diff --git a/NSspi/Credentials/ClientCredential.cs b/NSspi/Credentials/ClientCredential.cs
index 7bdb855..0320477 100644
--- a/NSspi/Credentials/ClientCredential.cs
+++ b/NSspi/Credentials/ClientCredential.cs
@@ -7,8 +7,15 @@ using System.Threading.Tasks;
namespace NSspi.Credentials
{
+ ///
+ /// Represents the credentials of the user running the current process, for use as an SSPI client.
+ ///
public class ClientCredential : CurrentCredential
{
+ ///
+ /// Initializes a new instance of the ClientCredential class.
+ ///
+ /// The security package to acquire the credential handle from.
public ClientCredential( string package )
: base( package, CredentialUse.Outbound )
{
diff --git a/NSspi/Credentials/Credential.cs b/NSspi/Credentials/Credential.cs
index 5067ab9..db349f7 100644
--- a/NSspi/Credentials/Credential.cs
+++ b/NSspi/Credentials/Credential.cs
@@ -12,16 +12,35 @@ using NSspi.Credentials.Credentials;
namespace NSspi.Credentials
{
+ ///
+ /// Provides access to the pre-existing credentials of a security principle.
+ ///
public class Credential : IDisposable
{
+ ///
+ /// Whether the Credential has been disposed.
+ ///
private bool disposed;
+ ///
+ /// The name of the security package that controls the credential.
+ ///
private string securityPackage;
+ ///
+ /// A safe handle to the credential's handle.
+ ///
private SafeCredentialHandle safeCredHandle;
+ ///
+ /// The UTC time the credentials expire.
+ ///
private DateTime expiry;
+ ///
+ /// Initializes a new instance of the Credential class.
+ ///
+ /// The security package to acquire the credential from.
public Credential( string package )
{
this.disposed = false;
@@ -31,9 +50,15 @@ namespace NSspi.Credentials
this.PackageInfo = PackageSupport.GetPackageCapabilities( this.SecurityPackage );
}
-
+
+ ///
+ /// Gets metadata for the security package associated with the credential.
+ ///
public SecPkgInfo PackageInfo { get; private set; }
+ ///
+ /// Gets the name of the security package that owns the credential.
+ ///
public string SecurityPackage
{
get
@@ -44,6 +69,9 @@ namespace NSspi.Credentials
}
}
+ ///
+ /// Returns the name of the principle of the credential.
+ ///
public string Name
{
get
@@ -107,6 +135,9 @@ namespace NSspi.Credentials
}
}
+ ///
+ /// Gets the UTC time the credentials expire.
+ ///
public DateTime Expiry
{
get
@@ -124,6 +155,9 @@ namespace NSspi.Credentials
}
}
+ ///
+ /// Gets a handle to the credential.
+ ///
public SafeCredentialHandle Handle
{
get
@@ -141,6 +175,9 @@ namespace NSspi.Credentials
}
}
+ ///
+ /// Releases all resources associated with the credential.
+ ///
public void Dispose()
{
Dispose( true );
diff --git a/NSspi/Credentials/CredentialNativeMethods.cs b/NSspi/Credentials/CredentialNativeMethods.cs
index 36ad8d2..5976a3e 100644
--- a/NSspi/Credentials/CredentialNativeMethods.cs
+++ b/NSspi/Credentials/CredentialNativeMethods.cs
@@ -12,30 +12,6 @@ namespace NSspi.Credentials
{
internal static class CredentialNativeMethods
{
- /*
- SECURITY_STATUS SEC_Entry AcquireCredentialsHandle(
- _In_ SEC_CHAR *pszPrincipal, // [in] name of principal. NULL = principal of current security context
- _In_ SEC_CHAR *pszPackage, // [in] name of security package - "Kerberos", "Negotiate", "NTLM", etc
- _In_ ULONG fCredentialUse, // [in] flags indicating use.
- _In_ PLUID pvLogonID, // [in] pointer to logon identifier. NULL = we're not specifying the id of another logon session
- _In_ PVOID pAuthData, // [in] package-specific data. NULL = default credentials for security package
- _In_ SEC_GET_KEY_FN pGetKeyFn, // [in] pointer to GetKey function. NULL = we're not using a callback to retrieve the credentials
- _In_ PVOID pvGetKeyArgument, // [in] value to pass to GetKey
- _Out_ PCredHandle phCredential, // [out] credential handle (this must be already allocated)
- _Out_ PTimeStamp ptsExpiry // [out] lifetime of the returned credentials
- );
-
- SECURITY_STATUS SEC_Entry FreeCredentialsHandle(
- _In_ PCredHandle phCredential
- );
-
- SECURITY_STATUS SEC_Entry QueryCredentialsAttributes(
- _In_ PCredHandle phCredential,
- _In_ ULONG ulAttribute,
- _Out_ PVOID pBuffer
- );
- */
-
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.MayFail)]
[DllImport( "Secur32.dll", EntryPoint = "AcquireCredentialsHandle", CharSet = CharSet.Unicode )]
internal static extern SecurityStatus AcquireCredentialsHandle(
diff --git a/NSspi/Credentials/CredentialQueryAttrib.cs b/NSspi/Credentials/CredentialQueryAttrib.cs
index 54e9da3..d5a6e34 100644
--- a/NSspi/Credentials/CredentialQueryAttrib.cs
+++ b/NSspi/Credentials/CredentialQueryAttrib.cs
@@ -6,18 +6,14 @@ using System.Threading.Tasks;
namespace NSspi.Credentials
{
- /*
- #define SECPKG_CRED_ATTR_NAMES 1
- #define SECPKG_CRED_ATTR_SSI_PROVIDER 2
- #define SECPKG_CRED_ATTR_KDC_PROXY_SETTINGS 3
- #define SECPKG_CRED_ATTR_CERT 4
- */
-
+ ///
+ /// Identifies credential query types.
