private void initNSSPI()
{
//singleton init for NSSPI API
if (NSSPIInitiated)
{
return;
}
var packageName = SecPackageName;
NSSPIclientCred = new ClientCurrentCredential(packageName);
Debug.WriteLine("NSSPI Client Auth Principle: " + NSSPIclientCred.PrincipleName);
byte[] NSSPIClientToken = null;
byte[] NSSPIChallangeToken = null;
NSSPIclient = new ClientContext(
NSSPIclientCred,
getBestSPNGuess(),//this is the SPN which is required in case we are using Kerberos. Needs to either be the machine name of the remote resource, or be in the format of HTTP/<hostname> - ip's don't work
ContextAttrib.MutualAuth |
//ContextAttrib.InitIdentify |
//ContextAttrib.Confidentiality |
ContextAttrib.ReplayDetect |
ContextAttrib.SequenceDetect |
ContextAttrib.Connection |
ContextAttrib.Delegate
);
NSSPIInitiated = true;
}
static void testnsspi()
{
var packageName = "NTLM";
ClientCurrentCredential clientCred = new ClientCurrentCredential(packageName);
//ServerCurrentCredential serverCred = new ServerCurrentCredential(packageName);
Console.WriteLine("NSSPI Client Auth Principle: " + clientCred.PrincipleName);
//Console.WriteLine("NSSPI Server Auth Principle: " + serverCred.PrincipleName);
byte[] NTLMClientToken1 = null;
byte[] serverToken = null;
SecurityStatus clientStatus;
ClientContext client = new ClientContext(
clientCred,
clientCred.PrincipleName,
ContextAttrib.MutualAuth |
ContextAttrib.InitIdentify |
ContextAttrib.Confidentiality |
ContextAttrib.ReplayDetect |
ContextAttrib.SequenceDetect |
ContextAttrib.Connection |
ContextAttrib.Delegate
);
clientStatus = client.Init(serverToken, out NTLMClientToken1);
Console.WriteLine("NSSPI ClientStatus NTLM1: " + clientStatus.ToString());
Console.WriteLine("NTLMToken1: " + Convert.ToBase64String(NTLMClientToken1));
}
private void initNTLMClientAuth()
{
//singleton init
if (NSSPIInitiated)
{
return;
}
var packageName = "NTLM";
NSSPIclientCred = new ClientCurrentCredential(packageName);
Debug.WriteLine("NSSPI Client Auth Principle: " + NSSPIclientCred.PrincipleName);
byte[] NTLMClientToken = null;
byte[] serverToken = null;
NSSPIclient = new ClientContext(
NSSPIclientCred,
NSSPIclientCred.PrincipleName,
ContextAttrib.MutualAuth |
ContextAttrib.InitIdentify |
ContextAttrib.Confidentiality |
ContextAttrib.ReplayDetect |
ContextAttrib.SequenceDetect |
ContextAttrib.Connection |
ContextAttrib.Delegate
);
NSSPIInitiated = true;
}
public SaslGssapiProfile(string name, string principal)
: base(name)
{
clientCred = new ClientCurrentCredential(PackageNames.Kerberos);
client = new ClientContext(
clientCred,
principal,
ContextAttrib.MutualAuth |
//ContextAttrib.InitIdentify |
//ContextAttrib.Confidentiality |
//ContextAttrib.ReplayDetect |
//ContextAttrib.SequenceDetect |
//ContextAttrib.Connection |
ContextAttrib.Delegate
);
clientToken = null;
}
private void InitializeSSPIContext()
{
if (sspiContext != null)
{
return;
}
var credential = new ClientCurrentCredential(PackageNames.Ntlm);
sspiContext = new ClientContext(
credential,
string.Empty,
ContextAttrib.InitIntegrity |
ContextAttrib.ReplayDetect |
ContextAttrib.SequenceDetect |
ContextAttrib.Confidentiality);
}
public AuthToken(int statusCode, StringReader lineReader)
{
m_AuthenticateHeader = CODE_TO_AUTHENTICATE_HEADER[statusCode];
m_Header = CODE_TO_HEADER[statusCode];
SetFirstHeaders(lineReader);
m_ClientCred = new ClientCurrentCredential(m_AuthProtocol);
m_Client = new ClientContext(
m_ClientCred,
"",
ContextAttrib.MutualAuth |
ContextAttrib.InitIdentify |
ContextAttrib.Confidentiality |
ContextAttrib.ReplayDetect |
ContextAttrib.SequenceDetect |
ContextAttrib.Connection |
ContextAttrib.Delegate
);
}
public ClientForm()
{
this.connected = false;
this.initializing = false;
this.lastServerToken = null;
