internal NTAuthentication(ConnectionInfo connectionInfo, SecurityContextMode securityContextMode) { this.m_isSchannel = connectionInfo.IsSchannelSspi(); this.InitializeSPN(connectionInfo); this.InitializePackageSpecificMembers(connectionInfo.Sspi); this.InitializeFlags(connectionInfo, securityContextMode); this.InitializeCredentialsHandle(connectionInfo); this.m_Endianness = Endianness.Network; this.m_SecurityContext = new SecurityContext(securityContextMode); }
public SecurityContext(SecurityContextMode securityContextMode) { this.Handle.Reset(); this.SecurityContextMode = securityContextMode; }
private void InitializeFlags(ConnectionInfo connectionInfo, SecurityContextMode securityContextMode) { string sspi = connectionInfo.Sspi; ImpersonationLevel impersonationLevel = connectionInfo.ImpersonationLevel; if (this.m_isSchannel) { switch (securityContextMode) { case SecurityContextMode.block: this.CheckIfCapabilityIsSupported(sspi, PackageCapabilities.Connection); this.m_RequestedFlags = ContextFlags.Connection; break; case SecurityContextMode.stream: this.CheckIfCapabilityIsSupported(sspi, PackageCapabilities.Stream); this.m_RequestedFlags = ContextFlags.Stream; break; default: throw new AdomdConnectionException("Unsupported TLS mode " + securityContextMode.ToString(), null, ConnectionExceptionCause.AuthenticationFailed); } switch (impersonationLevel) { case ImpersonationLevel.Anonymous: case ImpersonationLevel.Identify: case ImpersonationLevel.Impersonate: switch (connectionInfo.ProtectionLevel) { case ProtectionLevel.None: case ProtectionLevel.Connection: case ProtectionLevel.Integrity: throw new AdomdConnectionException(XmlaSR.Authentication_Sspi_SchannelSupportsOnlyPrivacyLevel, null, ConnectionExceptionCause.AuthenticationFailed); case ProtectionLevel.Privacy: this.m_RequestedFlags |= (ContextFlags.ReplayDetect | ContextFlags.SequenceDetect | ContextFlags.Confidentiality | ContextFlags.UseSuppliedCreds | ContextFlags.Integrity); return; default: throw new AdomdConnectionException(XmlaSR.Authentication_Sspi_SchannelUnsupportedProtectionLevel, null, ConnectionExceptionCause.AuthenticationFailed); } case ImpersonationLevel.Delegate: throw new AdomdConnectionException(XmlaSR.Authentication_Sspi_SchannelCantDelegate, null, ConnectionExceptionCause.AuthenticationFailed); default: throw new AdomdConnectionException(XmlaSR.Authentication_Sspi_SchannelUnsupportedImpersonationLevel, null, ConnectionExceptionCause.AuthenticationFailed); } } else { this.m_RequestedFlags = (ContextFlags.MutualAuth | ContextFlags.Connection); switch (impersonationLevel) { case ImpersonationLevel.Identify: this.m_RequestedFlags |= ContextFlags.Identify; break; case ImpersonationLevel.Impersonate: this.CheckIfCapabilityIsSupported(sspi, PackageCapabilities.Impersonation); break; case ImpersonationLevel.Delegate: this.m_RequestedFlags |= ContextFlags.Delegate; break; } switch (connectionInfo.ProtectionLevel) { case ProtectionLevel.Connection: this.m_RequestedFlags |= ContextFlags.NoIntegrity; return; case ProtectionLevel.Integrity: this.CheckIfCapabilityIsSupported(sspi, PackageCapabilities.Integrity); this.m_RequestedFlags |= (ContextFlags.ReplayDetect | ContextFlags.SequenceDetect | ContextFlags.Integrity); return; case ProtectionLevel.Privacy: this.CheckIfCapabilityIsSupported(sspi, PackageCapabilities.Privacy); this.m_RequestedFlags |= (ContextFlags.ReplayDetect | ContextFlags.SequenceDetect | ContextFlags.Confidentiality | ContextFlags.Integrity); return; default: return; } } }