+ ///
public enum CredentialQueryAttrib : uint
{
+ ///
+ /// Queries the credential's principle name.
+ ///
Names = 1,
- SsiProvider = 2,
- KdcProxySettings = 3,
- Cert = 4
}
}
diff --git a/NSspi/Credentials/CredentialUse.cs b/NSspi/Credentials/CredentialUse.cs
index aae9b27..03015e1 100644
--- a/NSspi/Credentials/CredentialUse.cs
+++ b/NSspi/Credentials/CredentialUse.cs
@@ -6,10 +6,27 @@ using System.Threading.Tasks;
namespace NSspi.Credentials
{
+ ///
+ /// Indicates the manner in which a credential will be used for SSPI authentication.
+ ///
public enum CredentialUse : uint
{
+ ///
+ /// The credentials will be used for establishing a security context with an inbound request, eg,
+ /// the credentials will be used by a server building a security context with a client.
+ ///
Inbound = 1,
+
+ ///
+ /// The credentials will be used for establishing a security context as an outbound request,
+ /// eg, the credentials will be used by a client to build a security context with a server.
+ ///
Outbound = 2,
+
+ ///
+ /// The credentials may be used to to either build a client's security context or a server's
+ /// security context.
+ ///
Both = 3,
}
}
diff --git a/NSspi/Credentials/CurrentCredential.cs b/NSspi/Credentials/CurrentCredential.cs
index e951039..218b8c8 100644
--- a/NSspi/Credentials/CurrentCredential.cs
+++ b/NSspi/Credentials/CurrentCredential.cs
@@ -7,8 +7,18 @@ using System.Threading.Tasks;
namespace NSspi.Credentials
{
+ ///
+ /// Acquires a handle to the credentials of the user associated with the current process.
+ ///
public class CurrentCredential : Credential
{
+ ///
+ /// Initializes a new instance of the CurrentCredential class.
+ ///
+ /// The security package to acquire the credential handle
+ /// from.
+ /// The manner in which the credentials will be used - Inbound typically
+ /// represents servers, outbound typically represent clients.
public CurrentCredential( string securityPackage, CredentialUse use ) :
base( securityPackage )
{
diff --git a/NSspi/Credentials/QueryNameSupport.cs b/NSspi/Credentials/QueryNameSupport.cs
index e762cc4..606d313 100644
--- a/NSspi/Credentials/QueryNameSupport.cs
+++ b/NSspi/Credentials/QueryNameSupport.cs
@@ -7,9 +7,16 @@ using System.Threading.Tasks;
namespace NSspi.Credentials.Credentials
{
+ ///
+ /// Stores the result from a query of a credential's principle name.
+ ///
[StructLayout( LayoutKind.Sequential )]
- public struct QueryNameAttribCarrier
+ internal struct QueryNameAttribCarrier
{
+ ///
+ /// A pointer to a null-terminated ascii c-string containing the principle name
+ /// associated with a credential
+ ///
public IntPtr Name;
}
}
diff --git a/NSspi/Credentials/SafeCredentialHandle.cs b/NSspi/Credentials/SafeCredentialHandle.cs
index 2f6eaff..1647080 100644
--- a/NSspi/Credentials/SafeCredentialHandle.cs
+++ b/NSspi/Credentials/SafeCredentialHandle.cs
@@ -7,7 +7,9 @@ using System.Threading.Tasks;
namespace NSspi.Credentials
{
-
+ ///
+ /// Provides a managed handle to an SSPI credential.
+ ///
public class SafeCredentialHandle : SafeSspiHandle
{
public SafeCredentialHandle()
diff --git a/NSspi/Credentials/ServerCredential.cs b/NSspi/Credentials/ServerCredential.cs
index 7721ca6..eada90a 100644
--- a/NSspi/Credentials/ServerCredential.cs
+++ b/NSspi/Credentials/ServerCredential.cs
@@ -7,6 +7,9 @@ using System.Threading.Tasks;
namespace NSspi.Credentials
{
+ ///
+ /// Represents the credentials of the user running the current process, for use as an SSPI server.
+ ///
public class ServerCredential : CurrentCredential
{
public ServerCredential( string package )