private void CreateInputHtmlCollection(SecureNameValueCollection collection, SecureHttpBuffer buffer, Uri redirectUrl, int majorCasVersion)
        {
            foreach (string text in collection)
            {
                buffer.CopyAtCurrentPosition("<input type='hidden' name='");
                buffer.CopyAtCurrentPosition(text);
                buffer.CopyAtCurrentPosition("' value='");
                if (text == "password")
                {
                    SecureString securePassword;
                    collection.TryGetSecureValue(text, out securePassword);
                    using (SecureArray <char> secureArray = securePassword.TransformToSecureCharArray(new CharTransformDelegate(FbaFormPostProxyRequestHandler.EncodeForSingleQuotedAttribute)))
                    {
                        buffer.CopyAtCurrentPosition(secureArray);
                        goto IL_14B;
                    }
                    goto IL_72;
                }
                goto IL_72;
IL_14B:
                buffer.CopyAtCurrentPosition("'>");
                continue;
IL_72:
                string text2;
                if (!(text == "destination"))
                {
                    collection.TryGetUnsecureValue(text, out text2);
                    buffer.CopyAtCurrentPosition(EncodingUtilities.HtmlEncode(text2));
                    goto IL_14B;
                }
                collection.TryGetUnsecureValue(text, out text2);
                Uri uri;
                if (!Uri.TryCreate(text2, UriKind.Absolute, out uri))
                {
                    throw new HttpException(400, "destination value is not valid");
                }
                StringBuilder stringBuilder = new StringBuilder();
                stringBuilder.Append(redirectUrl.Scheme);
                stringBuilder.Append(Uri.SchemeDelimiter);
                stringBuilder.Append(redirectUrl.Authority);
                if (FbaFormPostProxyRequestHandler.IsOwaUrl(uri, OwaUrl.AuthPost, true))
                {
                    stringBuilder.Append(OwaUrl.ApplicationRoot.ImplicitUrl);
                }
                else if (string.IsNullOrEmpty(this.explicitLogonUser))
                {
                    stringBuilder.Append(redirectUrl.PathAndQuery);
                }
                else
                {
                    stringBuilder.Append(uri.PathAndQuery);
                }
                buffer.CopyAtCurrentPosition(stringBuilder.ToString());
                goto IL_14B;
            }
        }
        private void ChangePassword()
        {
            SecureHtmlFormReader secureHtmlFormReader = new SecureHtmlFormReader(base.Request);

            secureHtmlFormReader.AddSensitiveInputName("oldPwd");
            secureHtmlFormReader.AddSensitiveInputName("newPwd1");
            secureHtmlFormReader.AddSensitiveInputName("newPwd2");
            SecureNameValueCollection secureNameValueCollection = null;

            try
            {
                if (secureHtmlFormReader.TryReadSecureFormData(out secureNameValueCollection))
                {
                    string       text          = null;
                    SecureString secureString  = null;
                    SecureString secureString2 = null;
                    SecureString secureString3 = null;
                    try
                    {
                        secureNameValueCollection.TryGetUnsecureValue("username", out text);
                        secureNameValueCollection.TryGetSecureValue("oldPwd", out secureString);
                        secureNameValueCollection.TryGetSecureValue("newPwd1", out secureString2);
                        secureNameValueCollection.TryGetSecureValue("newPwd2", out secureString3);
                        if (text != null && secureString != null && secureString2 != null && secureString3 != null)
                        {
                            if (!ExpiredPassword.SecureStringEquals(secureString2, secureString3))
                            {
                                this.reason = ExpiredPassword.ExpiredPasswordReason.PasswordConflict;
                            }
                            else
                            {
                                switch (ExpiredPassword.ChangePasswordNUCP(text, secureString, secureString2))
                                {
                                case ExpiredPassword.ChangePasswordResult.Success:
                                    this.reason          = ExpiredPassword.ExpiredPasswordReason.None;
                                    this.passwordChanged = true;
                                    break;

                                case ExpiredPassword.ChangePasswordResult.InvalidCredentials:
                                    this.reason = ExpiredPassword.ExpiredPasswordReason.InvalidCredentials;
                                    break;

