Comments (5)
I'm a little out of my element, because I have no idea how Microsoft built authentication in Azure, but I'm seeing some bits that suggest Azure doesn't work with SSPI. But I can't confirm that completely yet.
It looks like you're meant to authentication using libraries specific to Azure AD:
"The Azure Active Directory Authentication Library (ADAL) v1.0 enables application developers to authenticate users to cloud or on-premises Active Directory (AD), and obtain tokens for securing API calls."
This project seems to have some hints:
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-dotnet-webapi
from nsspi.
I made some changes to work with AAD. I also had to implement a negotiated Bind.
from nsspi.
BTW, there's a bug somewhere regarding encryption. I have a serialized request which is 419 bytes for length. It encryps fine but decryption fails with a message corrupt error. Would a length of 419 be hitting some boundary somewhere? Have you run into anything like this before? I hit this on about 1 out of 500K requests.
from nsspi.
hambonewa:
Sorry but I don't see any code for a negotiated Bind. I've compared with the original version and it seems that the major difference is encryption and decryption where the buffer is assembled / decomposed differently. Which parts are relevant for working with AAD?
With the original version of NSspi I've not yet seen any problems regarding decryption even if length of cipherText is 419. (but I've only tried sending some messages)
Work with AAD:
In the meantime I think using SSP methods for managed user (AAD without on-premises AD) is not possible (AAD with on-premises AD should work with the current Nsspi) and another provider has to be used. But it would be nice to have a library which could handle both AD- and AAD-user (without on-premises AD).
from nsspi.
Tom8421, if you want some help, email me at [email protected] and it will be much easier.
The issue I had above was because the underlying Win32 library is not thread safe. I thought only encrypting a message needed to be within a lock but both encrypt and decrypt need to be within a lock. I'll repost the corrected code after I finish testing.
from nsspi.
Related Issues (18)
- Trouble with NTLM Proxy Authentication HOT 1
- Authorization HOT 4
- Issues (reading registry and other stuff) after impersonation (using NTLM) HOT 4
- Initializing ClientContext while impersonating HOT 3
- "Context not yet fully formed" exceptions HOT 2
- Enforcing Kerberos only (using PackageNames.Kerberos) HOT 1
- Nuget package HOT 3
- Strong name HOT 1
- ServerContext does not contain a definition for GetRemoteIdentity HOT 1
- v0.3.1 pre-release or release? HOT 1
- Delegation after impersonation HOT 2
- Support channel binding tokens
- GSSAPI support HOT 28
- NTLM authentication to a proxy/web server using Nsspi Client ?? HOT 5
- How does this relate to waffle?
- This library is great and you're a great person for making it HOT 3
- Alternative credentials; NuGet Package; versioning HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nsspi.