public override async Task PostValidate(IKerberosPrincipal principal, List <KrbPaData> preAuthRequirements) { if (preAuthRequirements.Count <= 0) { // we don't want to include this if nothing is required otherwise we could // trigger a pre-auth check later in the flow or by the client in response return; } var cred = await principal.RetrieveLongTermCredential(); var etypeInfo = new KrbETypeInfo2 { ETypeInfo = new[] { new KrbETypeInfo2Entry { EType = cred.EncryptionType, Salt = cred.Salt } } }; var infoPaData = new KrbPaData { Type = PaDataType.PA_ETYPE_INFO2, Value = etypeInfo.Encode().AsMemory() }; preAuthRequirements.Add(infoPaData); }
public override void PostValidate(IKerberosPrincipal principal, List <KrbPaData> preAuthRequirements) { if (principal == null) { throw new ArgumentNullException(nameof(principal)); } if (preAuthRequirements == null) { throw new ArgumentNullException(nameof(preAuthRequirements)); } if (preAuthRequirements.Count <= 0) { // we don't want to include this if nothing is required otherwise we could // trigger a pre-auth check later in the flow or by the client in response return; } var entries = new List <KrbETypeInfo2Entry>(); foreach (EncryptionType type in Enum.GetValues(typeof(EncryptionType))) { if (!CryptoService.SupportsEType(type, this.Service.Configuration.Defaults.AllowWeakCrypto)) { continue; } var cred = principal.RetrieveLongTermCredential(type); if (cred != null) { entries.Add(new KrbETypeInfo2Entry { EType = cred.EncryptionType, Salt = cred.Salt }); } } var etypeInfo = new KrbETypeInfo2 { ETypeInfo = entries.ToArray() }; var infoPaData = new KrbPaData { Type = PaDataType.PA_ETYPE_INFO2, Value = etypeInfo.Encode() }; preAuthRequirements.Add(infoPaData); }