} // GetHostName
/*****************************************************************************
* Function : resolve
*
* Abstract: Converts IP/hostnames to IP numerical address using DNS
* Additional methods provided for convenience
* (These methods will resolve strings and hostnames. In case of
* multiple IP addresses, the address returned is chosen arbitrarily.)
*
* Input Parameters: host/IP
*
* Returns: IPAddress
******************************************************************************/
/// <include file='doc\DNS.uex' path='docs/doc[@for="Dns.Resolve"]/*' />
/// <devdoc>
/// <para>Creates an <see cref='System.Net.IPAddress'/>
/// instance from a DNS hostname.</para>
/// </devdoc>
// UEUE
public static IPHostEntry Resolve(string hostName)
{
//
// demand Unrestricted DnsPermission for this call
//
s_DnsPermission.Demand();
//This is a perf optimization, this method call others that will demand and we already did that.
s_DnsPermission.Assert();
IPHostEntry ipHostEntry = null;
try {
if (hostName == null)
{
throw new ArgumentNullException("hostName");
}
GlobalLog.Print("Dns.Resolve: " + hostName);
//
// as a minor perf improvement, we'll look at the first character
// in the hostName and if that's a digit, call GetHostByAddress() first.
// note that GetHostByAddress() will succeed ONLY if the first character is a digit.
// hence if this is not the case, below, we will only call GetHostByName()
// specifically, on Win2k, only the following are valid:
// "11.22.33.44" - success
// "0x0B16212C" - success
// while these will fail or return bogus data (note the prepended spaces):
// " 11.22.33.44" - bogus data
// " 0x0B16212C" - bogus data
// " 0B16212C" - bogus data
// "0B16212C" - failure
//
// IPv6 support: added ':' as a legal character in IP addresses so that
// we can attempt gethostbyaddress first.
//
if (hostName.Length > 0 &&
((hostName[0] >= '0' && hostName[0] <= '9') || // Possible IPv4 or IPv6 numeric
(hostName.IndexOf(':') >= 0))) // Possible IPv6 numeric
{
try {
ipHostEntry = GetHostByAddress(hostName);
}
catch {
//
// this can fail for weird hostnames like 3com.com
//
}
}
if (ipHostEntry == null)
{
ipHostEntry = GetHostByName(hostName);
}
}
finally {
DnsPermission.RevertAssert();
}
return(ipHostEntry);
}
public Authorization Authenticate(string challenge, WebRequest webRequest, ICredentials credentials)
{
GlobalLog.Print("KerberosClient::Authenticate(): " + challenge);
GlobalLog.Assert(credentials != null, "KerberosClient::Authenticate() credentials==null", "");
if (credentials == null)
{
return(null);
}
HttpWebRequest httpWebRequest = webRequest as HttpWebRequest;
GlobalLog.Assert(httpWebRequest != null, "KerberosClient::Authenticate() httpWebRequest==null", "");
if (httpWebRequest == null || httpWebRequest.ChallengedUri == null)
{
//
// there has been no challenge:
// 1) the request never went on the wire
// 2) somebody other than us is calling into AuthenticationManager
//
return(null);
}
int index = AuthenticationManager.FindSubstringNotInQuotes(challenge.ToLower(CultureInfo.InvariantCulture), Signature);
if (index < 0)
{
return(null);
}
int blobBegin = index + SignatureSize;
string incoming = null;
//
// there may be multiple challenges. If the next character after the
// package name is not a comma then it is challenge data
//
if (challenge.Length > blobBegin && challenge[blobBegin] != ',')
{
++blobBegin;
}
else
{
index = -1;
}
if (index >= 0 && challenge.Length > blobBegin)
{
incoming = challenge.Substring(blobBegin);
}
NTAuthentication authSession = sessions[httpWebRequest.CurrentAuthenticationState] as NTAuthentication;
GlobalLog.Print("KerberosClient::Authenticate() key:" + ValidationHelper.HashString(httpWebRequest.CurrentAuthenticationState) + " retrieved authSession:" + ValidationHelper.HashString(authSession));
if (authSession == null)
{
NetworkCredential NC = credentials.GetCredential(httpWebRequest.ChallengedUri, Signature);
GlobalLog.Print("KerberosClient::Authenticate() GetCredential() returns:" + ValidationHelper.ToString(NC));
if (NC == null)
{
return(null);
}
string username = NC.UserName;
if (username == null || (username.Length == 0 && !(NC is SystemNetworkCredential)))
{
return(null);
}
if (httpWebRequest.ChallengedSpn == null)
{
string host = httpWebRequest.ChallengedUri.Host;
if (httpWebRequest.ChallengedUri.HostNameType != UriHostNameType.IPv6 && httpWebRequest.ChallengedUri.HostNameType != UriHostNameType.IPv4 && host.IndexOf('.') == -1)
{
// only do the DNS lookup for short names, no form of IP addess
(new DnsPermission(PermissionState.Unrestricted)).Assert();
try {
host = Dns.GetHostByName(host).HostName;
GlobalLog.Print("KerberosClient::Authenticate() Dns returned host:" + ValidationHelper.ToString(host));
}
catch (Exception exception) {
GlobalLog.Print("KerberosClient::Authenticate() GetHostByName(host) failed:" + ValidationHelper.ToString(exception));
}
finally {
DnsPermission.RevertAssert();
}
}
// CONSIDER V.NEXT
// for now avoid appending the non default port to the
// SPN, sometime in the future we'll have to do this.
// httpWebRequest.ChallengedSpn = httpWebRequest.ChallengedUri.IsDefaultPort ? host : host + ":" + httpWebRequest.ChallengedUri.Port;
httpWebRequest.ChallengedSpn = host;
}
GlobalLog.Print("KerberosClient::Authenticate() ChallengedSpn:" + ValidationHelper.ToString(httpWebRequest.ChallengedSpn));
authSession =
new NTAuthentication(
AuthType,
NC,
"HTTP/" + httpWebRequest.ChallengedSpn,
httpWebRequest.DelegationFix);
GlobalLog.Print("KerberosClient::Authenticate() adding authSession:" + ValidationHelper.HashString(authSession) + " for:" + ValidationHelper.HashString(httpWebRequest.CurrentAuthenticationState));
sessions.Add(httpWebRequest.CurrentAuthenticationState, authSession);
}
bool handshakeComplete;
string clientResponse = authSession.GetOutgoingBlob(incoming, out handshakeComplete);
if (clientResponse == null)
{
return(null);
}
return(new Authorization(AuthType + " " + clientResponse, false, string.Empty));
}
