-
-
Save gulbanana/70fe791735ee884169e2eee354a32ad2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public sealed class NTLMAuthentication : IAuthentication | |
{ | |
private const string REALM = "NTLM"; | |
public Identity GetCurrentIdentity(IEntityContext scopedContext) | |
{ | |
var ntlmIdentity = WindowsIdentity.GetCurrent(); | |
if (!ntlmIdentity.IsAuthenticated || ntlmIdentity.IsGuest || ntlmIdentity.IsSystem) | |
{ | |
throw new SecurityException(); | |
} | |
return new Identity(REALM, ntlmIdentity.Name); | |
} | |
// signs for the current thread - impersonate to sign for other identities? | |
public Ticket CreateSignature(IEntityContext scopedContext, Identity subject, byte[] operation) | |
{ | |
var threadIdentity = WindowsIdentity.GetCurrent(); | |
if (subject.Realm != REALM || subject.Name != threadIdentity.Name) | |
{ | |
throw new SecurityException(); | |
} | |
var threadSid = new byte[SecurityIdentifier.MaxBinaryLength]; | |
threadIdentity.User.GetBinaryForm(threadSid, 0); | |
return new Ticket(subject, threadSid); | |
} | |
// verify that the current thread has the same logon-named user from the same SID-described domain | |
public bool CheckSignature(IEntityContext scopedContext, Ticket ticket, byte[] operation) | |
{ | |
var threadIdentity = WindowsIdentity.GetCurrent(); | |
var ticketSid = new SecurityIdentifier(ticket.Token, 0); | |
return ticket.Subject.Realm == REALM && | |
ticket.Subject.Name == threadIdentity.Name && | |
ticketSid.Equals(threadIdentity.User); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment