Updated version information to v0.2.1

Merge pull request #12 from antiduh/pr/11
Pr/11 Integrate @SteveSyfuhs Thread.CurrentPrinciple changes
2018-09-23 10:44:43 -04:00 · 2018-04-01 18:10:28 -04:00 · 2018-04-01 18:05:00 -04:00 · 2018-03-30 11:40:37 -07:00 · 2017-10-20 01:52:33 -04:00 · 2017-10-20 01:46:33 -04:00
65 changed files with 918 additions and 703 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
 .vs
--- a/NSspi.sln
+++ b/NSspi.sln
@@ -1,6 +1,8 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 2012
+# Visual Studio 14
 VisualStudioVersion = 14.0.25420.1
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "TestClient", "TestClient\TestClient.csproj", "{E93FBF1A-5198-44D6-BDF0-880D17F2B81A}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "TestProtocol", "TestProtocol\TestProtocol.csproj", "{9BFD94E1-D9FB-44D7-A6E7-8BAC2620E535}"
--- a/NSspi/.gitignore
+++ b/NSspi/.gitignore
@@ -0,0 +1,2 @@
 bin
 obj
--- a/NSspi/ByteWriter.cs
+++ b/NSspi/ByteWriter.cs
@@ -1,9 +1,4 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi
 {
@@ -37,8 +32,7 @@ namespace NSspi
            buffer[position + 0] = (byte)( value >> 24 );
            buffer[position + 1] = (byte)( value >> 16 );
            buffer[position + 2] = (byte)( value >> 8 );
-            buffer[position + 3] = (byte)( value);
+            buffer[position + 3] = (byte)( value );
        }
        /// <summary>
--- a/NSspi/Contexts/ClientContext.cs
+++ b/NSspi/Contexts/ClientContext.cs
@@ -1,9 +1,4 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading.Tasks;
 using NSspi.Buffers;
 using NSspi.Credentials;
@@ -33,7 +28,7 @@ namespace NSspi.Contexts
        /// <param name="requestedAttribs">Requested attributes that describe the desired properties of the
        /// context once it is established. If a context cannot be established that satisfies the indicated
        /// properties, the context initialization is aborted.</param>
-        public ClientContext( ClientCredential cred, string serverPrinc, ContextAttrib requestedAttribs )
+        public ClientContext( Credential cred, string serverPrinc, ContextAttrib requestedAttribs )
            : base( cred )
        {
            this.serverPrinc = serverPrinc;
@@ -90,12 +85,12 @@ namespace NSspi.Contexts
            // The security package tells us how big its biggest token will be. We'll allocate a buffer
            // that size, and it'll tell us how much it used.
            outTokenBuffer = new SecureBuffer(
-                new byte[ this.Credential.PackageInfo.MaxTokenLength ], 
+                new byte[this.Credential.PackageInfo.MaxTokenLength],
                BufferType.Token
            );
            serverBuffer = null;
-            if ( serverToken != null )
+            if( serverToken != null )
            {
                serverBuffer = new SecureBuffer( serverToken, BufferType.Token );
            }
@@ -115,9 +110,9 @@ namespace NSspi.Contexts
            //    Windows, 128 bits on 64-bit Windows.
            //  - So in the end, on a 64-bit machine, we're passing a 64-bit value (the pointer to the struct) that
            //    points to 128 bits of memory (the struct itself) for where to write the handle numbers.
-            using ( outAdapter = new SecureBufferAdapter( outTokenBuffer ) )
+            using( outAdapter = new SecureBufferAdapter( outTokenBuffer ) )
            {
-                if ( this.ContextHandle.IsInvalid )
+                if( this.ContextHandle.IsInvalid )
                {
                    status = ContextNativeMethods.InitializeSecurityContext_1(
                        ref this.Credential.Handle.rawHandle,
@@ -136,7 +131,7 @@ namespace NSspi.Contexts
                }
                else
                {
-                    using ( serverAdapter = new SecureBufferAdapter( serverBuffer ) )
+                    using( serverAdapter = new SecureBufferAdapter( serverBuffer ) )
                    {
                        status = ContextNativeMethods.InitializeSecurityContext_2(
                            ref this.Credential.Handle.rawHandle,
--- a/NSspi/Contexts/Context.cs
+++ b/NSspi/Contexts/Context.cs
@@ -1,12 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading.Tasks;
 using NSspi.Buffers;
 using NSspi.Contexts;
 using NSspi.Credentials;
 namespace NSspi.Contexts
@@ -257,7 +252,7 @@ namespace NSspi.Contexts
            paddingLength = ByteWriter.ReadInt16_BE( input, position );
            position += 2;
-            if ( trailerLength + dataLength + paddingLength + 2 + 4 + 2 > input.Length )
+            if( trailerLength + dataLength + paddingLength + 2 + 4 + 2 > input.Length )
            {
                throw new ArgumentException( "The buffer contains invalid data - the embedded length data does not add up." );
            }
@@ -296,8 +291,7 @@ namespace NSspi.Contexts
            }
            // else there was no padding.
-
+            using( adapter = new SecureBufferAdapter( new[] { trailerBuffer, dataBuffer, paddingBuffer } ) )
            using( adapter = new SecureBufferAdapter( new [] { trailerBuffer, dataBuffer, paddingBuffer } ) )
            {
                status = ContextNativeMethods.SafeDecryptMessage(
                    this.ContextHandle,
@@ -348,7 +342,7 @@ namespace NSspi.Contexts
            Array.Copy( message, dataBuffer.Buffer, message.Length );
-            using ( adapter = new SecureBufferAdapter( new[] { dataBuffer, signatureBuffer } ) )
+            using( adapter = new SecureBufferAdapter( new[] { dataBuffer, signatureBuffer } ) )
            {
                status = ContextNativeMethods.SafeMakeSignature(
                    this.ContextHandle,
@@ -358,7 +352,7 @@ namespace NSspi.Contexts
                );
            }
-            if ( status != SecurityStatus.OK )
+            if( status != SecurityStatus.OK )
            {
                throw new SSPIException( "Failed to create message signature.", status );
            }
@@ -389,6 +383,35 @@ namespace NSspi.Contexts
            return outMessage;
        }
        /// <summary>
        /// Returns the Session Key from a context or null on failure.
        /// </summary>
        /// <remarks>
        /// Session keys are sometimes needed for other purposes or HMAC functions. This function
        /// will run QueryAttribute to get the session key struct, and read and return the key from
        /// that struct.
        /// </remarks>
        /// <returns>byte[] with the session key data or null on failure</returns>
        public byte[] QuerySessionKey()
        {
            SecurityStatus status;
            byte[] SessionKey = null;
            status = ContextNativeMethods.SafeQueryContextAttribute(
                this.ContextHandle,
                ContextQueryAttrib.SessionKey,
                ref SessionKey
            );
            if( status != SecurityStatus.OK )
            {
                throw new SSPIException( "Failed to query session key.", status );
            }
            return SessionKey;
        }
        /// <summary>
        /// Verifies the signature of a signed message
        /// </summary>
@@ -415,7 +438,7 @@ namespace NSspi.Contexts
            sizes = QueryBufferSizes();
-            if ( signedMessage.Length < 2 + 4 + sizes.MaxSignature )
+            if( signedMessage.Length < 2 + 4 + sizes.MaxSignature )
            {
                throw new ArgumentException( "Input message is too small to possibly fit a valid message" );
            }
@@ -430,7 +453,7 @@ namespace NSspi.Contexts
            sigLen = ByteWriter.ReadInt16_BE( signedMessage, position );
            position += 2;
-            if ( messageLen + sigLen + 2 + 4 > signedMessage.Length )
+            if( messageLen + sigLen + 2 + 4 > signedMessage.Length )
            {
                throw new ArgumentException( "The buffer contains invalid data - the embedded length data does not add up." );
            }
@@ -443,7 +466,7 @@ namespace NSspi.Contexts
            Array.Copy( signedMessage, position, signatureBuffer.Buffer, 0, sigLen );
            position += sigLen;
-            using ( adapter = new SecureBufferAdapter( new[] { dataBuffer, signatureBuffer } ) )
+            using( adapter = new SecureBufferAdapter( new[] { dataBuffer, signatureBuffer } ) )
            {
                status = ContextNativeMethods.SafeVerifySignature(
                    this.ContextHandle,
@@ -453,12 +476,12 @@ namespace NSspi.Contexts
                );
            }
-            if ( status == SecurityStatus.OK )
+            if( status == SecurityStatus.OK )
            {
                origMessage = dataBuffer.Buffer;
                return true;
            }
-            else if ( status == SecurityStatus.MessageAltered ||
+            else if( status == SecurityStatus.MessageAltered ||
                      status == SecurityStatus.OutOfSequence )
            {
                origMessage = null;
@@ -485,9 +508,9 @@ namespace NSspi.Contexts
            {
                this.ContextHandle.DangerousAddRef( ref gotRef );
            }
-            catch ( Exception )
+            catch( Exception )
            {
-                if ( gotRef )
+                if( gotRef )
                {
                    this.ContextHandle.DangerousRelease();
                    gotRef = false;
@@ -497,7 +520,7 @@ namespace NSspi.Contexts
            }
            finally
            {
-                if ( gotRef )
+                if( gotRef )
                {
                    status = ContextNativeMethods.QueryContextAttributes_Sizes(
                        ref this.ContextHandle.rawHandle,
@@ -521,7 +544,7 @@ namespace NSspi.Contexts
        /// </summary>
        /// <param name="attrib">The string-valued attribute to query.</param>
        /// <returns></returns>
-        private string QueryContextString(ContextQueryAttrib attrib)
+        private string QueryContextString( ContextQueryAttrib attrib )
        {
            SecPkgContext_String stringAttrib;
            SecurityStatus status = SecurityStatus.InternalError;
@@ -540,9 +563,9 @@ namespace NSspi.Contexts
            {
                this.ContextHandle.DangerousAddRef( ref gotRef );
            }
-            catch ( Exception )
+            catch( Exception )
            {
-                if ( gotRef )
+                if( gotRef )
                {
                    this.ContextHandle.DangerousRelease();
                    gotRef = false;
@@ -551,7 +574,7 @@ namespace NSspi.Contexts
            }
            finally
            {
-                if ( gotRef )
+                if( gotRef )
                {
                    status = ContextNativeMethods.QueryContextAttributes_String(
                        ref this.ContextHandle.rawHandle,
@@ -561,7 +584,7 @@ namespace NSspi.Contexts
                    this.ContextHandle.DangerousRelease();
-                    if ( status == SecurityStatus.OK )
+                    if( status == SecurityStatus.OK )
                    {
                        result = Marshal.PtrToStringUni( stringAttrib.StringResult );
                        ContextNativeMethods.FreeContextBuffer( stringAttrib.StringResult );
--- a/NSspi/Contexts/ContextAttrib.cs
+++ b/NSspi/Contexts/ContextAttrib.cs
@@ -1,8 +1,4 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi.Contexts
 {
@@ -36,7 +32,6 @@ namespace NSspi.Contexts
        /// </summary>
        MutualAuth = 0x00000002,
        /// <summary>
        /// Detect replayed messages that have been encoded by using the EncryptMessage or MakeSignature
        /// message support functionality.
