Comments (2)
antiduh
commented on August 14, 2024
That exception occurs when the server has not yet seen an AcceptToken call that results in a status of SecurityStatus.OK and you try to perform some action that requires a fully initialized context. That means that the authentication cycle is not complete. Check the return value from AcceptToken, and do not use the context before it returns SecurityStatus.OK.
This snippit from Context.cs shows how the exception occurs when init isn't done:
public string ContextUserName
{
get
{
CheckLifecycle(); // <------------------
return QueryContextString( ContextQueryAttrib.Names );
}
}
protected void Initialize( DateTime expiry )
{
this.Expiry = expiry;
this.Initialized = true; // <------------------
}
private void CheckLifecycle()
{
if( this.Initialized == false ) // <------------------
{
throw new InvalidOperationException( "The context is not yet fully formed." );
}
else if( this.Disposed )
{
throw new ObjectDisposedException( "Context" );
}
}
This snippit from ServerContext.cs shows when init is called, which would disable the exception:
public SecurityStatus AcceptToken( byte[] clientToken, out byte[] nextToken )
{
...
if( this.ContextHandle.IsInvalid )
{
status = ContextNativeMethods.AcceptSecurityContext_1( ... );
}
else
{
status = ContextNativeMethods.AcceptSecurityContext_2( ... );
}
}
}
if( status == SecurityStatus.OK )
{
nextToken = null;
base.Initialize( rawExpiry.ToDateTime() ); // <-------------
...
from nsspi.
valorl
commented on August 14, 2024
I am accepting Kerberos tokens only, in which case AcceptToken results in SecurityStatus.OK on the first call. This is why I expected to not see this exception, but I figured out there were some unusual clients triggering this by sending NTLM tokens.
Thanks for the help :)
from nsspi.
Related Issues (18)
- Trouble with NTLM Proxy Authentication HOT 1
- Authorization HOT 4
- Issues (reading registry and other stuff) after impersonation (using NTLM) HOT 4
- Initializing ClientContext while impersonating HOT 3
- Enforcing Kerberos only (using PackageNames.Kerberos) HOT 1
- Authentication with AZURE AD fails HOT 5
- Nuget package HOT 3
- Strong name HOT 1
- ServerContext does not contain a definition for GetRemoteIdentity HOT 1
- v0.3.1 pre-release or release? HOT 1
- Delegation after impersonation HOT 2
- Support channel binding tokens
- GSSAPI support HOT 28
- NTLM authentication to a proxy/web server using Nsspi Client ?? HOT 5
- How does this relate to waffle?
- This library is great and you're a great person for making it HOT 3
- Alternative credentials; NuGet Package; versioning HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nsspi.