrEmpty (cred.UserName) ? Environment.UserName : cred.UserName;
string pass = cred.Password ?? String.Empty;
if (gss)
rstr.BinaryExchange.Value = sspi.ProcessSpnegoProcessContextToken (user, pass);
else
rstr.BinaryExchange.Value = sspi.ProcessMessageType3 (user, pass);
request = Message.CreateMessage (IssuerBinding.MessageVersion, Constants.WstIssueReplyAction, rstr);
request.Headers.MessageId = new UniqueId ();
request.Headers.ReplyTo = new EndpointAddress (Constants.WsaAnonymousUri);
request.Headers.To = TargetAddress.Uri;
buffer = request.CreateBufferedCopy (0x10000);
// tlsctx.StoreMessage (buffer.CreateMessage ().GetReaderAtBodyContents ());
proxy = new WSTrustSecurityTokenServiceProxy (
IssuerBinding, IssuerAddress);
response = proxy.IssueReply (buffer.CreateMessage ());
// FIXME: use correct limitation
buffer = response.CreateBufferedCopy (0x10000);
// don't store this message for ckhash (it's not part
// of exchange)
/* Console.WriteLine (buffer.CreateMessage ()); */
throw new NotImplementedException ();
}
public SecurityToken GetToken(TimeSpan timeout)
{
bool gss = (TargetAddress.Identity == null);
SspiClientSession sspi = new SspiClientSession();
WstRequestSecurityToken rst =
new WstRequestSecurityToken();
// send MessageType1
rst.BinaryExchange = new WstBinaryExchange(Constants.WstBinaryExchangeValueGss);
// When the TargetAddress does not contain the endpoint
// identity, then .net seems to use Kerberos instead of
// raw NTLM.
if (gss)
{
rst.BinaryExchange.Value = sspi.ProcessSpnegoInitialContextTokenRequest();
}
else
{
rst.BinaryExchange.Value = sspi.ProcessMessageType1();
}
Message request = Message.CreateMessage(IssuerBinding.MessageVersion, Constants.WstIssueAction, rst);
request.Headers.MessageId = new UniqueId();
request.Headers.ReplyTo = new EndpointAddress(Constants.WsaAnonymousUri);
request.Headers.To = TargetAddress.Uri;
MessageBuffer buffer = request.CreateBufferedCopy(0x10000);
// tlsctx.StoreMessage (buffer.CreateMessage ().GetReaderAtBodyContents ());
// receive MessageType2
Message response = proxy.Issue(buffer.CreateMessage());
buffer = response.CreateBufferedCopy(0x10000);
// tlsctx.StoreMessage (buffer.CreateMessage ().GetReaderAtBodyContents ());
WSTrustRequestSecurityTokenResponseReader reader =
new WSTrustRequestSecurityTokenResponseReader(Constants.WstSpnegoProofTokenType, buffer.CreateMessage().GetReaderAtBodyContents(), SecurityTokenSerializer, null);
reader.Read();
byte [] raw = reader.Value.BinaryExchange.Value;
if (gss)
{
sspi.ProcessSpnegoInitialContextTokenResponse(raw);
}
else
{
sspi.ProcessMessageType2(raw);
}
// send MessageType3
WstRequestSecurityTokenResponse rstr =
new WstRequestSecurityTokenResponse(SecurityTokenSerializer);
rstr.Context = reader.Value.Context;
rstr.BinaryExchange = new WstBinaryExchange(Constants.WstBinaryExchangeValueGss);
NetworkCredential cred = owner.Manager.ClientCredentials.Windows.ClientCredential;
string user = string.IsNullOrEmpty(cred.UserName) ? Environment.UserName : cred.UserName;
string pass = cred.Password ?? String.Empty;
if (gss)
{
rstr.BinaryExchange.Value = sspi.ProcessSpnegoProcessContextToken(user, pass);
}
else
{
rstr.BinaryExchange.Value = sspi.ProcessMessageType3(user, pass);
}
request = Message.CreateMessage(IssuerBinding.MessageVersion, Constants.WstIssueReplyAction, rstr);
request.Headers.MessageId = new UniqueId();
request.Headers.ReplyTo = new EndpointAddress(Constants.WsaAnonymousUri);
request.Headers.To = TargetAddress.Uri;
buffer = request.CreateBufferedCopy(0x10000);
// tlsctx.StoreMessage (buffer.CreateMessage ().GetReaderAtBodyContents ());
proxy = new WSTrustSecurityTokenServiceProxy(
IssuerBinding, IssuerAddress);
response = proxy.IssueReply(buffer.CreateMessage());
// FIXME: use correct limitation
buffer = response.CreateBufferedCopy(0x10000);
// don't store this message for ckhash (it's not part
// of exchange)
/* Console.WriteLine (buffer.CreateMessage ()); */
throw new NotImplementedException();
}