--- a/NSspi/Contexts/ContextNativeMethods.cs
+++ b/NSspi/Contexts/ContextNativeMethods.cs
@@ -1,13 +1,8 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.CompilerServices;
 using System.Runtime.ConstrainedExecution;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading.Tasks;
 using NSspi.Buffers;
 using NSspi.Contexts;
 namespace NSspi.Contexts
 {
@@ -45,7 +40,7 @@ namespace NSspi.Contexts
        );
        */
-        [DllImport( "Secur32.dll", EntryPoint = "AcceptSecurityContext",CharSet = CharSet.Unicode )]
+        [DllImport( "Secur32.dll", EntryPoint = "AcceptSecurityContext", CharSet = CharSet.Unicode )]
        internal static extern SecurityStatus AcceptSecurityContext_1(
            ref RawSspiHandle credHandle,
            IntPtr oldContextHandle,
@@ -58,7 +53,6 @@ namespace NSspi.Contexts
            ref TimeStamp expiry
        );
        [DllImport( "Secur32.dll", EntryPoint = "AcceptSecurityContext", CharSet = CharSet.Unicode )]
        internal static extern SecurityStatus AcceptSecurityContext_2(
            ref RawSspiHandle credHandle,
@@ -72,7 +66,6 @@ namespace NSspi.Contexts
            ref TimeStamp expiry
        );
        [DllImport( "Secur32.dll", EntryPoint = "InitializeSecurityContext", CharSet = CharSet.Unicode )]
        internal static extern SecurityStatus InitializeSecurityContext_1(
            ref RawSspiHandle credentialHandle,
@@ -89,7 +82,6 @@ namespace NSspi.Contexts
            ref TimeStamp expiry
        );
        [DllImport( "Secur32.dll", EntryPoint = "InitializeSecurityContext", CharSet = CharSet.Unicode )]
        internal static extern SecurityStatus InitializeSecurityContext_2(
            ref RawSspiHandle credentialHandle,
@@ -106,12 +98,11 @@ namespace NSspi.Contexts
            ref TimeStamp expiry
        );
-        [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success )]
+        [ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
        [DllImport( "Secur32.dll", EntryPoint = "DeleteSecurityContext", CharSet = CharSet.Unicode )]
        internal static extern SecurityStatus DeleteSecurityContext( ref RawSspiHandle contextHandle );
-
+        [ReliabilityContract( Consistency.WillNotCorruptState, Cer.MayFail )]
        [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail )]
        [DllImport( "Secur32.dll", EntryPoint = "EncryptMessage", CharSet = CharSet.Unicode )]
        internal static extern SecurityStatus EncryptMessage(
            ref RawSspiHandle contextHandle,
@@ -155,7 +146,7 @@ namespace NSspi.Contexts
            ref SecPkgContext_Sizes sizes
        );
-        [ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success)]
+        [ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
        [DllImport( "Secur32.dll", EntryPoint = "QueryContextAttributes", CharSet = CharSet.Unicode )]
        internal static extern SecurityStatus QueryContextAttributes_String(
            ref RawSspiHandle contextHandle,
@@ -163,11 +154,18 @@ namespace NSspi.Contexts
            ref SecPkgContext_String names
        );
        [ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
        [DllImport( "Secur32.dll", EntryPoint = "QueryContextAttributes", CharSet = CharSet.Unicode )]
        internal static extern SecurityStatus QueryContextAttributes(
           ref RawSspiHandle contextHandle,
           ContextQueryAttrib attrib,
           IntPtr attribute
       );
        [ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
        [DllImport( "Secur32.dll", EntryPoint = "FreeContextBuffer", CharSet = CharSet.Unicode )]
        internal static extern SecurityStatus FreeContextBuffer( IntPtr handle );
        [ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
        [DllImport( "Secur32.dll", EntryPoint = "ImpersonateSecurityContext", CharSet = CharSet.Unicode )]
        internal static extern SecurityStatus ImpersonateSecurityContext( ref RawSspiHandle contextHandle );
@@ -176,6 +174,72 @@ namespace NSspi.Contexts
        [DllImport( "Secur32.dll", EntryPoint = "RevertSecurityContext", CharSet = CharSet.Unicode )]
        internal static extern SecurityStatus RevertSecurityContext( ref RawSspiHandle contextHandle );
        [StructLayout( LayoutKind.Sequential )]
        private class KeyStruct
        {
            public int size;
            public IntPtr data;
        }
        internal static SecurityStatus SafeQueryContextAttribute(
            SafeContextHandle handle,
            ContextQueryAttrib attribute,
            ref byte[] buffer
            )
        {
            bool gotRef = false;
            SecurityStatus status = SecurityStatus.InternalError;
            RuntimeHelpers.PrepareConstrainedRegions();
            int pointerSize = System.Environment.Is64BitOperatingSystem ? 8 : 4; //NOTE: update this when 128 bit processors exist
            IntPtr alloc_buffer = Marshal.AllocHGlobal( sizeof( uint ) + pointerSize ); //NOTE: this is at most 4 + sizeof(void*) bytes
                                                                                        //see struct SecPkgContext_SessionKey
                                                                                        // https://msdn.microsoft.com/en-us/library/windows/desktop/aa380096(v=vs.85).aspx
            try
            {
                handle.DangerousAddRef( ref gotRef );
            }
            catch( Exception )
            {
                if( gotRef )
                {
                    handle.DangerousRelease();
                    gotRef = false;
                    buffer = null;
                }
                throw;
            }
            finally
            {
                if( gotRef )
                {
                    status = ContextNativeMethods.QueryContextAttributes(
                        ref handle.rawHandle,
                        attribute,
                        alloc_buffer
                    );
                    if( status == SecurityStatus.OK )
                    {
                        KeyStruct key = new KeyStruct();
                        Marshal.PtrToStructure( alloc_buffer, key ); // fit to the proper size, read a byte[]
                        byte[] sizedBuffer = new byte[key.size];
                        for( int i = 0; i < key.size; i++ )
                            sizedBuffer[i] = Marshal.ReadByte( key.data, i );
                        buffer = sizedBuffer;
                    }
                    handle.DangerousRelease();
                }
            }
            Marshal.FreeHGlobal( alloc_buffer );
            return status;
        }
        /// <summary>
        /// Safely invokes the native EncryptMessage function, making sure that handle ref counting is
        /// performed in a proper CER.
@@ -199,9 +263,9 @@ namespace NSspi.Contexts
            {
                handle.DangerousAddRef( ref gotRef );
            }
-            catch ( Exception )
+            catch( Exception )
            {
-                if ( gotRef )
+                if( gotRef )
                {
                    handle.DangerousRelease();
                    gotRef = false;
@@ -211,7 +275,7 @@ namespace NSspi.Contexts
            }
            finally
            {
-                if ( gotRef )
+                if( gotRef )
                {
                    status = ContextNativeMethods.EncryptMessage(
                        ref handle.rawHandle,
@@ -301,9 +365,9 @@ namespace NSspi.Contexts
            {
                handle.DangerousAddRef( ref gotRef );
            }
-            catch ( Exception )
+            catch( Exception )
            {
-                if ( gotRef )
+                if( gotRef )
                {
                    handle.DangerousRelease();
                    gotRef = false;
@@ -313,7 +377,7 @@ namespace NSspi.Contexts
            }
            finally
            {
-                if ( gotRef )
+                if( gotRef )
                {
                    status = ContextNativeMethods.MakeSignature(
                        ref handle.rawHandle,
@@ -352,9 +416,9 @@ namespace NSspi.Contexts
            {
                handle.DangerousAddRef( ref gotRef );
            }
-            catch ( Exception )
+            catch( Exception )
            {
-                if ( gotRef )
+                if( gotRef )
                {
                    handle.DangerousRelease();
                    gotRef = false;
@@ -364,7 +428,7 @@ namespace NSspi.Contexts
            }
            finally
            {
-                if ( gotRef )
+                if( gotRef )
                {
                    status = ContextNativeMethods.VerifySignature(
                        ref handle.rawHandle,
--- a/NSspi/Contexts/ContextQueries.cs
+++ b/NSspi/Contexts/ContextQueries.cs
@@ -1,9 +1,5 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi.Contexts
 {
--- a/NSspi/Contexts/ContextQueryAttrib.cs
+++ b/NSspi/Contexts/ContextQueryAttrib.cs
@@ -1,8 +1,4 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi.Contexts
 {
@@ -36,5 +32,15 @@ namespace NSspi.Contexts
        /// Results for a query of this type are stored in a Win32 SecPkgContext_Authority structure.
        /// </remarks>
        Authority = 6,
        /// <summary>
        /// Queries the context for it's neogtiated SessionKey
        /// </summary>
        /// <remarks>
        /// Results for a query of this type are stored in a Win32 SecPkgContext_SessionKey structure
        /// </remarks>
        SessionKey = 9,
        AccessToken = 13, //not implemented yet but this would be cool
    }
 }
--- a/NSspi/Contexts/ImpersonationHandle.cs
+++ b/NSspi/Contexts/ImpersonationHandle.cs
@@ -1,8 +1,6 @@
 using System;
-using System.Collections.Generic;
+using System.Security.Principal;
-using System.Linq;
+using System.Threading;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi.Contexts
 {
@@ -27,7 +25,7 @@ namespace NSspi.Contexts
        /// Initializes a new instance of the ImpersonationHandle. Does not perform impersonation.
