Пример #1
0
        //
        //
        //
        internal SpnToken GetComputeSpn(HttpWebRequest httpWebRequest)
        {
            if (ChallengedSpn != null)
            {
                return(ChallengedSpn);
            }

            bool trustNewHost = true; // Assume trusted unless proven otherwise

            string   spnKey   = httpWebRequest.ChallengedUri.GetParts(UriComponents.Scheme | UriComponents.Host | UriComponents.Port | UriComponents.Path, UriFormat.SafeUnescaped);
            SpnToken spnToken = AuthenticationManager.SpnDictionary.InternalGet(spnKey);

            if (spnToken == null || spnToken.Spn == null)
            {
                string host;
                if (!IsProxyAuth && (httpWebRequest.ServicePoint.InternalProxyServicePoint || httpWebRequest.UseCustomHost))
                {
                    // Here the NT-Security folks need us to attempt a DNS lookup to figure out
                    // the FQDN. only do the lookup for short names (no IP addresses or DNS names)
                    //
                    // Initialize a backup value
                    host = httpWebRequest.ChallengedUri.Host;
                    // This host comes from the request/user, assume Trusted unless proven otherwise.

                    if (httpWebRequest.ChallengedUri.HostNameType != UriHostNameType.IPv6 &&
                        httpWebRequest.ChallengedUri.HostNameType != UriHostNameType.IPv4 &&
                        host.IndexOf('.') == -1)
                    {
                        try {
                            //



                            IPHostEntry result;
                            if (Dns.TryInternalResolve(host, out result))
                            {
                                host          = result.HostName;
                                trustNewHost &= result.isTrustedHost; // Can only lose trust
                            }
                        }
                        catch (Exception exception) {
                            if (NclUtilities.IsFatal(exception))
                            {
                                throw;
                            }
                            GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::GetComputeSpn() GetHostByName(host) failed:" + ValidationHelper.ToString(exception));
                        }
                    }
                }
                else
                {
                    // For this cases we already did a DNS lookup

                    //



                    host          = httpWebRequest.ServicePoint.Hostname;
                    trustNewHost &= httpWebRequest.ServicePoint.IsTrustedHost; // Can only lose trust
                }
                string spn = "HTTP/" + host;
                spnKey   = httpWebRequest.ChallengedUri.GetParts(UriComponents.SchemeAndServer, UriFormat.SafeUnescaped) + "/";
                spnToken = new SpnToken(spn, trustNewHost);
                AuthenticationManager.SpnDictionary.InternalSet(spnKey, spnToken);
            }
            ChallengedSpn = spnToken;
            return(ChallengedSpn);
        }
        internal void Resolve()
        {
            //
            // if we already resolved this name then don't do it again
            //

            if (cached)
            {
                return;
            }

            //
            // IP wildcards are not resolved
            //

            if (wildcard)
            {
                return;
            }

            //
            // IP addresses with wildcards are allowed in permissions
            //

            if (IsValidWildcard)
            {
                wildcard = true;
                cached   = true;
                return;
            }

            //
            // Check if the permission was specified as numeric IP.
            //
            IPAddress ipaddr;

            if (IPAddress.TryParse(hostname, out ipaddr))
            {
                address    = new IPAddress[1];
                address[0] = ipaddr;
                cached     = true;
                return;
            }

            //
            // Not numeric: use GetHostByName to determine addresses
            //
            try {
                IPHostEntry ipHostEntry;
                if (Dns.TryInternalResolve(hostname, out ipHostEntry))
                {
                    address = ipHostEntry.AddressList;
                }

                // NB: It never caches DNS responses
                //
            }
            catch (SecurityException) {
                throw;
            }
            catch {
                // ignore second exception
            }
        }