public async Task NegotiateStream_StreamToStream_Authentication_EmptyCredentials_Fails() { string targetName = "testTargetName"; // Ensure there is no confusion between DefaultCredentials / DefaultNetworkCredentials and a // NetworkCredential object with empty user, password and domain. NetworkCredential emptyNetworkCredential = new NetworkCredential("", "", ""); Assert.NotEqual(emptyNetworkCredential, CredentialCache.DefaultCredentials); Assert.NotEqual(emptyNetworkCredential, CredentialCache.DefaultNetworkCredentials); VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated); Assert.False(server.IsAuthenticated); Task[] auth = new Task[2]; auth[0] = AuthenticateAsClientAsync(client, emptyNetworkCredential, targetName); auth[1] = AuthenticateAsServerAsync(server); await TestConfiguration.WhenAllOrAnyFailedWithTimeout(auth); // Expected Client property values: Assert.True(client.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.Equal(IsEncryptedAndSigned, client.IsEncrypted); Assert.False(client.IsMutuallyAuthenticated); Assert.False(client.IsServer); Assert.Equal(IsEncryptedAndSigned, client.IsSigned); Assert.False(client.LeaveInnerStreamOpen); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("NTLM", serverIdentity.AuthenticationType); Assert.True(serverIdentity.IsAuthenticated); Assert.Equal(targetName, serverIdentity.Name); // Expected Server property values: Assert.True(server.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, server.ImpersonationLevel); Assert.Equal(IsEncryptedAndSigned, server.IsEncrypted); Assert.False(server.IsMutuallyAuthenticated); Assert.True(server.IsServer); Assert.Equal(IsEncryptedAndSigned, server.IsSigned); Assert.False(server.LeaveInnerStreamOpen); IIdentity clientIdentity = server.RemoteIdentity; Assert.Equal("NTLM", clientIdentity.AuthenticationType); Assert.False(clientIdentity.IsAuthenticated); // On .NET Desktop: Assert.True(clientIdentity.IsAuthenticated); IdentityValidator.AssertHasName(clientIdentity, new SecurityIdentifier(WellKnownSidType.AnonymousSid, null).Translate(typeof(NTAccount)).Value); } }
public void NegotiateStream_StreamToStream_Authentication_Success() { VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated); Assert.False(server.IsAuthenticated); Task[] auth = new Task[2]; auth[0] = AuthenticateAsClientAsync(client, CredentialCache.DefaultNetworkCredentials, string.Empty); auth[1] = AuthenticateAsServerAsync(server); bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds); Assert.True(finished, "Handshake completed in the allotted time"); // Expected Client property values: Assert.True(client.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.Equal(true, client.IsEncrypted); Assert.Equal(false, client.IsMutuallyAuthenticated); Assert.Equal(false, client.IsServer); Assert.Equal(true, client.IsSigned); Assert.Equal(false, client.LeaveInnerStreamOpen); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("NTLM", serverIdentity.AuthenticationType); Assert.Equal(false, serverIdentity.IsAuthenticated); Assert.Equal("", serverIdentity.Name); // Expected Server property values: Assert.True(server.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, server.ImpersonationLevel); Assert.Equal(true, server.IsEncrypted); Assert.Equal(false, server.IsMutuallyAuthenticated); Assert.Equal(true, server.IsServer); Assert.Equal(true, server.IsSigned); Assert.Equal(false, server.LeaveInnerStreamOpen); IIdentity clientIdentity = server.RemoteIdentity; Assert.Equal("NTLM", clientIdentity.AuthenticationType); if (PlatformDetection.IsUap) { // TODO #21282: UWP AppContainer issue - clientIdentity.IsAuthenticated == false. Assert.Equal(false, clientIdentity.IsAuthenticated); } else { Assert.Equal(true, clientIdentity.IsAuthenticated); } IdentityValidator.AssertIsCurrentIdentity(clientIdentity); } }