        /// </summary>
        /// <param name="server">The server context that is performing impersonation.</param>
-        internal ImpersonationHandle(ServerContext server)
+        internal ImpersonationHandle( ServerContext server )
        {
            this.server = server;
            this.disposed = false;
@@ -54,6 +52,5 @@ namespace NSspi.Contexts
                this.server.RevertImpersonate();
            }
        }
    }
 }
--- a/NSspi/Contexts/SafeContextHandle.cs
+++ b/NSspi/Contexts/SafeContextHandle.cs
@@ -1,9 +1,5 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.ConstrainedExecution;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi.Contexts
 {
--- a/NSspi/Contexts/ServerContext.cs
+++ b/NSspi/Contexts/ServerContext.cs
@@ -1,9 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.CompilerServices;
-using System.Text;
+using System.Security.Principal;
-using System.Threading.Tasks;
+using System.Threading;
 using NSspi.Buffers;
 using NSspi.Credentials;
@@ -18,19 +16,25 @@ namespace NSspi.Contexts
        private ContextAttrib finalAttribs;
        private bool impersonating;
        private bool impersonationSetsThreadPrinciple;
        /// <summary>
-        /// Performs basic initialization of a new instance of the ServerContext class. The ServerContext
+        /// Performs basic initialization of a new instance of the ServerContext class. The
-        /// is not ready for message manipulation until a security context has been established with a client.
+        /// ServerContext is not ready for message manipulation until a security context has been
        /// established with a client.
        /// </summary>
        /// <param name="cred"></param>
        /// <param name="requestedAttribs"></param>
-        public ServerContext(ServerCredential cred, ContextAttrib requestedAttribs) : base ( cred )
+        /// <param name="impersonationSetsThreadPrinciple">
        /// If true, the `Thread.CurrentPrinciple` property will be modified by successful impersonation.
        /// </param>
        public ServerContext( Credential cred, ContextAttrib requestedAttribs, bool impersonationSetsThreadPrinciple = false ) : base( cred )
        {
            this.requestedAttribs = requestedAttribs;
            this.finalAttribs = ContextAttrib.Zero;
            this.impersonating = false;
            this.impersonationSetsThreadPrinciple = impersonationSetsThreadPrinciple;
            this.SupportsImpersonate = this.Credential.PackageInfo.Capabilities.HasFlag( SecPkgCapability.Impersonation );
        }
@@ -90,13 +94,13 @@ namespace NSspi.Contexts
            clientBuffer = new SecureBuffer( clientToken, BufferType.Token );
            outBuffer = new SecureBuffer(
-                new byte[ this.Credential.PackageInfo.MaxTokenLength ], 
+                new byte[this.Credential.PackageInfo.MaxTokenLength],
                BufferType.Token
            );
-            using ( clientAdapter = new SecureBufferAdapter( clientBuffer ) )
+            using( clientAdapter = new SecureBufferAdapter( clientBuffer ) )
            {
-                using ( outAdapter = new SecureBufferAdapter( outBuffer ) )
+                using( outAdapter = new SecureBufferAdapter( outBuffer ) )
                {
                    if( this.ContextHandle.IsInvalid )
                    {
@@ -125,19 +129,17 @@ namespace NSspi.Contexts
                            ref this.finalAttribs,
                            ref rawExpiry
                        );
                    }
                }
            }
-            if ( status == SecurityStatus.OK )
+            if( status == SecurityStatus.OK )
            {
                nextToken = null;
                base.Initialize( rawExpiry.ToDateTime() );
-                if ( outBuffer.Length != 0 )
+                if( outBuffer.Length != 0 )
                {
                    nextToken = new byte[outBuffer.Length];
                    Array.Copy( outBuffer.Buffer, nextToken, nextToken.Length );
@@ -147,7 +149,7 @@ namespace NSspi.Contexts
                    nextToken = null;
                }
            }
-            else if ( status == SecurityStatus.ContinueNeeded )
+            else if( status == SecurityStatus.ContinueNeeded )
            {
                nextToken = new byte[outBuffer.Length];
                Array.Copy( outBuffer.Buffer, nextToken, nextToken.Length );
@@ -183,6 +185,12 @@ namespace NSspi.Contexts
            {
                throw new ObjectDisposedException( "ServerContext" );
            }
            else if( this.Initialized == false )
            {
                throw new InvalidOperationException(
                    "The server context has not been completely initialized."
                );
            }
            else if( impersonating )
            {
                throw new InvalidOperationException( "Cannot impersonate again while already impersonating." );
@@ -220,7 +228,7 @@ namespace NSspi.Contexts
                    this.ContextHandle.DangerousRelease();
-                    this.impersonating = true;
+                    this.impersonating = status == SecurityStatus.OK;
                }
            }
@@ -237,6 +245,11 @@ namespace NSspi.Contexts
                throw new SSPIException( "Failed to impersonate the client", status );
            }
            if( this.impersonating && this.impersonationSetsThreadPrinciple )
            {
                SetThreadPrinciple();
            }
            return handle;
        }
@@ -299,5 +312,15 @@ namespace NSspi.Contexts
            base.Dispose( disposing );
        }
        /// <summary>
        /// Set the current thread security context to the impersonated identity.
        /// </summary>
        private void SetThreadPrinciple()
        {
            Thread.CurrentPrincipal = new WindowsPrincipal(
                WindowsIdentity.GetCurrent( TokenAccessLevels.AllAccess ) 
            );
        }
    }
 }
--- a/NSspi/Credentials/AuthData.cs
+++ b/NSspi/Credentials/AuthData.cs
@@ -0,0 +1,55 @@
 using System;
 using System.Runtime.InteropServices;
 namespace NSspi.Credentials
 {
    /// <summary>
    /// Provides authentication data in native method calls.
    /// </summary>
    /// <remarks>
    /// Implements the 'SEC_WINNT_AUTH_IDENTITY' structure. See:
    ///
    /// https://msdn.microsoft.com/en-us/library/windows/desktop/aa380131(v=vs.85).aspx
    /// </remarks>
    [StructLayout( LayoutKind.Sequential )]
    internal struct NativeAuthData
    {
        public NativeAuthData( string domain, string username, string password, NativeAuthDataFlag flag )
        {
            this.Domain = domain;
            this.DomainLength = domain.Length;
            this.User = username;
            this.UserLength = username.Length;
            this.Password = password;
            this.PasswordLength = password.Length;
            this.Flags = flag;
        }
        [MarshalAs( UnmanagedType.LPWStr )]
        public string User;
        public int UserLength;
        [MarshalAs( UnmanagedType.LPWStr )]
        public string Domain;
        public int DomainLength;
        [MarshalAs( UnmanagedType.LPWStr )]
        public string Password;
        public int PasswordLength;
        public NativeAuthDataFlag Flags;
    }
    internal enum NativeAuthDataFlag : int
    {
        Ansi = 1,
        Unicode = 2
    }
 }
--- a/NSspi/Credentials/ClientCredential.cs
+++ b/NSspi/Credentials/ClientCredential.cs
@@ -1,24 +0,0 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.CompilerServices;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi.Credentials
 {
    /// <summary>
    /// Represents the credentials of the user running the current process, for use as an SSPI client.
    /// </summary>
    public class ClientCredential : CurrentCredential
    {
        /// <summary>
        /// Initializes a new instance of the ClientCredential class.
        /// </summary>
        /// <param name="package">The security package to acquire the credential handle from.</param>
        public ClientCredential( string package )
            : base( package, CredentialUse.Outbound )
        {
        }
    }
 }
--- a/NSspi/Credentials/ClientCurrentCredential.cs
+++ b/NSspi/Credentials/ClientCurrentCredential.cs
@@ -0,0 +1,20 @@
 using System;
 namespace NSspi.Credentials
 {
    /// <summary>
    /// Represents a handle to the credentials of the user running the current process, to be used to
    /// authenticate as a client.
    /// </summary>
    public class ClientCurrentCredential : CurrentCredential
    {
        /// <summary>
        /// Initializes a new instance of the ClientCurrentCredential class.
        /// </summary>
        /// <param name="package">The security package to acquire the credential handle from.</param>
        public ClientCurrentCredential( string package )
            : base( package, CredentialUse.Outbound )
        {
        }
    }
 }
--- a/NSspi/Credentials/Credential.cs
+++ b/NSspi/Credentials/Credential.cs
@@ -1,13 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.DirectoryServices.AccountManagement;
 using System.Linq;
 using System.Runtime.CompilerServices;
 using System.Runtime.ConstrainedExecution;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading.Tasks;
 using NSspi.Credentials;
 namespace NSspi.Credentials
 {
@@ -187,9 +180,9 @@ namespace NSspi.Credentials
        protected virtual void Dispose( bool disposing )
        {
-            if ( this.disposed == false )
+            if( this.disposed == false )
            {
-                if ( disposing )
+                if( disposing )
                {
                    this.safeCredHandle.Dispose();
                }
--- a/NSspi/Credentials/CredentialNativeMethods.cs
+++ b/NSspi/Credentials/CredentialNativeMethods.cs
@@ -1,17 +1,12 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.ConstrainedExecution;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading.Tasks;
 using NSspi.Credentials;
 namespace NSspi.Credentials
 {
    internal static class CredentialNativeMethods
    {
-        [ReliabilityContract( Consistency.WillNotCorruptState, Cer.MayFail)]
+        [ReliabilityContract( Consistency.WillNotCorruptState, Cer.MayFail )]
        [DllImport( "Secur32.dll", EntryPoint = "AcquireCredentialsHandle", CharSet = CharSet.Unicode )]
        internal static extern SecurityStatus AcquireCredentialsHandle(
            string principleName,
@@ -25,13 +20,27 @@ namespace NSspi.Credentials
            ref TimeStamp expiry
        );
        [ReliabilityContract( Consistency.WillNotCorruptState, Cer.MayFail )]
        [DllImport( "Secur32.dll", EntryPoint = "AcquireCredentialsHandle", CharSet = CharSet.Unicode )]
        internal static extern SecurityStatus AcquireCredentialsHandle_AuthData(
            string principleName,
            string packageName,
            CredentialUse credentialUse,
            IntPtr loginId,
            ref NativeAuthData authData,
            IntPtr getKeyFunc,
            IntPtr getKeyData,
            ref RawSspiHandle credentialHandle,
            ref TimeStamp expiry
        );
        [ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
        [DllImport( "Secur32.dll", EntryPoint = "FreeCredentialsHandle", CharSet = CharSet.Unicode )]
        internal static extern SecurityStatus FreeCredentialsHandle(
            ref RawSspiHandle credentialHandle
        );
        /// <summary>
        /// The overload of the QueryCredentialsAttribute method that is used for querying the name attribute.
