Get-WinCredential/CredentialsDialog.cs
|
using System;
using System.Globalization; using System.Runtime.InteropServices; using System.Security; using System.Text; using System.Windows.Forms; namespace GetWinCredential { /// <summary>Encapsulates dialog functionality from the Credential Management API.</summary> public sealed partial class CredentialsDialog { /// <summary>Initializes a new instance of the <see cref="T:CredentialWindow.CredentialsDialog"/> class /// with the specified message.</summary> /// <param name="message">The message of the dialog (null will cause a system default message to be used).</param> /// <param name="useModernUI">Use Vista+ dialog</param> public CredentialsDialog(string message = "", bool useModernUI = false) { _target = "PowerShell"; if (string.IsNullOrEmpty(message)) { Message = "Enter your credentials."; } else { Message = message; } _useModernUI = useModernUI; // Keep the default values _alwaysDisplay = true; _excludeCertificates = true; _persist = false; _keepName = false; _saveChecked = false; _saveDisplayed = false; } /// <summary> /// Gets or sets if the dialog will be shown even if the credentials /// can be returned from an existing credential in the credential manager. /// </summary> private readonly bool _alwaysDisplay; /// <summary>Gets or sets if the dialog is populated with username/password only.</summary> private readonly bool _excludeCertificates; /// <summary>Gets or sets if the credentials are to be persisted in the credential manager.</summary> private readonly bool _persist; /// <summary>Gets or sets if the username is read-only.</summary> private readonly bool _keepName; /// <summary>Gets or sets if modern dialog is used or not.</summary> private readonly bool _useModernUI; private string _name = string.Empty; /// <summary>Gets or sets the username for the credentials.</summary> public string UserName { get { return _name; } set { if (value != null) { if (value.Length > CREDUI.MAX_USERNAME_LENGTH) { var message = string.Format( CultureInfo.InvariantCulture, "The username has a maximum length of {0} characters.", CREDUI.MAX_USERNAME_LENGTH); throw new ArgumentException(message, "UserName"); } } _name = value; } } private SecureString _password = null; /// <summary>Gets or sets the password for the credentials.</summary> public SecureString Password { get { return _password; } set { if (value != null) { if (value.Length > CREDUI.MAX_PASSWORD_LENGTH) { var message = string.Format( CultureInfo.InvariantCulture, "The password has a maximum length of {0} characters.", CREDUI.MAX_PASSWORD_LENGTH); throw new ArgumentException(message, "Password"); } } // Convert to secure string here _password = value; } } private static SecureString ConvertToSecureString(string value) { var secureString = new SecureString(); foreach (var c in value) { secureString.AppendChar(c); } return secureString; } /// <summary>Gets or sets if the save checkbox status.</summary> private bool _saveChecked; /// <summary>Gets or sets if the save checkbox is displayed.</summary> /// <remarks>This value only has effect if _persist is true.</remarks> private readonly bool _saveDisplayed; /// <summary>Gets or sets the username of the target for the credentials, typically a server username.</summary> private readonly string _target; private string _messageValue; /// <summary>Gets or sets the message of the dialog.</summary> /// <remarks>A null value will cause a system default message to be used.</remarks> private string Message { get { return _messageValue; } set { if (value != null) { if (value.Length > CREDUI.MAX_MESSAGE_LENGTH) { var message = string.Format( CultureInfo.InvariantCulture, "The message has a maximum length of {0} characters.", CREDUI.MAX_MESSAGE_LENGTH); throw new ArgumentException(message, "Message"); } } _messageValue = value; } } /// <summary>Shows the credentials dialog with the specified owner, username, password and save checkbox status.</summary> /// <param name="username">The username for the credentials.</param> /// <returns>Returns a DialogResult indicating the user action.</returns> public DialogResult Show(string username = "") { if (string.IsNullOrEmpty(username)) { username = ""; } UserName = username; _saveChecked = false; return ShowDialog(null); } /// <summary>Returns a DialogResult indicating the user action.</summary> /// <param name="owner">The System.Windows.Forms.IWin32Window the dialog will display in front of.