-
Notifications
You must be signed in to change notification settings - Fork 5
/
Program.cs
130 lines (115 loc) · 4.5 KB
/
Program.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
using System;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Net;
using System.Threading;
using System.Threading.Tasks;
namespace NtlmTest
{
class Program
{
private static NetworkCredential nc;
static async Task Authenticate(String uri, bool useNtlm = true)
{
var handler = new SocketsHttpHandler();
var client = new HttpClient(handler);
client.DefaultRequestHeaders.Add( "Accept", "*/*");
var ntlm = new Ntlm(nc);
string msg = ntlm.CreateNegotiateMessage(spnego: !useNtlm);
var message = new HttpRequestMessage(HttpMethod.Get, uri);
message.Headers.Add("Authorization", ntlm.CreateNegotiateMessage(spnego: !useNtlm));
HttpResponseMessage response = await client.SendAsync(message, default);
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
foreach (AuthenticationHeaderValue header in response.Headers.WwwAuthenticate)
{
string blob = ntlm.ProcessChallenge(header);
if (!string.IsNullOrEmpty(blob))
{
message = new HttpRequestMessage(HttpMethod.Get, uri);
message.Headers.Add("Authorization", blob);
response = await client.SendAsync(message, default);
}
}
}
Console.WriteLine(response);
}
static async Task Main(string[] args)
{
string uri = args.Length > 0 ? args[0] : "http://github.com/";
string env = Environment.GetEnvironmentVariable("CREDENTIALS");
if (String.IsNullOrEmpty(env))
{
// lame credentials. cab be updated for testing.
nc = new NetworkCredential("test", "????", "");
}
else
{
// assume domain\user:password
string[] part1 = env.Split(new char[] { ':' } , 2);
string[] part2 = part1[0].Split(new char[] { '\\' }, 2);
if (part2.Length == 1)
{
nc = new NetworkCredential(part1[0], part1[1]);
}
else
{
nc = new NetworkCredential(part2[1], part1[1], part2[0]);
}
}
var client = new HttpClient();
HttpResponseMessage probe = await client.GetAsync(uri, CancellationToken.None);
if (probe.StatusCode == HttpStatusCode.Unauthorized)
{
bool canDoNtlm = false;
bool canDoNegotiate = false;
foreach (AuthenticationHeaderValue header in probe.Headers.WwwAuthenticate)
{
if (StringComparer.OrdinalIgnoreCase.Equals(header.Scheme, "NTLM"))
{
canDoNtlm = true;
}
else if (StringComparer.OrdinalIgnoreCase.Equals(header.Scheme, "Negotiate"))
{
canDoNegotiate = true;
}
else
{
Console.WriteLine($"{uri} offers {header.Scheme} authentication");
}
}
Console.WriteLine("{0} {1} do NTLM authentication", uri, canDoNtlm ? "can" : "cannot");
Console.WriteLine("{0} {1} do Negotiate authentication", uri, canDoNegotiate? "can" : "cannot");
if (canDoNtlm)
{
try
{
await Authenticate(uri, true);
}
catch (Exception ex)
{
Console.WriteLine("NTLM Authentication failed");
Console.WriteLine(ex);
}
}
if (canDoNegotiate)
{
try
{
await Authenticate(uri, false);
}
catch (Exception ex)
{
Console.WriteLine("Negotiate Authentication failed");
Console.WriteLine(ex);
}
}
}
else
{
Console.WriteLine($"{uri} did not ask for authentication.");
Console.WriteLine(probe);
}
}
}
}