        /// In this call, it takes a void* to a structure that contains a wide char pointer. The wide character
--- a/NSspi/Credentials/CredentialQueryAttrib.cs
+++ b/NSspi/Credentials/CredentialQueryAttrib.cs
@@ -1,8 +1,4 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi.Credentials
 {
--- a/NSspi/Credentials/CredentialUse.cs
+++ b/NSspi/Credentials/CredentialUse.cs
@@ -1,8 +1,4 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi.Credentials
 {
--- a/NSspi/Credentials/CurrentCredential.cs
+++ b/NSspi/Credentials/CurrentCredential.cs
@@ -1,9 +1,5 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.CompilerServices;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi.Credentials
 {
@@ -57,13 +53,12 @@ namespace NSspi.Credentials
               );
            }
-            if ( status != SecurityStatus.OK )
+            if( status != SecurityStatus.OK )
            {
                throw new SSPIException( "Failed to call AcquireCredentialHandle", status );
            }
            this.Expiry = rawExpiry.ToDateTime();
        }
    }
 }
--- a/NSspi/Credentials/PasswordCredential.cs
+++ b/NSspi/Credentials/PasswordCredential.cs
@@ -0,0 +1,78 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.CompilerServices;
 using System.Text;
 namespace NSspi.Credentials
 {
    /// <summary>
    /// Represents credentials acquired by providing a username, password, and domain.
    /// </summary>
    public class PasswordCredential : Credential
    {
        /// <summary>
        /// Initializes a new instance of the PasswordCredential class.
        /// </summary>
        /// <remarks>
        /// It is possible to acquire a valid handle to credentials that do not provide a valid
        /// username-password combination. The username and password are not validation until the
        /// authentication cycle begins.
        /// </remarks>
        /// <param name="domain">The domain to authenticate to.</param>
        /// <param name="username">The username of the user to authenticate as.</param>
        /// <param name="password">The user's password.</param>
        /// <param name="secPackage">The SSPI security package to create credentials for.</param>
        /// <param name="use">
        /// Specify inbound when acquiring credentials for a server; outbound for a client.
        /// </param>
        public PasswordCredential( string domain, string username, string password, string secPackage, CredentialUse use ) 
            : base( secPackage )
        {
            NativeAuthData authData = new NativeAuthData( domain, username, password, NativeAuthDataFlag.Unicode );
            Init( authData, secPackage, use );
        }
        private void Init( NativeAuthData authData, string secPackage, CredentialUse use )
        {
            string packageName;
            TimeStamp rawExpiry = new TimeStamp();
            SecurityStatus status = SecurityStatus.InternalError;
            // -- Package --
            // Copy off for the call, since this.SecurityPackage is a property.
            packageName = this.SecurityPackage;
            this.Handle = new SafeCredentialHandle();
            // The finally clause is the actual constrained region. The VM pre-allocates any stack space,
            // performs any allocations it needs to prepare methods for execution, and postpones any
            // instances of the 'uncatchable' exceptions (ThreadAbort, StackOverflow, OutOfMemory).
            RuntimeHelpers.PrepareConstrainedRegions();
            try { }
            finally
            {
                status = CredentialNativeMethods.AcquireCredentialsHandle_AuthData(
                   null,
                   packageName,
                   use,
                   IntPtr.Zero,
                   ref authData,
                   IntPtr.Zero,
                   IntPtr.Zero,
                   ref this.Handle.rawHandle,
                   ref rawExpiry
               );
            }
            if( status != SecurityStatus.OK )
            {
                throw new SSPIException( "Failed to call AcquireCredentialHandle", status );
            }
            this.Expiry = rawExpiry.ToDateTime();
        }
    }
 }
--- a/NSspi/Credentials/QueryNameSupport.cs
+++ b/NSspi/Credentials/QueryNameSupport.cs
@@ -1,9 +1,5 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi.Credentials
 {
--- a/NSspi/Credentials/SafeCredentialHandle.cs
+++ b/NSspi/Credentials/SafeCredentialHandle.cs
@@ -1,9 +1,5 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.ConstrainedExecution;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi.Credentials
 {
@@ -28,5 +24,4 @@ namespace NSspi.Credentials
            return status == SecurityStatus.OK;
        }
    }
 }
--- a/NSspi/Credentials/ServerCurrentCredential.cs
+++ b/NSspi/Credentials/ServerCurrentCredential.cs
@@ -1,23 +1,19 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.CompilerServices;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi.Credentials
 {
    /// <summary>
-    /// Represents the credentials of the user running the current process, for use as an SSPI server.
+    /// Represents a handle to the credentials of the user running the current process, to be used to
    /// authenticate as a server.
    /// </summary>
-    public class ServerCredential : CurrentCredential
+    public class ServerCurrentCredential : CurrentCredential
    {
        /// <summary>
        /// Initializes a new instance of the ServerCredential class, acquiring credentials from
        /// the current thread's security context.
        /// </summary>
        /// <param name="package">The name of the security package to obtain credentials from.</param>
-        public ServerCredential( string package )
+        public ServerCurrentCredential( string package )
            : base( package, CredentialUse.Inbound )
        {
        }
--- a/NSspi/EnumMgr.cs
+++ b/NSspi/EnumMgr.cs
@@ -0,0 +1,57 @@
 using System;
 using System.Reflection;
 namespace NSspi
 {
    [AttributeUsage( AttributeTargets.Field )]
    public class EnumStringAttribute : Attribute
    {
        public EnumStringAttribute( string text )
        {
            this.Text = text;
        }
        public string Text { get; private set; }
    }
    public class EnumMgr
    {
        public static string ToText( Enum value )
        {
            FieldInfo field = value.GetType().GetField( value.ToString() );
            EnumStringAttribute[] attribs = (EnumStringAttribute[])field.GetCustomAttributes( typeof( EnumStringAttribute ), false );
            if( attribs == null || attribs.Length == 0 )
            {
                return null;
            }
            else
            {
                return attribs[0].Text;
            }
        }
        public static T FromText<T>( string text )
        {
            FieldInfo[] fields = typeof( T ).GetFields();
            EnumStringAttribute[] attribs;
            foreach( FieldInfo field in fields )
            {
                attribs = (EnumStringAttribute[])field.GetCustomAttributes( typeof( EnumStringAttribute ), false );
                foreach( EnumStringAttribute attrib in attribs )
                {
                    if( attrib.Text == text )
                    {
                        return (T)field.GetValue( null );
                    }
                }
            }
            throw new ArgumentException( "Could not find a matching enumeration value for the text '" + text + "'." );
        }
    }
 }
--- a/NSspi/NSspi.csproj
+++ b/NSspi/NSspi.csproj
@@ -23,6 +23,7 @@
    <WarningLevel>4</WarningLevel>
    <AllowUnsafeBlocks>false</AllowUnsafeBlocks>
    <Prefer32Bit>false</Prefer32Bit>
    <DocumentationFile>bin\Debug\NSspi.XML</DocumentationFile>
  </PropertyGroup>
  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
    <DebugType>pdbonly</DebugType>
@@ -42,11 +43,7 @@
    <Reference Include="System.Core" />
    <Reference Include="System.DirectoryServices" />
    <Reference Include="System.DirectoryServices.AccountManagement" />
    <Reference Include="System.Xml.Linq" />
    <Reference Include="System.Data.DataSetExtensions" />
    <Reference Include="Microsoft.CSharp" />
    <Reference Include="System.Data" />
    <Reference Include="System.Xml" />
  </ItemGroup>
  <ItemGroup>
    <Compile Include="ByteWriter.cs" />
@@ -58,17 +55,20 @@
    <Compile Include="Contexts\ContextQueryAttrib.cs" />
    <Compile Include="Contexts\ImpersonationHandle.cs" />
    <Compile Include="Contexts\SafeContextHandle.cs" />
    <Compile Include="Credentials\AuthData.cs" />
    <Compile Include="Credentials\ClientCurrentCredential.cs" />
    <Compile Include="Credentials\CurrentCredential.cs" />
    <Compile Include="Credentials\PasswordCredential.cs" />
    <Compile Include="Credentials\ServerCurrentCredential.cs" />
    <Compile Include="EnumMgr.cs" />
    <Compile Include="SecPkgInfo.cs" />
    <Compile Include="Contexts\ServerContext.cs" />
    <Compile Include="Credentials\ClientCredential.cs" />
    <Compile Include="Credentials\Credential.cs" />
    <Compile Include="Credentials\CredentialNativeMethods.cs" />
    <Compile Include="Credentials\CredentialQueryAttrib.cs" />
    <Compile Include="Credentials\CredentialUse.cs" />
    <Compile Include="Credentials\QueryNameSupport.cs" />
    <Compile Include="Credentials\SafeCredentialHandle.cs" />
    <Compile Include="Credentials\ServerCredential.cs" />
    <Compile Include="NativeMethods.cs" />
    <Compile Include="PackageSupport.cs" />
    <Compile Include="PackageNames.cs" />
@@ -83,7 +83,9 @@
    <Compile Include="SspiHandle.cs" />
    <Compile Include="TimeStamp.cs" />
  </ItemGroup>
-  <ItemGroup />
+  <ItemGroup>
    <None Include="NSspi.nuspec" />
  </ItemGroup>
  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
  <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
       Other similar extension points exist, see Microsoft.Common.targets.
--- a/NSspi/NSspi.nuspec
+++ b/NSspi/NSspi.nuspec
@@ -0,0 +1,18 @@
 <?xml version="1.0"?>
 <package >
    <metadata>
        <id>NSspi</id>
        <version>0.2.1.0</version>
        <authors>Kevin Thompson</authors>
        <owners>Kevin Thompson</owners>
        <projectUrl>https://github.com/antiduh/nsspi</projectUrl>
        <requireLicenseAcceptance>false</requireLicenseAcceptance>
        <description>
            A C#/.Net interface to the Win32 SSPI authentication API,
            better known as Windows Integrated Authentication.