// --- UI ---
InitializeComponent();
this.connectButton.Click += connectButton_Click;
this.disconnectButton.Click += disconnectButton_Click;
this.encryptButton.Click += encryptButton_Click;
this.signButton.Click += signButton_Click;
this.FormClosing += Form1_FormClosing;
// --- SSPI ---
this.cred = new ClientCurrentCredential(PackageNames.Negotiate);
this.context = new ClientContext(
cred,
"",
ContextAttrib.InitIntegrity |
ContextAttrib.ReplayDetect |
ContextAttrib.SequenceDetect |
ContextAttrib.MutualAuth |
ContextAttrib.Delegate |
ContextAttrib.Confidentiality
);
this.connection = new CustomConnection();
this.connection.Received += connection_Received;
this.connection.Disconnected += connection_Disconnected;
// --- UI Fillout ---
this.usernameTextbox.Text = this.cred.PrincipleName;
UpdateButtons();
}
private static void CredTest(string packageName)
{
ClientCurrentCredential clientCred = null;
ClientContext client = null;
ServerCurrentCredential serverCred = null;
ServerContext server = null;
byte[] clientToken;
byte[] serverToken;
SecurityStatus clientStatus;
SecurityStatus serverStatus;
try
{
clientCred = new ClientCurrentCredential(packageName);
serverCred = new ServerCurrentCredential(packageName);
Console.Out.WriteLine(clientCred.PrincipleName);
client = new ClientContext(
clientCred,
serverCred.PrincipleName,
ContextAttrib.MutualAuth |
ContextAttrib.InitIdentify |
ContextAttrib.Confidentiality |
ContextAttrib.ReplayDetect |
ContextAttrib.SequenceDetect |
ContextAttrib.Connection |
ContextAttrib.Delegate
);
server = new ServerContext(
serverCred,
ContextAttrib.MutualAuth |
ContextAttrib.AcceptIdentify |
ContextAttrib.Confidentiality |
ContextAttrib.ReplayDetect |
ContextAttrib.SequenceDetect |
ContextAttrib.Connection |
ContextAttrib.Delegate
);
clientToken = null;
serverToken = null;
clientStatus = client.Init(serverToken, out clientToken);
while (true)
{
serverStatus = server.AcceptToken(clientToken, out serverToken);
if (serverStatus != SecurityStatus.ContinueNeeded && clientStatus != SecurityStatus.ContinueNeeded)
{
break;
}
clientStatus = client.Init(serverToken, out clientToken);
if (serverStatus != SecurityStatus.ContinueNeeded && clientStatus != SecurityStatus.ContinueNeeded)
{
break;
}
}
Console.Out.WriteLine("Server authority: " + server.AuthorityName);
Console.Out.WriteLine("Server context user: "******"Client authority: " + client.AuthorityName);
Console.Out.WriteLine("Client context user: "******"Hello, world. This is a long message that will be encrypted";
string rtMessage;
byte[] plainText = new byte[Encoding.UTF8.GetByteCount(message)];
byte[] cipherText;
byte[] roundTripPlaintext;
Encoding.UTF8.GetBytes(message, 0, message.Length, plainText, 0);
cipherText = client.Encrypt(plainText);
roundTripPlaintext = server.Decrypt(cipherText);
if (roundTripPlaintext.Length != plainText.Length)
{
throw new Exception();
}
for (int i = 0; i < plainText.Length; i++)
{
if (plainText[i] != roundTripPlaintext[i])
{
throw new Exception();
}
}
rtMessage = Encoding.UTF8.GetString(roundTripPlaintext, 0, roundTripPlaintext.Length);
if (rtMessage.Equals(message) == false)
{
throw new Exception();
}
using (server.ImpersonateClient())
{
}
cipherText = client.MakeSignature(plainText);
bool goodSig = server.VerifySignature(cipherText, out roundTripPlaintext);
if (goodSig == false ||
roundTripPlaintext.Length != plainText.Length)
{
throw new Exception();
}
for (int i = 0; i < plainText.Length; i++)
{
if (plainText[i] != roundTripPlaintext[i])
{
throw new Exception();
}
}
Console.Out.Flush();
}
finally
{
if (server != null)
{
server.Dispose();
}
if (client != null)
{
client.Dispose();
}
if (clientCred != null)
{
clientCred.Dispose();
}
if (serverCred != null)
{
serverCred.Dispose();
}
}
}