jeff/NSspi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
118 Commits 1 Branch 8 Tags
7ea67fc92745eea29c782360f08fb4bdab00a901
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
antiduh 7ea67fc927 Comments.
2014-07-03 21:22:43 +00:00
NSspi
Comments.
2014-07-03 21:22:43 +00:00
NsspiDemo
Rename Credential.Name to PrincipleName. PrincipleName comes from the security service provider, which may not correspond to the domain user name. For instance, if I'm using kerberos on my domain, my principle may be user@DIVISION.CORP.COM, meanwhile my username might be CORP\user.
2014-07-03 21:02:33 +00:00
TestClient
Rename Credential.Name to PrincipleName. PrincipleName comes from the security service provider, which may not correspond to the domain user name. For instance, if I'm using kerberos on my domain, my principle may be user@DIVISION.CORP.COM, meanwhile my username might be CORP\user.
2014-07-03 21:02:33 +00:00
TestProtocol
Fixed the demo's CustomServer confusion over Disconnected - it was firing it when a full shutdown occurred, not just when the current client disconnected. Created a second Stopped event to track when the full shutdown actually occurs; still not used by UI.
2014-06-27 21:59:19 +00:00
TestServer
Rename Credential.Name to PrincipleName. PrincipleName comes from the security service provider, which may not correspond to the domain user name. For instance, if I'm using kerberos on my domain, my principle may be user@DIVISION.CORP.COM, meanwhile my username might be CORP\user.
2014-07-03 21:02:33 +00:00
License.txt
Added license.
2014-07-01 18:10:17 +00:00
NSspi.sln
Moved the simple demo code to its own project so that the NSspi.csproj project could be a standard dll, and not a referenced exe assembly.
2014-07-01 15:57:58 +00:00
Readme.txt
Added a Readme.
2014-07-01 18:07:47 +00:00

Readme.txt 

This projects provides a C# / .Net interface to the Windows Integrated Authentication API, 

better known as SSPI (Security Service Provider Interface).



The SSPI API provides an interface for real authentication protocols, such as Kerberos or 

NTLM, to be invoked transparently by client and server code in order to perform authentication

and such. These authentication protocols are better known as security packages. SSPI API 

exposes these packages using a common API, and so a program may invoke one or the other with

only minor changes in design. SSPI also supports the 'negotiate' 'meta' package, that allows 

a client and server to decide dynamically which real security provider to use, and then itself

provides a passthrough interface to the real package.



==== Usage ====



Typically, a client acquires some form of a credential, either from the currently logged on

user's security context, by acquiring a username and password from the user, or by some other

means. The server acquires a credential in a similar manner. Each uses their credentials to 

identify themselves to each other.



A client and a server each start with uninitialized security contexts. They exchange negotiation

and authentication tokens to perform authentication, and if all succeeds, they create a shared 

security context in the form of a client's context and a server's context. The effectively shared

context agrees on the security package to use (kerberos, NTLM), and what parameters to use 

for message passing. Every new client that authenticates with a server creates a new security 

context.



From the software perspective, a client security context initializes itself by exchanging 

authentication tokens with a server; the server initializes itself by exchanging authentication

tokens with the client.



This API provides raw access to the authentication tokens created during the negotiation and 

authentication process. In this manner, any application can integrate SSPI-based authentication

by deciding for themselves how to integrate the tokens into their application protocol.



The project is broken up into 3 chunks:



 * The NSspi library, which provides safe, managed access to the SSPI API.

 * NsspiDemo, a quick demo program to show how to exercise the features of NSspi locally

 * UI demo programs TestClient and TestServer (that have a common dependency on TestProtocol) that

   may be run on separate machines, that shows how one might integrate SSPI into a custom 

   application.



==== More information ====



If you would like to understand the SSPI API, feel free to browse the following references:



MSDN documentation on the SSPI API

	http://msdn.microsoft.com/en-us/library/windows/desktop/aa374731(v=vs.85).aspx



MSDN article on SSPI along with a sample Managed C++ SSPI library and UI client/servers.

	http://msdn.microsoft.com/en-us/library/ms973911.aspx
Reference in New Issue View Git Blame Copy Permalink
S
Description
A C# / .Net interface to the Win32 SSPI authentication API
Readme 294 KiB
Languages
C# 100%