        </description>
        <language>C#</language>
        <releaseNotes>Adds support for username/password credentials, but introduces a minor change in the interface that breaks existing code.</releaseNotes>
        <copyright>Copyright 2018</copyright>
    </metadata>
 </package>
--- a/NSspi/NativeMethods.cs
+++ b/NSspi/NativeMethods.cs
@@ -1,21 +1,15 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.ConstrainedExecution;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading.Tasks;
 using NSspi.Contexts;
 namespace NSspi
 {
    internal static class NativeMethods
    {
-        [ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success)]
+        [ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
        [DllImport( "Secur32.dll", EntryPoint = "FreeContextBuffer", CharSet = CharSet.Unicode )]
        internal static extern SecurityStatus FreeContextBuffer( IntPtr buffer );
        [ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
        [DllImport( "Secur32.dll", EntryPoint = "QuerySecurityPackageInfo", CharSet = CharSet.Unicode )]
        internal static extern SecurityStatus QuerySecurityPackageInfo( string packageName, ref IntPtr pkgInfo );
@@ -23,6 +17,5 @@ namespace NSspi
        [ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
        [DllImport( "Secur32.dll", EntryPoint = "EnumerateSecurityPackages", CharSet = CharSet.Unicode )]
        internal static extern SecurityStatus EnumerateSecurityPackages( ref int numPackages, ref IntPtr pkgInfoArry );
    }
 }
--- a/NSspi/PackageNames.cs
+++ b/NSspi/PackageNames.cs
@@ -1,8 +1,4 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi
 {
--- a/NSspi/PackageSupport.cs
+++ b/NSspi/PackageSupport.cs
@@ -1,10 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi
 {
@@ -35,11 +31,11 @@ namespace NSspi
            {
                status = NativeMethods.QuerySecurityPackageInfo( packageName, ref rawInfoPtr );
-                if ( rawInfoPtr != IntPtr.Zero )
+                if( rawInfoPtr != IntPtr.Zero )
                {
                    try
                    {
-                        if ( status == SecurityStatus.OK )
+                        if( status == SecurityStatus.OK )
                        {
                            // This performs allocations as it makes room for the strings contained in the SecPkgInfo class.
                            Marshal.PtrToStructure( rawInfoPtr, info );
@@ -71,7 +67,7 @@ namespace NSspi
            IntPtr pkgArrayPtr;
            IntPtr pkgPtr;
            int numPackages = 0;
-            int pkgSize = Marshal.SizeOf( typeof(SecPkgInfo) );
+            int pkgSize = Marshal.SizeOf( typeof( SecPkgInfo ) );
            pkgArrayPtr = new IntPtr();
--- a/NSspi/Properties/AssemblyInfo.cs
+++ b/NSspi/Properties/AssemblyInfo.cs
@@ -1,26 +1,25 @@
 using System.Reflection;
 using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;
 // General Information about an assembly is controlled through the following
 // set of attributes. Change these attribute values to modify the information
 // associated with an assembly.
-[assembly: AssemblyTitle("NSspi")]
+[assembly: AssemblyTitle( "NSspi" )]
-[assembly: AssemblyDescription("")]
+[assembly: AssemblyDescription( "" )]
-[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyConfiguration( "" )]
-[assembly: AssemblyCompany("Kevin Thompson")]
+[assembly: AssemblyCompany( "Kevin Thompson" )]
-[assembly: AssemblyProduct("NSspi")]
+[assembly: AssemblyProduct( "NSspi" )]
-[assembly: AssemblyCopyright("Copyright © Kevin Thompson 2014")]
+[assembly: AssemblyCopyright( "Copyright © Kevin Thompson 2018" )]
-[assembly: AssemblyTrademark("")]
+[assembly: AssemblyTrademark( "" )]
-[assembly: AssemblyCulture("")]
+[assembly: AssemblyCulture( "" )]
 // Setting ComVisible to false makes the types in this assembly not visible
 // to COM components.  If you need to access a type in this assembly from
 // COM, set the ComVisible attribute to true on that type.
-[assembly: ComVisible(false)]
+[assembly: ComVisible( false )]
 // The following GUID is for the ID of the typelib if this project is exposed to COM
-[assembly: Guid("9abf710c-c646-42aa-8183-76bfa141a07b")]
+[assembly: Guid( "9abf710c-c646-42aa-8183-76bfa141a07b" )]
 // Version information for an assembly consists of the following four values:
 //
@@ -32,5 +31,5 @@ using System.Runtime.InteropServices;
 // You can specify all the values or you can default the Build and Revision Numbers
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyVersion( "0.2.1.0" )]
-[assembly: AssemblyFileVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion( "0.2.1.0" )]
--- a/NSspi/SSPIException.cs
+++ b/NSspi/SSPIException.cs
@@ -1,9 +1,5 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.Serialization;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi
 {
@@ -35,7 +31,7 @@ namespace NSspi
        protected SSPIException( SerializationInfo info, StreamingContext context )
            : base( info, context )
        {
-            this.message = info.GetString( "messsage" );
+            this.message = info.GetString( "message" );
            this.errorCode = (SecurityStatus)info.GetUInt32( "errorCode" );
        }
@@ -70,7 +66,12 @@ namespace NSspi
        {
            get
            {
-                return string.Format( "{0}. Error Code = '{1:X}'.", this.message, this.errorCode );
+                return string.Format(
                    "{0}. Error Code = '0x{1:X}' - \"{2}\".",
                    this.message,
                    this.errorCode,
                    EnumMgr.ToText( this.errorCode )
                );
            }
        }
    }
--- a/NSspi/SecPkgInfo.cs
+++ b/NSspi/SecPkgInfo.cs
@@ -1,9 +1,5 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi
 {
--- a/NSspi/SecureBuffer/SecureBuffer.cs
+++ b/NSspi/SecureBuffer/SecureBuffer.cs
@@ -1,9 +1,5 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi.Buffers
 {
--- a/NSspi/SecureBuffer/SecureBufferAdapter.cs
+++ b/NSspi/SecureBuffer/SecureBufferAdapter.cs
@@ -1,10 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.ConstrainedExecution;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi.Buffers
 {
@@ -120,7 +117,7 @@ namespace NSspi.Buffers
            this.bufferHandles = new GCHandle[this.buffers.Count];
            this.bufferCarrier = new SecureBufferInternal[this.buffers.Count];
-            for ( int i = 0; i < this.buffers.Count; i++ )
+            for( int i = 0; i < this.buffers.Count; i++ )
            {
                this.bufferHandles[i] = GCHandle.Alloc( this.buffers[i].Buffer, GCHandleType.Pinned );
@@ -156,7 +153,7 @@ namespace NSspi.Buffers
        {
            get
            {
-                if ( this.disposed )
+                if( this.disposed )
                {
                    throw new ObjectDisposedException( "Cannot use SecureBufferListHandle after it has been disposed" );
                }
@@ -184,9 +181,9 @@ namespace NSspi.Buffers
        [ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
        private void Dispose( bool disposing )
        {
-            if ( this.disposed == true ) { return; }
+            if( this.disposed == true ) { return; }
-            if ( disposing )
+            if( disposing )
            {
                // When this class is actually being used for its original purpose - to convey buffers
                // back and forth to SSPI calls - we need to copy the potentially modified structure members
--- a/NSspi/SecureBuffer/SecureBufferDataRep.cs
+++ b/NSspi/SecureBuffer/SecureBufferDataRep.cs
@@ -1,8 +1,4 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi.Buffers
 {
--- a/NSspi/SecureBuffer/SecureBufferDesc.cs
+++ b/NSspi/SecureBuffer/SecureBufferDesc.cs
@@ -1,10 +1,5 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.ConstrainedExecution;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi.Buffers
 {
@@ -12,7 +7,7 @@ namespace NSspi.Buffers
    /// Represents the native layout of the secure buffer descriptor that is provided directly
    /// to native API calls.
    /// </summary>
-    [StructLayout( LayoutKind.Sequential)]
+    [StructLayout( LayoutKind.Sequential )]
    internal struct SecureBufferDescInternal
    {
        /// <summary>
--- a/NSspi/SecureBuffer/SecureBufferType.cs
+++ b/NSspi/SecureBuffer/SecureBufferType.cs
@@ -1,8 +1,4 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi.Buffers
 {
@@ -57,7 +53,7 @@ namespace NSspi.Buffers
        Stream = 0x0A,
        ChannelBindings = 0x0E,
        TargetHost = 0x10,
-        ReadOnlyFlag = unchecked( (int)0x80000000 ),
+        ReadOnlyFlag = unchecked((int)0x80000000),
        ReadOnlyWithChecksum = 0x10000000
    }
 }
--- a/NSspi/SecurityStatus.cs
+++ b/NSspi/SecurityStatus.cs
@@ -1,8 +1,4 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi
 {
@@ -30,56 +26,99 @@ namespace NSspi
        /// <summary>
        /// The request completed successfully
        /// </summary>
        [EnumString( "No error" )]
        OK = 0x00000000,
        /// <summary>
        /// The token returned by the context needs to be provided to the cooperating party
        /// to continue construction of the context.
        /// </summary>
        [EnumString( "Authentication cycle needs to continue" )]
        ContinueNeeded = 0x00090312,
        /// <summary>
        /// Occurs after a client calls InitializeSecurityContext to indicate that the client
        /// must call CompleteAuthToken.
        /// </summary>
        [EnumString( "Authentication cycle needs to perform a 'complete'." )]
        CompleteNeeded = 0x00090313,
        /// <summary>
        /// Occurs after a client calls InitializeSecurityContext to indicate that the client
        /// must call CompleteAuthToken and pass the result to the server.
        /// </summary>
        [EnumString( "Authentication cycle needs to perform a 'complete' and then continue." )]
        CompAndContinue = 0x00090314,
        /// <summary>
        /// An attempt to use the context was performed after the context's expiration time elapsed.
        /// </summary>
        [EnumString( "The security context was used after its expiration time passed." )]
        ContextExpired = 0x00090317,
        [EnumString( "The credentials supplied to the security context were not fully initialized." )]
        CredentialsNeeded = 0x00090320,
        [EnumString( "The context data must be re-negotiated with the peer" )]
        Renegotiate = 0x00090321,
        // Errors
        [EnumString( "Not enough memory." )]
        OutOfMemory = 0x80090300,
        [EnumString( "The handle provided to the API was invalid." )]
        InvalidHandle = 0x80090301,
        [EnumString( "The attempted operation is not supported" )]
        Unsupported = 0x80090302,
        [EnumString( "The specified principle is not known in the authentication system." )]
        TargetUnknown = 0x80090303,
        [EnumString( "An internal error occurred" )]
        InternalError = 0x80090304,
        /// <summary>
        /// No security provider package was found with the given name.
        /// </summary>
        [EnumString( "The requested security package was not found." )]
        PackageNotFound = 0x80090305,
        NotOwner = 0x80090306,
        CannotInstall = 0x80090307,
        /// <summary>
        /// A token was provided that contained incorrect or corrupted data.
        /// </summary>
        [EnumString( "The provided authentication token is invalid or corrupted." )]
        InvalidToken = 0x80090308,
        CannotPack = 0x80090309,
        QopNotSupported = 0x8009030A,
        /// <summary>
        /// Impersonation is not supported.