</param> /// <remarks> /// Sets the username, password and SaveChecked accessors to the state of the dialog as it was dismissed by the user. /// </remarks> private DialogResult ShowDialog(IWin32Window owner) { // set the api call parameters var name = new StringBuilder(CREDUI.MAX_USERNAME_LENGTH); name.Append(UserName); var password = new StringBuilder(CREDUI.MAX_PASSWORD_LENGTH); var info = GetInfo(owner); // make the api call if (_useModernUI) { uint authPackage = 0; var flags = GetFlagsModernUI(); var code = CREDUI.CredUIPromptForWindowsCredentials(ref info, 0, ref authPackage, IntPtr.Zero, 0, out var outCredBuffer, out var outCredSize, ref _saveChecked, flags); if (code == CREDUI.ReturnCodesModernUI.NO_ERROR) { var domainBuf = new StringBuilder(100); var maxUserName = CREDUI.MAX_USERNAME_LENGTH; var maxDomain = CREDUI.MAX_DOMAIN_TARGET_LENGTH; var maxPassword = CREDUI.MAX_PASSWORD_LENGTH; if (CREDUI.CredUnPackAuthenticationBuffer(0, outCredBuffer, outCredSize, name, ref maxUserName, domainBuf, ref maxDomain, password, ref maxPassword)) { //clear the memory allocated by CredUIPromptForWindowsCredentials CREDUI.CoTaskMemFree(outCredBuffer); SetCredentialsModern(name, password); } } return GetDialogResultModernUI(code); } else { var flags = GetFlags(); var saveChecked = Convert.ToInt32(_saveChecked); var code = CREDUI.PromptForCredentials( ref info, _target, IntPtr.Zero, 0, name, CREDUI.MAX_USERNAME_LENGTH, password, CREDUI.MAX_PASSWORD_LENGTH, ref saveChecked, flags ); // set the accessors from the api call parameters SetCredentials(name, password, saveChecked); return GetDialogResult(code); } void SetCredentials(StringBuilder n, StringBuilder pw, int save) { UserName = n.ToString(); Password = ConvertToSecureString(pw.ToString()); _saveChecked = Convert.ToBoolean(save); } void SetCredentialsModern(StringBuilder n, StringBuilder pw) { UserName = n.ToString(); Password = ConvertToSecureString(pw.ToString()); } } /// <summary>Returns the info structure for dialog display settings.</summary> /// <param name="owner">The System.Windows.Forms.IWin32Window the dialog will display in front of.</param> private CREDUI.INFO GetInfo(IWin32Window owner) { var info = new CREDUI.INFO(); if (owner != null) info.hwndParent = owner.Handle; info.pszCaptionText = null; info.pszMessageText = Message; info.cbSize = Marshal.SizeOf(info); return info; } /// <summary>Returns the flags for dialog display options.</summary> private CREDUI.FLAGS GetFlags() { var flags = CREDUI.FLAGS.GENERIC_CREDENTIALS; // grrrr... can't seem to get this to work... // if (incorrectPassword) flags = flags | CredUI.CREDUI_FLAGS.INCORRECT_PASSWORD; if (_alwaysDisplay) flags |= CREDUI.FLAGS.ALWAYS_SHOW_UI; if (_excludeCertificates) flags |= CREDUI.FLAGS.EXCLUDE_CERTIFICATES; if (_persist) { flags |= CREDUI.FLAGS.EXPECT_CONFIRMATION; if (_saveDisplayed) flags |= CREDUI.FLAGS.SHOW_SAVE_CHECK_BOX; } else { flags |= CREDUI.FLAGS.DO_NOT_PERSIST; } if (_keepName) flags |= CREDUI.FLAGS.KEEP_USERNAME; return flags; } /// <summary>Returns the flags for modern dialog display options.</summary> private CREDUI.FLAGS_MODERN_UI GetFlagsModernUI() { // It is possible to improve using the flags but for current implementation, using GENERIC is more than enough. return CREDUI.FLAGS_MODERN_UI.CREDUIWIN_GENERIC; } /// <summary>Returns a DialogResult from the specified code.</summary> /// <param name="code">The credential return code.</param> private static DialogResult GetDialogResult(CREDUI.ReturnCodes code) { switch (code) { case CREDUI.ReturnCodes.NO_ERROR: return DialogResult.OK; case CREDUI.ReturnCodes.ERROR_CANCELLED: return DialogResult.Cancel; case CREDUI.ReturnCodes.ERROR_NO_SUCH_LOGON_SESSION: throw new ApplicationException("No such logon session."); case CREDUI.ReturnCodes.ERROR_NOT_FOUND: throw new ApplicationException("Not found."); case CREDUI.ReturnCodes.ERROR_INVALID_ACCOUNT_NAME: throw new ApplicationException("Invalid account username."); case CREDUI.ReturnCodes.ERROR_INSUFFICIENT_BUFFER: throw new ApplicationException("Insufficient buffer."); case CREDUI.ReturnCodes.ERROR_INVALID_PARAMETER: throw new ApplicationException("Invalid parameter."); case CREDUI.ReturnCodes.ERROR_INVALID_FLAGS: throw new ApplicationException("Invalid flags."); default: throw new ApplicationException("Unknown credential result encountered."); } } /// <summary>Returns a DialogResult from the specified code.</summary> /// <param name="code">The credential return code.</param> private static DialogResult GetDialogResultModernUI(CREDUI.ReturnCodesModernUI code) { switch (code) { case CREDUI.ReturnCodesModernUI.NO_ERROR: return DialogResult.OK; case CREDUI.ReturnCodesModernUI.ERROR_CANCELLED: return DialogResult.Cancel; case CREDUI.ReturnCodesModernUI.ERROR_NO_SUCH_LOGON_SESSION: throw new ApplicationException("No such logon session."); case CREDUI.ReturnCodesModernUI.ERROR_NOT_FOUND: throw new ApplicationException("Not found."); case CREDUI.ReturnCodesModernUI.ERROR_INVALID_ACCOUNT_NAME: throw new ApplicationException("Invalid account username."); case CREDUI.ReturnCodesModernUI.ERROR_INSUFFICIENT_BUFFER: throw new ApplicationException("Insufficient buffer."); case CREDUI.ReturnCodesModernUI.ERROR_INVALID_PARAMETER: throw new ApplicationException("Invalid parameter."); case CREDUI.ReturnCodesModernUI.ERROR_INVALID_FLAGS: throw new ApplicationException("Invalid flags."); default: throw new ApplicationException("Unknown credential result encountered."); } } } } |