如何使用像Java Kinit那样的.NET代码请求TGT Kerberos票证， [英] How do I request a TGT Kerberos ticket with .NET code like the Java Kinit does,

问题描述

我有以下Java代码获取Kerberos票证并创建一个基于Oracle存储过程的字符串。 在Oracle方面，它使用此字符串来验证Kerberos身份验证。 但是，为了运行此代码，KINIT必须已经运行并且用户的配置文件中存在TGT。

我的问题是1）如何使用.NET代码请求TGT Kerberos票证Java Kinit会这样做，2）然后访问该票证以创建类似下面的Java代码的授权字符串吗？

public static 字符串 negotiateAuthorization（ String url） throws GSSException {

I have the following Java code that gets a Kerberos ticket and creates a string that gets based to an Oracle Stored Procedure.  On the Oracle side, it uses this string to verify Kerberos authentication.  However, in order to run this code, KINIT must already have been run and a TGT exists in the user's profile.

My question is 1) how do I request a TGT Kerberos ticket with .NET code like the Java Kinit does, and 2) then access that ticket to create an authorization string like the below Java code does?

public static String negotiateAuthorization (String url) throws GSSException {

        字符串 authorization = null ;

        String authorization = null;

        ;  字符串 auth = "";

        String auth = "";

      ;   尝试 {

        try{

            字符串 [] arr = url.split（"//"）;

            String[] arr = url.split("//");

            字符串 [] parts = arr [1] .split（"/"）;

            String[] parts = arr[1].split("/");

            字符串 host = parts [0];

            String host = parts[0];

            系统 .out.print（""主机是：" + host）;

            System.out.print("host is: " +host);

           

            Oid krb5Oid = new Oid（"1.2.840.113554.1.2.2"）;

            Oid krb5Oid = new Oid("1.2.840.113554.1.2.2");

            GSSManager manager = GSSManager.getInstance（）;

            GSSName serverName = manager.createName（"HTTP /" + host， null ）;

            GSSName serverName = manager.createName("HTTP/" + host, null);

            GSSContext context = manager.createContext（serverName，krb5Oid， null ，

           ;                        &NBSP ;    GSSContext.DEFAULT_LIFETIME）;

            context.requestMutualAuth（ true ）;

            context.requestMutualAuth(true);

            context.requestCredDeleg（ true ）;

            context.requestCredDeleg(true);

 

             byte [] token = new byte [0];

            byte[] token = new byte[0];

            token = context.initSecContext（token，0，token.length）;

 

            authorization = "Negotiate" + new 字符串（ new Base64（）。encode（token））;

            authorization = "Negotiate " + new String(new Base64().encode(token));

        } catch （GSSException e）{

        }catch(GSSException e){

            JOptionPane.showMessageDialog（ null ，e.getMessage（））;

            JOptionPane.showMessageDialog(null,e.getMessage());

        }

            返回授权;

            return authorization;

推荐答案

此处不支持ASMX Web服务。也许这是你可以用WCF或"日内瓦"做的事情。希望知道Java代码正在做什么的人会看到这个问题并且能够指导你。

There is no support for this in ASMX web services. Perhaps this is something you can do with WCF, or with "Geneva". Hopefully, someone who knows what the Java code is doing will see this question and will be able to direct you.

这篇关于如何使用像Java Kinit那样的.NET代码请求TGT Kerberos票证，的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！