public Authorization Authenticate(string challenge, NetworkCredential credential, object sessionCookie, string spn, ChannelBinding channelBindingToken)
{
if (NetEventSource.IsEnabled) NetEventSource.Enter(this, "Authenticate");
try
{
lock (_sessions)
{
NTAuthentication clientContext;
if (!_sessions.TryGetValue(sessionCookie, out clientContext))
{
if (credential == null)
{
return null;
}
_sessions[sessionCookie] =
clientContext =
new NTAuthentication(false, "Negotiate", credential, spn,
ContextFlagsPal.Connection | ContextFlagsPal.InitIntegrity, channelBindingToken);
}
byte[] byteResp;
string resp = null;
if (!clientContext.IsCompleted)
{
// If auth is not yet completed keep producing
// challenge responses with GetOutgoingBlob
byte[] decodedChallenge = null;
if (challenge != null)
{
decodedChallenge =
Convert.FromBase64String(challenge);
}
byteResp = clientContext.GetOutgoingBlob(decodedChallenge, false);
if (clientContext.IsCompleted && byteResp == null)
{
resp = "\r\n";
}
if (byteResp != null)
{
resp = Convert.ToBase64String(byteResp);
}
}
else
{
// If auth completed and still have a challenge then
// server may be doing "correct" form of GSSAPI SASL.
// Validate incoming and produce outgoing SASL security
// layer negotiate message.
resp = GetSecurityLayerOutgoingBlob(challenge, clientContext);
}
return new Authorization(resp, clientContext.IsCompleted);
}
}
// From reflected type NTAuthentication in System.Net.Security.
catch (NullReferenceException)
{
return null;
}
finally
{
if (NetEventSource.IsEnabled) NetEventSource.Exit(this, "Authenticate");
}
}