        /// </summary>
        [EnumString( "Impersonation is not supported with the current security package." )]
        NoImpersonation = 0x8009030B,
        [EnumString( "The logon was denied, perhaps because the provided credentials were incorrect." )]
        LogonDenied = 0x8009030C,
        [EnumString( "The credentials provided are not recognized by the selected security package." )]
        UnknownCredentials = 0x8009030D,
        [EnumString( "No credentials are available in the selected security package." )]
        NoCredentials = 0x8009030E,
        [EnumString( "A message that was provided to the Decrypt or VerifySignature functions was altered " +
        "after it was created." )]
        MessageAltered = 0x8009030F,
        [EnumString( "A message was received out of the expected order." )]
        OutOfSequence = 0x80090310,
        [EnumString( "The current security package cannot contact an authenticating authority." )]
        NoAuthenticatingAuthority = 0x80090311,
        /// <summary>
@@ -94,6 +133,7 @@ namespace NSspi
        /// type 'extra'.
        /// </remarks>
        IncompleteMessage = 0x80090318,
        IncompleteCredentials = 0x80090320,
        BufferNotEnough = 0x80090321,
        WrongPrincipal = 0x80090322,
@@ -124,5 +164,4 @@ namespace NSspi
            return (uint)status > 0x80000000u;
        }
    }
 }
--- a/NSspi/SspiHandle.cs
+++ b/NSspi/SspiHandle.cs
@@ -1,12 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.CompilerServices;
 using System.Runtime.ConstrainedExecution;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading.Tasks;
 using NSspi.Contexts;
 namespace NSspi
 {
@@ -25,7 +19,7 @@ namespace NSspi
    /// to this handle for performing work (InitializeSecurityContext, eg) should be performed a CER
    /// that employs handle reference counting across the native API invocation.
    /// </remarks>
-    [StructLayout( LayoutKind.Sequential, Pack = 1 ) ]
+    [StructLayout( LayoutKind.Sequential, Pack = 1 )]
    internal struct RawSspiHandle
    {
        private IntPtr lowPart;
@@ -46,7 +40,7 @@ namespace NSspi
        /// <remarks>
        /// This method is executed in a CER during handle release.
        /// </remarks>
-        [ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success)]
+        [ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
        public void SetInvalid()
        {
            this.lowPart = IntPtr.Zero;
--- a/NSspi/TimeStamp.cs
+++ b/NSspi/TimeStamp.cs
@@ -1,9 +1,5 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading.Tasks;
 namespace NSspi
 {
@@ -29,13 +25,13 @@ namespace NSspi
        /// <returns></returns>
        public DateTime ToDateTime()
        {
-            ulong test = (ulong)this.time + (ulong)(Epoch.Ticks);
+            ulong test = (ulong)this.time + (ulong)( Epoch.Ticks );
            // Sometimes the value returned is massive, eg, 0x7fffff154e84ffff, which is a value
            // somewhere in the year 30848. This would overflow DateTime, since it peaks at 31-Dec-9999.
            // It turns out that this value corresponds to a TimeStamp's maximum value, reduced by my local timezone
            // http://stackoverflow.com/questions/24478056/
-            if ( test > (ulong)DateTime.MaxValue.Ticks )
+            if( test > (ulong)DateTime.MaxValue.Ticks )
            {
                return DateTime.MaxValue;
            }
--- a/NsspiDemo/.gitignore
+++ b/NsspiDemo/.gitignore
@@ -0,0 +1,2 @@
 bin
 obj
--- a/NsspiDemo/App.config
+++ b/NsspiDemo/App.config
@@ -1,6 +1,6 @@
 <?xml version="1.0"?>
 <configuration>
  <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
+    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" />
  </startup>
 </configuration>
--- a/NsspiDemo/Program.cs
+++ b/NsspiDemo/Program.cs
@@ -16,10 +16,10 @@ namespace NSspi
        private static void CredTest( string packageName )
        {
-            ClientCredential clientCred = null;
+            ClientCurrentCredential clientCred = null;
            ClientContext client = null;
-            ServerCredential serverCred = null;
+            ServerCurrentCredential serverCred = null;
            ServerContext server = null;
            byte[] clientToken;
@@ -30,8 +30,8 @@ namespace NSspi
            try
            {
-                clientCred = new ClientCredential( packageName );
+                clientCred = new ClientCurrentCredential( packageName );
-                serverCred = new ServerCredential( packageName );
+                serverCred = new ServerCurrentCredential( packageName );
                Console.Out.WriteLine( clientCred.PrincipleName );
@@ -47,7 +47,6 @@ namespace NSspi
                    ContextAttrib.Delegate
                );
                server = new ServerContext(
                    serverCred,
                    ContextAttrib.MutualAuth |
@@ -64,18 +63,17 @@ namespace NSspi
                clientStatus = client.Init( serverToken, out clientToken );
-                while ( true )
+                while( true )
                {
                    serverStatus = server.AcceptToken( clientToken, out serverToken );
-                    if ( serverStatus != SecurityStatus.ContinueNeeded && clientStatus != SecurityStatus.ContinueNeeded ) { break; }
+                    if( serverStatus != SecurityStatus.ContinueNeeded && clientStatus != SecurityStatus.ContinueNeeded ) { break; }
                    clientStatus = client.Init( serverToken, out clientToken );
-                    if ( serverStatus != SecurityStatus.ContinueNeeded && clientStatus != SecurityStatus.ContinueNeeded ) { break; }
+                    if( serverStatus != SecurityStatus.ContinueNeeded && clientStatus != SecurityStatus.ContinueNeeded ) { break; }
                }
                Console.Out.WriteLine( "Server authority: " + server.AuthorityName );
                Console.Out.WriteLine( "Server context user: " + server.ContextUserName );
@@ -102,7 +100,7 @@ namespace NSspi
                    throw new Exception();
                }
-                for( int i= 0; i < plainText.Length; i++ )
+                for( int i = 0; i < plainText.Length; i++ )
                {
                    if( plainText[i] != roundTripPlaintext[i] )
                    {
@@ -117,25 +115,23 @@ namespace NSspi
                    throw new Exception();
                }
                using( server.ImpersonateClient() )
                {
                }
                cipherText = client.MakeSignature( plainText );
                bool goodSig = server.VerifySignature( cipherText, out roundTripPlaintext );
-                if ( goodSig == false ||
+                if( goodSig == false ||
                     roundTripPlaintext.Length != plainText.Length )
                {
                    throw new Exception();
                }
-                for ( int i = 0; i < plainText.Length; i++ )
+                for( int i = 0; i < plainText.Length; i++ )
                {
-                    if ( plainText[i] != roundTripPlaintext[i] )
+                    if( plainText[i] != roundTripPlaintext[i] )
                    {
                        throw new Exception();
                    }
@@ -145,12 +141,12 @@ namespace NSspi
            }
            finally
            {
-                if ( server != null )
+                if( server != null )
                {
                    server.Dispose();
                }
-                if ( client != null )
+                if( client != null )
                {
                    client.Dispose();
                }
@@ -160,7 +156,7 @@ namespace NSspi
                    clientCred.Dispose();
                }
-                if ( serverCred != null )
+                if( serverCred != null )
                {
                    serverCred.Dispose();
                }
--- a/NsspiDemo/Properties/AssemblyInfo.cs
+++ b/NsspiDemo/Properties/AssemblyInfo.cs
@@ -1,5 +1,4 @@
 using System.Reflection;
 using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;
 // General Information about an assembly is controlled through the following
--- a/Readme.txt
+++ b/Readme.txt
@@ -1,70 +0,0 @@
 This projects provides a C# / .Net interface to the Windows Integrated Authentication API, 
 better known as SSPI (Security Service Provider Interface).
 The project is provided as a .Net 4.0 assembly, but can just as easily be upgraded to .Net 4.5 
 or later. The solution file can be opened by Visual Studio 2010 SP1, Visual Studio 2012, or 
 later Visual Studio editions.
 The SSPI API provides an interface for real authentication protocols, such as Kerberos or 
 NTLM, to be invoked transparently by client and server code in order to perform authentication
 and message manipulation. These authentication protocols are better known as 'security packages'.
 The SSPI API exposes these packages using a common API, and so a program may invoke one or the 
 other with only minor changes in implementation. SSPI also supports the 'negotiate' 'meta' 
 package, that allows a client and server to decide dynamically which real security provider to 
 use, and then itself provides a passthrough interface to the real package.
 ==== Usage ====
 Typically, a client acquires some form of a credential, either from the currently logged on
 user's security context, by acquiring a username and password from the user, or by some other
 means. The server acquires a credential in a similar manner. Each uses their credentials to 
 identify themselves to each other.
 A client and a server each start with uninitialized security contexts. They exchange negotiation
 and authentication tokens to perform authentication, and if all succeeds, they create a shared 
 security context in the form of a client's context and a server's context. The effectively shared
 context agrees on the security package to use (kerberos, NTLM), and what parameters to use 
 for message passing. Every new client that authenticates with a server creates a new security 
 context specific to that client-server pairing.
 From the software perspective, a client security context initializes itself by exchanging 
 authentication tokens with a server; the server initializes itself by exchanging authentication
 tokens with the client.
 This API provides raw access to the authentication tokens created during the negotiation and 
 authentication process. In this manner, any application can integrate SSPI-based authentication
 by deciding for themselves how to integrate the tokens into their application protocol.
 The project is broken up into 3 chunks:
 * The NSspi library, which provides safe, managed access to the SSPI API.
 * NsspiDemo, a quick demo program to show how to exercise the features of NSspi locally.
 * UI demo programs TestClient and TestServer (that have a common dependency on TestProtocol) that
   may be run on separate machines, that show how one might integrate SSPI into a custom 
   application.
 ==== More information ====
 If you would like to understand the SSPI API, feel free to browse the following references:
 MSDN documentation on the SSPI API
 	http://msdn.microsoft.com/en-us/library/windows/desktop/aa374731(v=vs.85).aspx
 MSDN article on SSPI along with a sample Managed C++ SSPI library and UI client/servers.
 	http://msdn.microsoft.com/en-us/library/ms973911.aspx
 Relevant StackOverflow questions:
 "Client-server authentication - using SSPI?"
  - http://stackoverflow.com/questions/17241365/
 "Validate Windows Identity Token"
  - http://stackoverflow.com/questions/11238141/
 "How to deal with allocations in constrained execution regions?"
