Support SASL authentication in .NET client

[Rupert Smith <ru...@googlemail.com>]

Hi Thomas, thanks for your patch for Qpid-291. I applied it and built and
all looks good. Could you provide some brief instructions on how to test it
against a broker? Is there a config file or something I have to edit to set
up the policy etc.

Thanks.

Rupert

RE: Support SASL authentication in .NET client

[Tomas Restrepo <to...@devdeo.com>]

> > Hi Thomas, thanks for your patch for Qpid-291. I applied it and built
and
> > all looks good. Could you provide some brief instructions on how to test
> it
> > against a broker? Is there a config file or something I have to edit to
> set
> > up the policy etc.

I've attached a new patch to QPID-291 that includes support for configuring
the authentication mechanisms using app.config files. If none are present
(or don't contain the necessary sections), then we still revert to
supporting CRAM-MD5 and PLAIN authentication by default.

Let me know what you guys think about the proposed patch.

Tomas Restrepo
tomas.restrepo@devdeo.com
http://www.winterdom.com/weblog/

RE: Support SASL authentication in .NET client

[Tomas Restrepo <to...@devdeo.com>]

> Hi Thomas, thanks for your patch for Qpid-291. I applied it and built and
> all looks good. Could you provide some brief instructions on how to test
it
> against a broker? Is there a config file or something I have to edit to
set
> up the policy etc.

Right now it's already working works against a broker and given the
configuration of the Java Broker at this time, CRAM-MD5 will be selected by
default as the authentication mechanism. Basically the client will
automatically select the mechanism based on what the server sends (i.e.
available mechanisms) and the set of mechanisms supported by the client
(CRAM-MD5 and PLAIN in that order of preference).

What's missing at this point (and it's something I'm trying to figure out
the best way to do) is a way to a) configure additional Sasl mechanisms (the
core sasl library I built does support this, but it's not exposed in a
configurable fashion yet) and b) configure a callback handler for your
mechanism (that supplies any data required by it to complete the
authentication, like username or password).

Both of these things are not significant issues in that the extensibility
hooks are there both in Qpid.Sasl and Qpid.Client already, it's just a
matter of making it available through a config file option, basically. I'm
hoping to get that done as well soon (I've just been a bit busy this past
couple of days).

If you want to test with a particular mechanism at this point, you'd need to
modify the set of supported algorithms in the CallbackHandlerRegistry.cs
file (for example, just putting PLAIN before CRAM-MD5 will make the client
choose to authenticate using PLAIN.)

I'll try to submit a new patch containing those fixes before the end of the
week, so that it can be used over the two previous patches I submitted. I
spent some time cleaning up the code yesterday and removed about 40 FxCop
warnings (there are still a few left, though), so it will be a good idea to
get a new patch anyway.

Tomas Restrepo
tomas.restrepo@devdeo.com
http://www.winterdom.com/weblog/