public async Task NegotiateStream_StreamToStream_Authentication_TargetName_Success() { string targetName = "testTargetName"; VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated); Assert.False(server.IsAuthenticated); Assert.False(client.IsMutuallyAuthenticated); Assert.False(server.IsMutuallyAuthenticated); Task[] auth = new Task[2]; auth[0] = AuthenticateAsClientAsync(client, CredentialCache.DefaultNetworkCredentials, targetName); auth[1] = AuthenticateAsServerAsync(server); await TestConfiguration.WhenAllOrAnyFailedWithTimeout(auth); // Expected Client property values: Assert.True(client.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.Equal(true, client.IsEncrypted); Assert.Equal(false, client.IsMutuallyAuthenticated); Assert.Equal(false, client.IsServer); Assert.Equal(true, client.IsSigned); Assert.Equal(false, client.LeaveInnerStreamOpen); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("NTLM", serverIdentity.AuthenticationType); Assert.Equal(true, serverIdentity.IsAuthenticated); Assert.Equal(targetName, serverIdentity.Name); // Expected Server property values: Assert.True(server.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, server.ImpersonationLevel); Assert.Equal(true, server.IsEncrypted); Assert.Equal(false, server.IsMutuallyAuthenticated); Assert.Equal(true, server.IsServer); Assert.Equal(true, server.IsSigned); Assert.Equal(false, server.LeaveInnerStreamOpen); IIdentity clientIdentity = server.RemoteIdentity; Assert.Equal("NTLM", clientIdentity.AuthenticationType); Assert.Equal(true, clientIdentity.IsAuthenticated); IdentityValidator.AssertIsCurrentIdentity(clientIdentity); } }
public void NegotiateStream_StreamToStream_Authentication_TargetName_Success() { string targetName = "testTargetName"; MockNetwork network = new MockNetwork(); using (var clientStream = new FakeNetworkStream(false, network)) using (var serverStream = new FakeNetworkStream(true, network)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated); Assert.False(server.IsAuthenticated); Task[] auth = new Task[2]; auth[0] = client.AuthenticateAsClientAsync(CredentialCache.DefaultNetworkCredentials, targetName); auth[1] = server.AuthenticateAsServerAsync(); bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds); Assert.True(finished, "Handshake completed in the allotted time"); // Expected Client property values: Assert.True(client.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.Equal(true, client.IsEncrypted); Assert.Equal(false, client.IsMutuallyAuthenticated); Assert.Equal(false, client.IsServer); Assert.Equal(true, client.IsSigned); Assert.Equal(false, client.LeaveInnerStreamOpen); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("NTLM", serverIdentity.AuthenticationType); Assert.Equal(true, serverIdentity.IsAuthenticated); Assert.Equal(targetName, serverIdentity.Name); // Expected Server property values: Assert.True(server.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, server.ImpersonationLevel); Assert.Equal(true, server.IsEncrypted); Assert.Equal(false, server.IsMutuallyAuthenticated); Assert.Equal(true, server.IsServer); Assert.Equal(true, server.IsSigned); Assert.Equal(false, server.LeaveInnerStreamOpen); IIdentity clientIdentity = server.RemoteIdentity; Assert.Equal("NTLM", clientIdentity.AuthenticationType); Assert.Equal(true, clientIdentity.IsAuthenticated); IdentityValidator.AssertIsCurrentIdentity(clientIdentity); } }
public async Task NegotiateStream_StreamToStream_Authentication_Success(int delay) { (Stream stream1, Stream stream2) = TestHelper.GetConnectedStreams(); using (var clientStream = new DelayStream(stream1, delay)) using (var serverStream = new DelayStream(stream2, delay)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated); Assert.False(server.IsAuthenticated); Task[] auth = new Task[2]; auth[0] = AuthenticateAsClientAsync(client, CredentialCache.DefaultNetworkCredentials, string.Empty); auth[1] = AuthenticateAsServerAsync(server); await TestConfiguration.WhenAllOrAnyFailedWithTimeout(auth); // Expected Client property values: Assert.True(client.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.Equal(IsEncryptedAndSigned, client.IsEncrypted); Assert.False(client.IsMutuallyAuthenticated); Assert.False(client.IsServer); Assert.Equal(IsEncryptedAndSigned, client.IsSigned); Assert.False(client.LeaveInnerStreamOpen); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("NTLM", serverIdentity.AuthenticationType); Assert.False(serverIdentity.IsAuthenticated); Assert.Equal("", serverIdentity.Name); // Expected Server property values: Assert.True(server.