C#帮手类实现NTLM授权 [英] C# helper classes to implement NTLM authorization

问题描述

当前，我正在尝试解决我的问题，即以我认为应如何工作的方式在我的Intranet网站上实施NTLM授权，即仅在某些页面上询问密码.不只是访问主页-因此网站应分为两部分:所有人均可使用和受限制.

Currently I'm trying to solve my problem — which is implement NTLM authorization on my intranet site in the way how I think it should work, namely ask password only on certain pages. Not just hitting main page — so site should be divided on two pieces: available for all and restricted.

我正在使用Nancy框架的问题，它没有本机实现NTLM.但这并不能阻止真正的牛仔程序员.因此，我正在尝试开发自定义请求/响应序列以实现此目标.

The issue I'm using Nancy framework and it does not implement NTLM natively. But this will not stop the real cowboy programmer. So I'm trying to develop custom request / response sequence to accomplish this goal.

到目前为止，我已经发现了此问题与解答，但该解决方案已粘贴到IIS ...

For now I have discovered this Q&A, but solution there is glued to the IIS...

我发现了网站，其中包含许多有关NTLM的复杂信息，我想知道任何C#类都可以简化此过程吗?

I have discovered site with a lots of complex information about NTLM and I wondering is there any C# class to simplify this process?

即，有助于创建不同类型的响应.

Namely, helping to create responses of different types.

当前我的代码如下:

Get["/Profile/"] = parameters =>
{
    var request = this.Request;

    if (this.Request.Headers.Keys.Any(x => x == "Authorization"))
    {
        var items = Response.Context.Items;

        var expert = new Expert(WindowsIdentity.GetCurrent());
        var model = expert.Ensure();

        return View["Profile.liquid", model];
    }
    else
    {
        var response = new Response();
        response.StatusCode = HttpStatusCode.Unauthorized;
        response.Headers.Add("WWW-Authenticate", "NTLM");
        return response;
    }
};

但是它仅实现NTLM授权的第一阶段.是否可以通过使用随时可用的帮助程序来避免使用大量手动代码来执行其他步骤?

But it implements only first stage of NTLM authorization. Is it possible to avoid lots of manual code to implement other steps by involving ready to use helper?

推荐答案

我已经开发了一些资源，并合并了整个协议的有效实现: "NTLM"->带有客户端数据的NTLM"->"NTLM挑战"->来自客户端的NTLM挑战"，一切运行良好，无需外部库.仅有一点问题是所有C ++(讨厌在C#:P中使用缓冲区)，它是一个140kb的C ++源代码. 一切都可以在这里找到: https://kendar.org/?p=/dotnet/kendarntlmlib

I have developed, merging several sources, a working implementation of the whole protocol: "NTLM"->"NTLM with client data"->"NTLM challenge"->"NTLM challenge from client" and everything works well and without the need for external liberaries. Only little problem is all C++ (hate playing with buffers in C# :P ), it's a 140kb C++ source. Everything can be found here: https://kendar.org/?p=/dotnet/kendarntlmlib

-这里糟糕的新闻...--

--HERE START BAD NEWS...--

据我了解，在IIS上，这种事情只能作为ISAPI筛选器.作为基于连接的NTLM协议，在MVC控制器，aspx页面或ashx处理程序中，我无法在同一http请求中执行请求-响应-请求. IIS没有公开任何套接字句柄，可用于重写" http的标准无连接方法，但是在ISAPI部分...(毕竟它是HTTP，但是却割了我的翅膀:P)

as far as i understood on IIS this kind of things can work only as an ISAPI filter. Being NTLM a -connection based- protocol I were not able to do the request-response-request in the same http request while in an MVC controller, aspx page or ashx handler. And IIS does not expose any socket handle that can be used to "override" the standard connection-less approach of http but in the ISAPI part... (it's HTTP after all, but it's cutting my wings :P )

我希望像在Bonobo github克隆上看到的基本身份验证属性一样使用它，但是没有运气.

I hoped to use it like the basic authentication attribute i've seen used on Bonobo github clone... but no luck..

-糟糕的新闻-

另外，我在将本机DLL加载到C#-ANyCPU编译的项目时遇到了一些问题，但这很容易:P(

Plus i had some problem loading a native DLL into a C#-ANyCPU compiled project, but this is easy :P (http://blogs.msdn.com/b/jorman/archive/2007/08/31/loading-c-assemblies-in-asp-net.aspx just for reference)

这篇关于C#帮手类实现NTLM授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！