search

MicrosoftDocs / feedback

📢 docs.microsoft.com site feedback
https://learn.microsoft.com
Creative Commons Attribution 4.0 International
239 stars 160 forks source link

Implementation Custom Negotiate AuthenticationManager #1383

Open wagiju opened 5 years ago

wagiju commented 5 years ago

I am trying implementing a simple application with full customized Negotiate(Or NTLM) based on C#, which will serve to me as a base for a more complex project like imckaet in python. At the moment, I need to write a custom Negotiate(Or NTLM) AuthenticationManager.

I implement the Authentication method like this:

public Authorization Authenticate(String challenge, WebRequest request, ICredentials credentials)
    {
        NetworkCredential MyCreds = credentials.GetCredential(request.RequestUri, "Ntlm");
        if (PreAuthenticate(request, credentials) == null)
            Console.WriteLine("\n Pre-authentication is not allowed.");
        else
            Console.WriteLine("\n Pre-authentication is allowed.");

        bool challengeOk = checkChallenge(challenge, MyCreds.Domain);

        if (!challengeOk)
            return null;

        // authorization.
        string neg = create_NTLM_NEGOTIATE_MESSAGE(MyCreds.UserName);
        HttpWebRequest req = (HttpWebRequest)WebRequest.Create(request.RequestUri);
        request.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;
        request.Method = "GET";
        request.Headers.Add("Authorization", "Negotiate " + neg);
        HttpWebResponse resp;
        byte[] server_challenge = new byte[8];
        try
        {
            resp = (HttpWebResponse)req.GetResponse();
            Console.WriteLine(resp.Headers.ToString());
        }
        catch (WebException ex)
        {
            resp = ex.Response as HttpWebResponse;
            string msg2 = resp.Headers["WWW-Authenticate"];
            string[] challeng_string = msg2.Split(' ');
            server_challenge = parse_NTLM_CHALLENGE_MESSAGE(challeng_string[1]);
        }
        string auth = create_NTLM_AUTHENTICATE_MESSAGE(server_challenge, MyCreds.UserName, MyCreds.Domain, MyCreds.Password);
        string NtlmToken = "Negotiate " + auth;//Convert.ToBase64String(ASCII.GetBytes(BasicEncrypt));

        Authorization resourceAuthorization = new Authorization(NtlmToken);
        return resourceAuthorization;
    }

In Microsoft Doc, I've learned that AuthenticationManager can do this and a simple CustomBasicAuthentication found there, but I want to implement my CustomNegotiate.

So my question is because Negotiate works as a challenge-response protocol and WebRequest request is so open and called from a HttpWebRequest, how can I implement challenge-response based protocol by AuthenticationManager and how to send Authorization and Authentication packets by this class? How get challenge bytes to generate Authentication byte by (domain\user, password) pair?

welcome[bot] commented 5 years ago

Thank you for creating the issue! One of our team members will get back to you shortly with additional information.

rootsmusic commented 3 years ago

@wagiju Where's the doc?