  - http://stackoverflow.com/questions/24442209/
 "AcquireCredentialsHandle returns massive expiration time"
  - http://stackoverflow.com/questions/24478056/
--- a/TestClient/.gitignore
+++ b/TestClient/.gitignore
@@ -0,0 +1,2 @@
 bin
 obj
--- a/TestClient/App.config
+++ b/TestClient/App.config
@@ -1,6 +1,6 @@
 <?xml version="1.0"?>
 <configuration>
  <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
+    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" />
  </startup>
 </configuration>
--- a/TestClient/ClientForm.cs
+++ b/TestClient/ClientForm.cs
@@ -1,12 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.ComponentModel;
 using System.Data;
 using System.Drawing;
 using System.Linq;
 using System.Net.Sockets;
 using System.Text;
 using System.Threading.Tasks;
 using System.Windows.Forms;
 using NSspi;
 using NSspi.Contexts;
@@ -20,7 +14,7 @@ namespace TestClient
    public partial class ClientForm : Form
    {
        private ClientContext context;
-        private ClientCredential cred;
+        private ClientCurrentCredential cred;
        private CustomConnection connection;
@@ -48,7 +42,7 @@ namespace TestClient
            this.FormClosing += Form1_FormClosing;
            // --- SSPI ---
-            this.cred = new ClientCredential( PackageNames.Negotiate );
+            this.cred = new ClientCurrentCredential( PackageNames.Negotiate );
            this.context = new ClientContext(
                cred,
@@ -107,7 +101,6 @@ namespace TestClient
                        throw;
                    }
                }
            }
        }
@@ -116,7 +109,6 @@ namespace TestClient
            this.connection.Stop();
        }
        private void encryptButton_Click( object sender, EventArgs e )
        {
            byte[] plaintext;
@@ -149,7 +141,7 @@ namespace TestClient
        private void connection_Received( Message message )
        {
-            this.Invoke( (Action)delegate()
+            this.Invoke( (Action)delegate ()
            {
                if( message.Operation == ProtocolOp.ServerToken )
                {
@@ -180,7 +172,7 @@ namespace TestClient
            this.initializing = false;
            this.lastServerToken = null;
-            this.BeginInvoke( (Action)delegate()
+            this.BeginInvoke( (Action)delegate ()
            {
                this.context.Dispose();
                this.context = new ClientContext(
@@ -195,7 +187,7 @@ namespace TestClient
                );
                UpdateButtons();
-            });
+            } );
        }
        private void DoInit()
--- a/TestClient/Program.cs
+++ b/TestClient/Program.cs
@@ -1,18 +1,15 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
 using System.Windows.Forms;
 namespace TestClient
 {
-    static class Program
+    internal static class Program
    {
        /// <summary>
        /// The main entry point for the application.
        /// </summary>
        [STAThread]
-        static void Main()
+        private static void Main()
        {
            Application.EnableVisualStyles();
            Application.SetCompatibleTextRenderingDefault( false );
--- a/TestClient/Properties/AssemblyInfo.cs
+++ b/TestClient/Properties/AssemblyInfo.cs
@@ -1,5 +1,4 @@
 using System.Reflection;
 using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;
 // General Information about an assembly is controlled through the following
--- a/TestProtocol/.gitignore
+++ b/TestProtocol/.gitignore
@@ -0,0 +1,2 @@
 bin
 obj
--- a/TestProtocol/App.config
+++ b/TestProtocol/App.config
@@ -1,6 +1,6 @@
 <?xml version="1.0"?>
 <configuration>
  <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
+    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" />
  </startup>
 </configuration>
--- a/TestProtocol/CustomConnection.cs
+++ b/TestProtocol/CustomConnection.cs
@@ -1,10 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Net.Sockets;
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
 using System.Windows.Forms;
 using NSspi;
@@ -33,7 +29,7 @@ namespace TestProtocol
        {
            if( this.running )
            {
-                throw new InvalidOperationException("Already running");
+                throw new InvalidOperationException( "Already running" );
            }
            this.socket = new Socket( AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp );
@@ -65,7 +61,7 @@ namespace TestProtocol
                throw new InvalidOperationException( "Not connected" );
            }
-            byte[] outBuffer = new byte[ message.Data.Length + 8 ];
+            byte[] outBuffer = new byte[message.Data.Length + 8];
            int position = 0;
            ByteWriter.WriteInt32_BE( (int)message.Operation, outBuffer, position );
@@ -124,7 +120,6 @@ namespace TestProtocol
                    //                          |--4 bytes--|--4 bytes--|---N--|
                    // Every command is a TLV - | Operation |  Length   | Data |
                    // Read the operation.
                    this.socket.Receive( readBuffer, 4, SocketFlags.None );
@@ -153,7 +148,6 @@ namespace TestProtocol
                        remaining -= chunkLength;
                        position += chunkLength;
                    }
                }
                catch( SocketException e )
                {
@@ -187,7 +181,6 @@ namespace TestProtocol
                    catch( Exception e )
                    { }
                }
            }
        }
    }
--- a/TestProtocol/CustomServer.cs
+++ b/TestProtocol/CustomServer.cs
@@ -212,7 +212,6 @@ namespace TestProtocol
                    catch( Exception )
                    { }
                }
            }
            try
@@ -225,5 +224,4 @@ namespace TestProtocol
            catch { }
        }
    }
 }
--- a/TestProtocol/Message.cs
+++ b/TestProtocol/Message.cs
@@ -1,14 +1,10 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 namespace TestProtocol
 {
    public class Message
    {
-        public Message(ProtocolOp op, byte[] data)
+        public Message( ProtocolOp op, byte[] data )
        {
            this.Operation = op;
            this.Data = data;
--- a/TestProtocol/Properties/AssemblyInfo.cs
+++ b/TestProtocol/Properties/AssemblyInfo.cs
@@ -1,5 +1,4 @@
 using System.Reflection;
 using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;
 // General Information about an assembly is controlled through the following
--- a/TestProtocol/ProtocolOp.cs
+++ b/TestProtocol/ProtocolOp.cs
@@ -1,8 +1,4 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 namespace TestProtocol
 {
--- a/TestServer/.gitignore
+++ b/TestServer/.gitignore
@@ -0,0 +1,2 @@
 bin
 obj
--- a/TestServer/App.config
+++ b/TestServer/App.config
@@ -1,6 +1,6 @@
 <?xml version="1.0"?>
 <configuration>
  <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
+    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" />
  </startup>
 </configuration>
--- a/TestServer/Program.cs
+++ b/TestServer/Program.cs
@@ -1,18 +1,15 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
 using System.Windows.Forms;
 namespace TestServer
 {
-    static class Program
+    internal static class Program
    {
        /// <summary>
        /// The main entry point for the application.
        /// </summary>
        [STAThread]
-        static void Main()
+        private static void Main()
        {
            Application.EnableVisualStyles();
            Application.SetCompatibleTextRenderingDefault( false );
--- a/TestServer/Properties/AssemblyInfo.cs
+++ b/TestServer/Properties/AssemblyInfo.cs
@@ -1,5 +1,4 @@
 using System.Reflection;
 using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;
 // General Information about an assembly is controlled through the following
--- a/TestServer/ServerForm.cs
+++ b/TestServer/ServerForm.cs
@@ -1,11 +1,5 @@
 using System;
 using System.Collections.Generic;
 using System.ComponentModel;
 using System.Data;
 using System.Drawing;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 using System.Windows.Forms;
 using TestProtocol;
@@ -19,7 +13,7 @@ namespace TestServer
    public partial class ServerForm : Form
    {
-        private ServerCredential serverCred;
+        private ServerCurrentCredential serverCred;
        private ServerContext serverContext;
@@ -35,7 +29,7 @@ namespace TestServer
        {
            InitializeComponent();
-            this.serverCred = new ServerCredential( PackageNames.Negotiate );
+            this.serverCred = new ServerCurrentCredential( PackageNames.Negotiate );
            this.serverContext = new ServerContext(
                serverCred,
@@ -129,7 +123,7 @@ namespace TestServer
            {
                MessageBox.Show( "Starting impersonation: " + Environment.UserName );
-                FileStream stream = File.Create( Environment.GetFolderPath( Environment.SpecialFolder.DesktopDirectory) + @"\test.txt" );
+                FileStream stream = File.Create( Environment.GetFolderPath( Environment.SpecialFolder.DesktopDirectory ) + @"\test.txt" );
                StreamWriter writer = new StreamWriter( stream, Encoding.UTF8 );
                writer.WriteLine( "Hello world." );
@@ -150,7 +144,6 @@ namespace TestServer
            this.signButton.Enabled = this.connected;
        }
        private void server_Received( Message message )
        {
            if( message.Operation == ProtocolOp.ClientToken )
@@ -177,7 +170,6 @@ namespace TestServer
            this.initializing = true;
            this.connected = false;
            this.serverContext.Dispose();
            this.serverContext = new ServerContext(
                serverCred,
@@ -189,14 +181,13 @@ namespace TestServer
                ContextAttrib.Confidentiality
            );
-            this.BeginInvoke( (Action)delegate() 
+            this.BeginInvoke( (Action)delegate ()
            {
                UpdateButtons();
                this.clientUsernameTextBox.Text = "";
-            });
+            } );
        }
        private void HandleInit( Message message )
        {
            byte[] nextToken;
@@ -218,7 +209,7 @@ namespace TestServer
                        this.initializing = false;
                        this.connected = true;
-                        this.Invoke( (Action)delegate() 
+                        this.Invoke( (Action)delegate ()
                        {
                            UpdateButtons();
                            this.clientUsernameTextBox.Text = serverContext.ContextUserName;
@@ -227,18 +218,17 @@ namespace TestServer
                }
                else
                {
-                    this.Invoke( (Action)delegate() 
+                    this.Invoke( (Action)delegate ()
                    {
                        MessageBox.Show( "Failed to accept token from client. Sspi error code: " + status );
                    } );
                }
            }
        }
        private void HandleEncrypted( Message message )
        {
-            this.Invoke( (Action)delegate()
+            this.Invoke( (Action)delegate ()
            {
                byte[] plainText = this.serverContext.Decrypt( message.Data );
                string text = Encoding.UTF8.GetString( plainText );
@@ -249,7 +239,7 @@ namespace TestServer
        private void HandleSigned( Message message )
        {
-            this.Invoke( (Action)delegate()
+            this.Invoke( (Action)delegate ()
            {
                byte[] plainText;
@@ -268,11 +258,10 @@ namespace TestServer
        private void HandleUnknown( Message message )
        {
-            this.Invoke( (Action)delegate()
+            this.Invoke( (Action)delegate ()
            {
                MessageBox.Show( "Received unexpected message from server. Message type: " + message.Operation );
            } );
        }
    }
 }
--- a/readme.md
+++ b/readme.md
@@ -0,0 +1,61 @@
 ## Downloads ##
 The latest release of NSspi is v0.2.0. 