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, server.ImpersonationLevel); Assert.Equal(IsEncryptedAndSigned, server.IsEncrypted); Assert.False(server.IsMutuallyAuthenticated); Assert.True(server.IsServer); Assert.Equal(IsEncryptedAndSigned, server.IsSigned); Assert.False(server.LeaveInnerStreamOpen); IIdentity clientIdentity = server.RemoteIdentity; Assert.Equal("NTLM", clientIdentity.AuthenticationType); Assert.True(clientIdentity.IsAuthenticated); IdentityValidator.AssertIsCurrentIdentity(clientIdentity); } }
private void AssertClientPropertiesForTarget(NegotiateStream client, string target) { Assert.True(client.IsAuthenticated, "client.IsAuthenticated"); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.True(client.IsEncrypted, "client.IsEncrypted"); Assert.True(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated"); Assert.False(client.IsServer, "client.IsServer"); Assert.True(client.IsSigned, "client.IsSigned"); Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStreamOpen"); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("Kerberos", serverIdentity.AuthenticationType); Assert.True(serverIdentity.IsAuthenticated, "serverIdentity.IsAuthenticated"); IdentityValidator.AssertHasName(serverIdentity, target); }
public void NegotiateStream_StreamToStream_KerberosAuthDefaultCredentials_Success() { if (!_isKrbAvailable) { _output.WriteLine("skipping NegotiateStream_StreamToStream_KerberosAuthDefaultCredentials_Success"); return; } VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new UnixGssFakeNegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated, "client is not authenticated before AuthenticateAsClient call"); Task[] auth = new Task[2]; string user = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm); string target = string.Format("{0}@{1}", TestConfiguration.HostTarget, TestConfiguration.Realm); // Seed the default Kerberos cache with the TGT UnixGssFakeNegotiateStream.GetDefaultKerberosCredentials(user, _fixture.password); auth[0] = client.AuthenticateAsClientAsync(CredentialCache.DefaultNetworkCredentials, target); auth[1] = server.AuthenticateAsServerAsync(); bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds); Assert.True(finished, "Handshake completed in the allotted time"); // Expected Client property values: Assert.True(client.IsAuthenticated, "client.IsAuthenticated"); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.True(client.IsEncrypted, "client.IsEncrypted"); Assert.True(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated"); Assert.False(client.IsServer, "client.IsServer"); Assert.True(client.IsSigned, "client.IsSigned"); Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStreamOpen"); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("Kerberos", serverIdentity.AuthenticationType); Assert.True(serverIdentity.IsAuthenticated, "serverIdentity.IsAuthenticated"); IdentityValidator.AssertHasName(serverIdentity, target); } }
public void NegotiateStream_StreamToStream_NtlmAuthentication_KerberosCreds_Success() { if (!_isNtlmAvailable) { _output.WriteLine("skipping NegotiateStream_StreamToStream_NtlmAuthentication_KerberosCreds_Success"); return; } VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new UnixGssFakeNegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated, "client.IsAuthenticated"); Assert.False(server.IsAuthenticated, "server.IsAuthenticated"); string user = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm); NetworkCredential credential = new NetworkCredential(user, _fixture.password); Task[] auth = new Task[] { client.AuthenticateAsClientAsync(credential, TestConfiguration.HttpTarget, ProtectionLevel.None, TokenImpersonationLevel.Identification), server.AuthenticateAsServerAsync() }; bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds); Assert.True(finished, "Handshake completed in the allotted time"); // Expected Client property values: Assert.True(client.IsAuthenticated, "client.IsAuthenticated"); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.False(client.IsEncrypted, "client.IsEncrypted"); Assert.False(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated"); Assert.False(client.IsServer, "client.IsServer"); Assert.False(client.IsSigned, "client.IsSigned"); Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStreamOpen"); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("NTLM", serverIdentity.AuthenticationType); Assert.True(serverIdentity.IsAuthenticated, "server identity is authenticated"); IdentityValidator.AssertHasName(serverIdentity, TestConfiguration.HttpTarget); } }
