internal NTAuthentication(ConnectionInfo connectionInfo, SecurityContextMode securityContextMode)
{
this.m_isSchannel = connectionInfo.IsSchannelSspi();
this.InitializeSPN(connectionInfo);
this.InitializePackageSpecificMembers(connectionInfo.Sspi);
this.InitializeFlags(connectionInfo, securityContextMode);
this.InitializeCredentialsHandle(connectionInfo);
this.m_Endianness = Endianness.Network;
this.m_SecurityContext = new SecurityContext(securityContextMode);
}
public SecurityContext(SecurityContextMode securityContextMode)
{
this.Handle.Reset();
this.SecurityContextMode = securityContextMode;
}
private void InitializeFlags(ConnectionInfo connectionInfo, SecurityContextMode securityContextMode)
{
string sspi = connectionInfo.Sspi;
ImpersonationLevel impersonationLevel = connectionInfo.ImpersonationLevel;
if (this.m_isSchannel)
{
switch (securityContextMode)
{
case SecurityContextMode.block:
this.CheckIfCapabilityIsSupported(sspi, PackageCapabilities.Connection);
this.m_RequestedFlags = ContextFlags.Connection;
break;
case SecurityContextMode.stream:
this.CheckIfCapabilityIsSupported(sspi, PackageCapabilities.Stream);
this.m_RequestedFlags = ContextFlags.Stream;
break;
default:
throw new AdomdConnectionException("Unsupported TLS mode " + securityContextMode.ToString(), null, ConnectionExceptionCause.AuthenticationFailed);
}
switch (impersonationLevel)
{
case ImpersonationLevel.Anonymous:
case ImpersonationLevel.Identify:
case ImpersonationLevel.Impersonate:
switch (connectionInfo.ProtectionLevel)
{
case ProtectionLevel.None:
case ProtectionLevel.Connection:
case ProtectionLevel.Integrity:
throw new AdomdConnectionException(XmlaSR.Authentication_Sspi_SchannelSupportsOnlyPrivacyLevel, null, ConnectionExceptionCause.AuthenticationFailed);
case ProtectionLevel.Privacy:
this.m_RequestedFlags |= (ContextFlags.ReplayDetect | ContextFlags.SequenceDetect | ContextFlags.Confidentiality | ContextFlags.UseSuppliedCreds | ContextFlags.Integrity);
return;
default:
throw new AdomdConnectionException(XmlaSR.Authentication_Sspi_SchannelUnsupportedProtectionLevel, null, ConnectionExceptionCause.AuthenticationFailed);
}
case ImpersonationLevel.Delegate:
throw new AdomdConnectionException(XmlaSR.Authentication_Sspi_SchannelCantDelegate, null, ConnectionExceptionCause.AuthenticationFailed);
default:
throw new AdomdConnectionException(XmlaSR.Authentication_Sspi_SchannelUnsupportedImpersonationLevel, null, ConnectionExceptionCause.AuthenticationFailed);
}
}
else
{
this.m_RequestedFlags = (ContextFlags.MutualAuth | ContextFlags.Connection);
switch (impersonationLevel)
{
case ImpersonationLevel.Identify:
this.m_RequestedFlags |= ContextFlags.Identify;
break;
case ImpersonationLevel.Impersonate:
this.CheckIfCapabilityIsSupported(sspi, PackageCapabilities.Impersonation);
break;
case ImpersonationLevel.Delegate:
this.m_RequestedFlags |= ContextFlags.Delegate;
break;
}
switch (connectionInfo.ProtectionLevel)
{
case ProtectionLevel.Connection:
this.m_RequestedFlags |= ContextFlags.NoIntegrity;
return;
case ProtectionLevel.Integrity:
this.CheckIfCapabilityIsSupported(sspi, PackageCapabilities.Integrity);
this.m_RequestedFlags |= (ContextFlags.ReplayDetect | ContextFlags.SequenceDetect | ContextFlags.Integrity);
return;
case ProtectionLevel.Privacy:
this.CheckIfCapabilityIsSupported(sspi, PackageCapabilities.Privacy);
this.m_RequestedFlags |= (ContextFlags.ReplayDetect | ContextFlags.SequenceDetect | ContextFlags.Confidentiality | ContextFlags.Integrity);
return;
default:
return;
}
}
}
