c# sspi authentication
来源:互联网 发布:淘宝钻展怎么弄啊 编辑:程序博客网 时间:2024/06/13 07:23
SSPI is the right approach for this. The API isn't too hard to use, but does require a decent-sized project to wrap into C#.
In the process of researching the necessary bits to solve this question, I wrote a project to provide SSPI in .Net. Below I describe the basics of interfacing with the Windows SSPI API so that anybody may replicate my results. If you find yourself wanting to use SSPI in .Net, I may suggest you use the project I created to solve this:
NSspi - A .Net interface to the SSPI API
SSPI provides you raw byte arrays containing authentication tokens that you then decide how to transmit - be it over a socket with binary-formatted messages, a custom XML channel, .Net Remoting, some form of WCF, heck, even a serial port. You get to decide how to deal with them. With SSPI a server can authenticate clients, securely identify the client, and even perform basic message handling procedures like encryption/signing using the security context established with the client.
The SSPI API is documented here: SSPI API overview
Specifically take a look at the following functions:
- AcquireCredentialsHandle
- Acquires a handle to some form of credentials (eg, the current user's logon). Used by servers and clients.
- InitializeSecurityContext
- Used by clients to establish a security context with a server.
- AcceptSecurityContext
- Used by servers to establish a security context with a client.
The typical workflow is that each side will initialize their credentials using AcquireCredentialsHandle. The authentication cycle then starts and progresses as follows:
- The client invokes InitializeSecurityContext, providing no input tokens, which returns output tokens in the form of a byte array. ISC returns 'ContinueNeeded' to indicate that the authentication cycle is not complete.
- The client sends the tokens to the server by whichever means it desires.
- The server feeds the received tokens as input to AcceptSecurityContext and produces its own output tokens. ASC also returns 'ContinueNeeded' to indicate that the authentication cycle is not complete.
- The server then sends its output tokens to the client.
- The client provides the servers tokens as input to InitializeSecurityContext, which returns new output tokens.
- The client sends his new output tokens to the server.
- ...
This cycle continues until the client sees InitializeSecurityContext return 'OK' and the server sees AcceptSecurityContext return 'OK'. Each function may return 'OK' and still provide an output token (as indicated by a non-null return), to indicate that it still has to send data to the other side. This is how the client knows that its half is done but the server's is still incomplete; and vice versa if the server completes before the client. Which side completes first (returns 'OK') depends on the specific security package being used under the hood by SSPI, and any SSPI consumer should be aware of this.
The information above should be enough for anybody to being interfacing with the SSPI system in order to provide 'Windows Integrated Authentication' in their application and replicate my results.
Below is my earlier answer as I learned how to invoke the SSPI API.
- c# sspi authentication
- SSPI
- 什么是SSPI
- Authentication
- C# 实现rtsp Digest Authentication Response
- cannot generate SSPI context
- Cannot generate SSPI context
- Cannot generate SSPI context.
- 无法生成SSPI上下文
- Sample forms authentication test in C# (纯c# 代码 forms authentication)
- C++ SSPI Schannel TLS example
- HTTP Basic Authentication认证的资源的C#实现
- SSPI方式配置Lattice ECP3系列FPGA
- 破解SQL Server连接错误-“Cannot generate SSPI context”(无法生成 SSPI 上下文)”
- C# POST访问需要HTTP Digest Authentication认证资源的实现
- ASP.NET&C#学习笔录4(<authentication mode="Windows|Forms|Passport|None"> )
- C# POST访问需要HTTP Digest Authentication认证资源的实现
- 访问需要HTTP Basic Authentication认证的资源的C#实现
- 函数的默认参数
- 动归----相似基因
- Android item长按删除
- Python工具类
- C语言-将1到9这九个数字分成三个3位数,要求第一个3位数,正好是第二个3位数的1/2,是第三个3位数的1/3。问应当怎样分,编写程序实现。
- c# sspi authentication
- 基于Lua的游戏服务端框架简介
- 02 JS-DOM之--js的加载和window onload
- angular2 form
- 自定义c++线程池
- /Proc/详解
- Quartus II的使用方法:以暑期硬件作业为例
- 进度条(shell)
- Calendar日历类和GregorianCalendar公历类的使用