                                case ExpiredPassword.ChangePasswordResult.LockedOut:
                                    this.reason = ExpiredPassword.ExpiredPasswordReason.LockedOut;
                                    break;

                                case ExpiredPassword.ChangePasswordResult.BadNewPassword:
                                    this.reason = ExpiredPassword.ExpiredPasswordReason.InvalidNewPassword;
                                    break;

                                case ExpiredPassword.ChangePasswordResult.OtherError:
                                    this.reason = ExpiredPassword.ExpiredPasswordReason.InvalidCredentials;
                                    break;
                                }
                            }
                        }
                    }
                    finally
                    {
                        secureString.Dispose();
                        secureString2.Dispose();
                        secureString3.Dispose();
                    }
                }
            }
            finally
            {
                if (secureNameValueCollection != null)
                {
                    secureNameValueCollection.Dispose();
                }
            }
        }
Beispiel #3
0
        private bool HandleFbaAuthFormPost(HttpApplication httpApplication)
        {
            HttpContext  context  = httpApplication.Context;
            HttpRequest  request  = context.Request;
            HttpResponse response = context.Response;

            if (request.GetHttpMethod() != HttpMethod.Post)
            {
                return(false);
            }
            string strB = request.Url.Segments[request.Url.Segments.Length - 1];

            if (string.Compare("auth.owa", strB, StringComparison.OrdinalIgnoreCase) != 0 && string.Compare("owaauth.dll", strB, StringComparison.OrdinalIgnoreCase) != 0)
            {
                return(false);
            }
            if (string.IsNullOrEmpty(request.ContentType))
            {
                request.ContentType = "application/x-www-form-urlencoded";
            }
            SecureHtmlFormReader secureHtmlFormReader = new SecureHtmlFormReader(request);

            secureHtmlFormReader.AddSensitiveInputName("password");
            SecureNameValueCollection secureNameValueCollection = null;

            try
            {
                if (!secureHtmlFormReader.TryReadSecureFormData(out secureNameValueCollection))
                {
                    AspNetHelper.EndResponse(context, HttpStatusCode.BadRequest);
                }
                string       text         = null;
                string       text2        = null;
                SecureString secureString = null;
                string       text3        = null;
                secureNameValueCollection.TryGetUnsecureValue("username", out text2);
                secureNameValueCollection.TryGetSecureValue("password", out secureString);
                secureNameValueCollection.TryGetUnsecureValue("destination", out text);
                secureNameValueCollection.TryGetUnsecureValue("flags", out text3);
                if (text == null || text2 == null || secureString == null || text3 == null || !this.CheckPostDestination(text, context.Request))
                {
                    AspNetHelper.EndResponse(context, HttpStatusCode.BadRequest);
                }
                this.password       = secureString.Copy();
                this.userName       = text2;
                this.destinationUrl = text;
                int num;
                if (int.TryParse(text3, NumberStyles.Integer, CultureInfo.InvariantCulture, out num))
                {
                    this.flags = num;
                }
                else
                {
                    this.flags = 0;
                }
                text2 += ":";
                Encoding @default     = Encoding.Default;
                int      maxByteCount = @default.GetMaxByteCount(text2.Length + secureString.Length);
                using (SecureArray <byte> secureArray = new SecureArray <byte>(maxByteCount))
                {
                    int num2 = @default.GetBytes(text2, 0, text2.Length, secureArray.ArrayValue, 0);
                    using (SecureArray <char> secureArray2 = secureString.ConvertToSecureCharArray())
                    {
                        num2 += @default.GetBytes(secureArray2.ArrayValue, 0, secureArray2.Length(), secureArray.ArrayValue, num2);
                        this.basicAuthString             = "Basic " + Convert.ToBase64String(secureArray.ArrayValue, 0, num2);
                        request.Headers["Authorization"] = this.basicAuthString;
                    }
                }
            }
            finally
            {
                if (secureNameValueCollection != null)
                {
                    secureNameValueCollection.Dispose();
                }
            }
            ExTraceGlobals.VerboseTracer.TraceDebug <Uri>(0L, "HandleFbaAuthFormPost - {0}", request.Url);
            return(true);
        }