public static void Execute()
{
var ntlmManager = new KendarNtlmNet("SrvNonce");
//Receive type
var type1messageFromClient = ReceiveType1Message();
ntlmManager.ReadFirstResponse(TYPE_2_MESSAGE.Substring(5));
var type2messageForClient = "NTLM " + ntlmManager.SetupChallenge(type1messageFromClient.Substring(5));
//SendType2Message(type2messageForClient);
var type3messageFromClient = ReceiveType3Message();
ntlmManager.ReadResponse(type3messageFromClient.Substring(5));
if (!ntlmManager.VerifyResponse(PASSWORD))
{
throw new Exception("Invalid credentials");
}
if (ntlmManager.User != USER_NAME)
{
throw new Exception("Invalid username");
}
if (ntlmManager.Domain != DOMAIN.ToUpperInvariant())
{
throw new Exception("Invalid domain");
}
if (ntlmManager.Host != HOST.ToUpperInvariant())
{
throw new Exception("Invalid host");
}
Console.WriteLine("Success!!");
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
const string nonce = "SrvNonce";
var context = filterContext.HttpContext;
var ntlmManager = new KendarNtlmNet(nonce, "domain");
if (context.Request.Headers["Authorization"] == null)
{
context.Response.Clear();
context.Response.Headers.Add("WWW-Authenticate", "NTLM");
context.Response.Headers.Add("Connection", "Keep-Alive");
context.Response.StatusCode = 401;
filterContext.Result = new EmptyResult();
context.Response.End();
}
else if (context.Request.Headers["Authorization"] != null)
{
var auth = context.Request.Headers["Authorization"];
if (auth.ToUpperInvariant().StartsWith("NTLM "))
{
var ntlmAuth = auth.Substring(5);
var blob = Convert.FromBase64String(ntlmAuth);
if (blob[8] == 0x01)
{
var type2Message = ntlmManager.SetupChallenge(ntlmAuth);
context.Response.Clear();
context.Response.Headers.Add("WWW-Authenticate", "NTLM " + type2Message);
context.Response.Headers.Add("Connection", "Keep-Alive");
context.Response.StatusCode = 401;
filterContext.Result = new EmptyResult();
context.Response.End();
}
else if (blob[8] == 0x03)
{
ntlmManager.ReadResponse(ntlmAuth);
var password = GetUserPassword(ntlmManager.User);
if (ntlmManager.VerifyResponse(password))
{
context.Response.StatusCode = 200;
}
else
{
//Switch to basic
context.Response.Clear();
context.Response.Headers.Add("WWW-Authenticate", "Basic realm=\"Secure Area\"");
context.Response.Headers.Add("Connection", "Keep-Alive");
context.Response.StatusCode = 401;
filterContext.Result = new EmptyResult();
context.Response.End();
}
}
}
else if (auth.ToUpperInvariant().StartsWith("BASIC "))
{
byte[] encodedDataAsBytes = Convert.FromBase64String(auth.Replace("Basic ", ""));
string value = Encoding.ASCII.GetString(encodedDataAsBytes);
string username = value.Substring(0, value.IndexOf(':'));
string passwordReceived = value.Substring(value.IndexOf(':') + 1);
var passwordExpected = GetUserPassword(username);
if (passwordExpected == passwordReceived)
{
context.Response.StatusCode = 200;
}
else
{
filterContext.Result = new HttpStatusCodeResult(401);
}
}
}
}