public async Task NegotiateStream_StreamToStream_NtlmAuthentication_ValidCredentials_Success(NetworkCredential credential) { if (!_isNtlmAvailable) { _output.WriteLine("skipping NegotiateStream_StreamToStream_NtlmAuthentication_ValidCredentials_Success"); return; } VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new UnixGssFakeNegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated, "client.IsAuthenticated"); Assert.False(server.IsAuthenticated, "server.IsAuthenticated"); Task[] auth = new Task[] { client.AuthenticateAsClientAsync(credential, _testTarget, ProtectionLevel.None, TokenImpersonationLevel.Identification), server.AuthenticateAsServerAsync() }; await TestConfiguration.WhenAllOrAnyFailedWithTimeout(auth); // Expected Client property values: Assert.True(client.IsAuthenticated, "client.IsAuthenticated"); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.False(client.IsEncrypted, "client.IsEncrypted"); Assert.False(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated"); Assert.False(client.IsServer, "client.IsServer"); Assert.False(client.IsSigned, "client.IsSigned"); Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStreamOpen"); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("NTLM", serverIdentity.AuthenticationType); Assert.True(serverIdentity.IsAuthenticated, "serverIdentity.IsAuthenticated"); IdentityValidator.AssertHasName(serverIdentity, _testTarget); } }
public void NegotiateStream_StreamToStream_Authentication_EmptyCredentials_Fails() { string targetName = "testTargetName"; // Ensure there is no confusion between DefaultCredentials / DefaultNetworkCredentials and a // NetworkCredential object with empty user, password and domain. NetworkCredential emptyNetworkCredential = new NetworkCredential("", "", ""); Assert.NotEqual(emptyNetworkCredential, CredentialCache.DefaultCredentials); Assert.NotEqual(emptyNetworkCredential, CredentialCache.DefaultNetworkCredentials); VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated); Assert.False(server.IsAuthenticated); Task[] auth = new Task[2]; auth[0] = client.AuthenticateAsClientAsync(emptyNetworkCredential, targetName); auth[1] = server.AuthenticateAsServerAsync(); bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds); Assert.True(finished, "Handshake completed in the allotted time"); // Expected Client property values: Assert.True(client.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.Equal(true, client.IsEncrypted); Assert.Equal(false, client.IsMutuallyAuthenticated); Assert.Equal(false, client.IsServer); Assert.Equal(true, client.IsSigned); Assert.Equal(false, client.LeaveInnerStreamOpen); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("NTLM", serverIdentity.AuthenticationType); Assert.Equal(true, serverIdentity.IsAuthenticated); Assert.Equal(targetName, serverIdentity.Name); // Expected Server property values: Assert.True(server.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, server.ImpersonationLevel); Assert.Equal(true, server.IsEncrypted); Assert.Equal(false, server.IsMutuallyAuthenticated); Assert.Equal(true, server.IsServer); Assert.Equal(true, server.IsSigned); Assert.Equal(false, server.LeaveInnerStreamOpen); IIdentity clientIdentity = server.RemoteIdentity; Assert.Equal("NTLM", clientIdentity.AuthenticationType); // TODO #5241: Behavior difference: Assert.Equal(false, clientIdentity.IsAuthenticated); // On .Net Desktop: Assert.Equal(true, clientIdentity.IsAuthenticated); IdentityValidator.AssertHasName(clientIdentity, @"NT AUTHORITY\ANONYMOUS LOGON"); } }