 Version 0.2.0 adds the ability to authenticate using provided username/password credentials.  
 **Please note** that v0.2.0 introduces a small change in the design that breaks backwards compatibility with previous verisons.
 * [Source](https://github.com/antiduh/nsspi/archive/0.2.0.zip)
 * [Binaries](https://github.com/antiduh/nsspi/releases/download/0.2.0/nsspi-0.2.0-bin.zip)
 * [Nuget package](https://www.nuget.org/packages/NSspi)
 You can also browse the list of [releases](https://github.com/antiduh/nsspi/releases).
 ## Introduction ##
 This projects provides a C# / .Net interface to the Windows Integrated Authentication API, better known as SSPI (Security Service Provider Interface). This allows a custom client / server system to authenticate users using their existing logon credentials. This allows a developer to provide Single-Sign-On in their application.
 ## Overview ##
 The API provides raw access to authentication tokens so that authentication can be easily integrated into any networking system - you can send the tokens over a socket, a remoting interface, or heck even a serial port if you want; they're just bytes. Clients and servers may exchange encrypted and signed messages, and the server can perform client impersonation.
 The project is provided as a .Net 4.0 assembly, but can just as easily be upgraded to .Net 4.5 or later. The solution file can be opened by Visual Studio 2010 SP1, Visual Studio 2012, or later Visual Studio editions.
 The SSPI API provides an interface for real authentication protocols, such as Kerberos or NTLM, to be invoked transparently by client and server code in order to perform authentication and message manipulation. These authentication protocols are better known as 'security packages'.
 The SSPI API exposes these packages using a common API, and so a program may invoke one or the other with only minor changes in implementation. SSPI also supports the 'negotiate' 'meta' package, that allows a client and server to decide dynamically which real security provider to use, and then itself provides a passthrough interface to the real package.
 ## Usage ##
 Typically, a client acquires some form of a credential, either from the currently logged on user's security context, by acquiring a username and password from the user, or by some other means. The server acquires a credential in a similar manner. Each uses their credentials to identify themselves to each other.
 A client and a server each start with uninitialized security contexts. They exchange negotiation and authentication tokens to perform authentication, and if all succeeds, they create a shared security context in the form of a client's context and a server's context. The effectively shared context agrees on the security package to use (kerberos, NTLM), and what parameters to use for message passing. Every new client that authenticates with a server creates a new security context specific to that client-server pairing.
 From the software perspective, a client security context initializes itself by exchanging authentication tokens with a server; the server initializes itself by exchanging authentication tokens with the client.
 This API provides raw access to the authentication tokens created during the negotiation and authentication process. In this manner, any application can integrate SSPI-based authentication by deciding for themselves how to integrate the tokens into their application protocol.
 The project is broken up into 3 chunks:
 * The NSspi library, which provides safe, managed access to the SSPI API.
 * NsspiDemo, a quick demo program to show how to exercise the features of NSspi locally.
 * UI demo programs TestClient and TestServer (that have a common dependency on TestProtocol) that
   may be run on separate machines, that show how one might integrate SSPI into a custom 
   application.
 ## More information ##
 If you would like to understand the SSPI API, feel free to browse the following references:
 MSDN documentation on the SSPI API:<br/>
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [http://msdn.microsoft.com/en-us/library/windows/desktop/aa374731(v=vs.85).aspx](http://msdn.microsoft.com/en-us/library/windows/desktop/aa374731\(v=vs.85\).aspx)
 MSDN article on SSPI along with a sample Managed C++ SSPI library and UI client/servers.<br/>
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [http://msdn.microsoft.com/en-us/library/ms973911.aspx](http://msdn.microsoft.com/en-us/library/ms973911.aspx)
 Relevant StackOverflow questions:
 * [Client-server authentication - using SSPI?](http://stackoverflow.com/questions/17241365/)
 * [Validate Windows Identity Token](http://stackoverflow.com/questions/11238141/)
 * [How to deal with allocations in constrained execution regions?](http://stackoverflow.com/questions/24442209/)
 * [AcquireCredentialsHandle returns massive expiration time](http://stackoverflow.com/questions/24478056/)
Author	SHA1	Message	Date
Kevin Thompson	6bf95f46ee	Updated version information to v0.2.1	2018-09-23 10:44:43 -04:00
Kevin Thompson	5c63105acf	Merge pull request #12 from antiduh/pr/11 Pr/11 Integrate @SteveSyfuhs Thread.CurrentPrinciple changes	2018-04-01 18:10:28 -04:00
Kevin Thompson	19716405b8	Moved SetThreadIdentity into the ServerContext The ImpersonationHandle class should probably stay as bare as possible since it's provided to the caller and we don't want to expose anything more than we need. Since the ServerContext is capable of performing this as a private method, move it there. Updated the comments and variable names on the constructor to better indicate what exactly the option does, especially since modification of this property seems to be such a touchy subject.	2018-04-01 18:05:00 -04:00
Steve Syfuhs	f0820875c3	Fixed enum value. Any actual unicode strings passed in will only use the first character because the 0 byte after the first character is treated as a terminator. Added ability to set the current thread principal so it's inline with the actual security context.	2018-03-30 11:40:37 -07:00
Kevin Thompson	8355a6b821	Fixed binaries url	2017-10-20 01:52:33 -04:00
Kevin Thompson	4d79f1b5db	Announced v0.2.0 release	2017-10-20 01:46:33 -04:00
Kevin Thompson	aef74fe8aa	Default to VS2015.	2017-10-20 01:25:49 -04:00
Kevin Thompson	37a7881d25	Updated version declarations to v0.2.0, to reflect the new support for username/password authentication plus the minor incompatibility introduced with the updated design.	2017-10-20 01:25:36 -04:00
Kevin Thompson	9350412fb6	Updated the svn-ignore properties.	2017-09-24 02:41:00 -04:00
Kevin Thompson	6a5e6056a7	Added password authentication support. Added the ability to acquire a valid credential by providing a username/password combination.	2017-09-24 02:39:49 -04:00
Kevin Thompson	c6c0ac623e	Code cleanup. Fixed comment and code style; removed unnecessary initialization of variable.	2017-09-24 02:10:00 -04:00
Kevin Thompson	c07abdaa62	Comments.	2017-09-24 02:02:10 -04:00
Kevin Thompson	f2d4541bab	Renamed Client/ServerCredential. The credential implementations should indicate in their name that they are implementations of the 'current' credential (acquired from the login running the process).	2017-09-24 01:59:34 -04:00
Kevin Thompson	0eb8ff49f2	Fixed ClientContext and ServerContext constructors. Changed the contexts to take in any Credential implementation, instead of requiring client- or server-specific credentials.	2017-09-24 01:56:36 -04:00
Kevin Thompson	3b189d2865	Code cleanup Fixed code style using CodeMaid.	2017-09-24 01:52:45 -04:00
Kevin Thompson	6ff68d8812	Merge pull request #8 from mcgov/master Adding QuerySessionKey, as well as QueryContextAttributes and SafeQue…	2017-09-23 15:00:00 -04:00
Matthew McGovern	e631d77f01	Adding QuerySessionKey, as well as QueryContextAttributes and SafeQueryContextAttributes	2017-09-22 09:21:48 -07:00
Kevin Thompson	4e629a71b2	Changed the csproj to output the documentation xml file	2017-05-01 10:10:32 -04:00
Kevin Thompson	8db4b6d8a5	Documented release 0.1.3 in the readme	2017-05-01 10:06:00 -04:00
Kevin Thompson	6b008f0e72	Bumped version number to 0.1.3 Needed to rebuild the nuget package due to a compilation mistake.	2017-05-01 09:59:15 -04:00
Kevin Thompson	8e68283df6	Added the nuspec file to the project.	2017-05-01 09:56:14 -04:00
Kevin Thompson	9862ee4aa4	Bumped version number to 0.1.2 Includes fix from #6.	2017-05-01 09:55:57 -04:00
Kevin Thompson	5cb0735213	Merge pull request #6 from matt-sullivan/master Fix SSPIException serialization bug due to typo.	2017-04-30 16:39:25 -04:00
Matt Sullivan	5018ba17c2	Fix SSPIException serialization It was failing due to a typo in a field name.	2017-05-01 00:10:56 +10:00
Kevin Thompson	5eeb3f874b	Merge branch 'master' of https://github.com/antiduh/nsspi	2017-03-01 10:24:27 -05:00
Kevin Thompson	91f18604fe	Added language declaration to nuspec	2017-01-20 16:36:24 -05:00
Kevin Thompson	c3b560cd17	Added link to nuget package.	2017-01-20 16:29:56 -05:00
Kevin Thompson	e7d93e0732	Added nuget spec for the core library	2017-01-20 16:20:02 -05:00
Kevin Thompson	1684280216	Removed unneceessary references Got rid of dependencies that NSspi.csproj doesn't need.	2017-01-20 16:05:08 -05:00
Kevin Thompson	e93e20fa7f	Added gitignore files Marked all derived content directories as ignored.	2017-01-20 16:03:59 -05:00
Kevin Thompson	7a42da7f2c	Removed old text-only readme file Superseded by the markdown version.	2015-06-03 11:16:52 -04:00
Kevin Thompson	f8400caea6	Created a better readme file Added links to the current release of source and binaries, a very-obvious link to to the 'releases' tab, added sectioning.	2015-06-03 11:16:07 -04:00
antiduh	447ca89baa	Add information important to users Clarified how the library can be used and how the data that comes out of the library (auth tokens) can be handled. It was very important to me when I was first developing this project that I get to choose my token transport mechanism so I can choose how to integrate it into my own app; I imagine lots of other developers are in the same boat.	2015-05-29 13:39:05 -04:00
antiduh	8cc4279e1d	Fixed line endings so that the file formats well.	2015-05-28 17:32:41 -04:00
antiduh	4ede16318a	Set the project's version number to what I currently expect.	2014-07-14 17:19:49 +00:00
antiduh	1374758ffb	Fixed the number formatting in the SSPIException so that the error code comes out '0x....'.	2014-07-11 22:18:12 +00:00
antiduh	4bfe7d8bc9	Added a lifetime check in the ServerContext.ImpersonateClient method.	2014-07-11 22:16:12 +00:00
antiduh	8c19366314	Fixed the attribute usage and renamed the EnumMgr methods - FromText and ToText.	2014-07-11 21:32:06 +00:00
antiduh	3a134be9df	Removed test code.	2014-07-11 21:29:53 +00:00
antiduh	50efc7702b	Added rough support for attaching messages to errors.	2014-07-11 21:29:17 +00:00