Comments (2)
That exception occurs when the server has not yet seen an AcceptToken
call that results in a status of SecurityStatus.OK
and you try to perform some action that requires a fully initialized context. That means that the authentication cycle is not complete. Check the return value from AcceptToken
, and do not use the context before it returns SecurityStatus.OK
.
This snippit from Context.cs
shows how the exception occurs when init isn't done:
public string ContextUserName
{
get
{
CheckLifecycle(); // <------------------
return QueryContextString( ContextQueryAttrib.Names );
}
}
protected void Initialize( DateTime expiry )
{
this.Expiry = expiry;
this.Initialized = true; // <------------------
}
private void CheckLifecycle()
{
if( this.Initialized == false ) // <------------------
{
throw new InvalidOperationException( "The context is not yet fully formed." );
}
else if( this.Disposed )
{
throw new ObjectDisposedException( "Context" );
}
}
This snippit from ServerContext.cs
shows when init is called, which would disable the exception:
public SecurityStatus AcceptToken( byte[] clientToken, out byte[] nextToken )
{
...
if( this.ContextHandle.IsInvalid )
{
status = ContextNativeMethods.AcceptSecurityContext_1( ... );
}
else
{
status = ContextNativeMethods.AcceptSecurityContext_2( ... );
}
}
}
if( status == SecurityStatus.OK )
{
nextToken = null;
base.Initialize( rawExpiry.ToDateTime() ); // <-------------
...
from nsspi.
I am accepting Kerberos tokens only, in which case AcceptToken
results in SecurityStatus.OK
on the first call. This is why I expected to not see this exception, but I figured out there were some unusual clients triggering this by sending NTLM tokens.
Thanks for the help :)
from nsspi.
Related Issues (18)
- Trouble with NTLM Proxy Authentication HOT 1
- Authorization HOT 4
- Issues (reading registry and other stuff) after impersonation (using NTLM) HOT 4
- Initializing ClientContext while impersonating HOT 3
- Enforcing Kerberos only (using PackageNames.Kerberos) HOT 1
- Authentication with AZURE AD fails HOT 5
- Nuget package HOT 3
- Strong name HOT 1
- ServerContext does not contain a definition for GetRemoteIdentity HOT 1
- v0.3.1 pre-release or release? HOT 1
- Delegation after impersonation HOT 2
- Support channel binding tokens
- GSSAPI support HOT 28
- NTLM authentication to a proxy/web server using Nsspi Client ?? HOT 5
- How does this relate to waffle?
- This library is great and you're a great person for making it HOT 3
- Alternative credentials; NuGet Package; versioning HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nsspi.