public static ProxyAuthenticator Create(RequestedToken token, SmtpAddress sharingKey, string messageId) { ProxyAuthenticator.SecurityTracer.TraceDebug(0L, "{0}: creating ProxyAuthenticator for WS-Security", new object[] { TraceContext.Get() }); XmlElement xmlElement = null; if (sharingKey != SmtpAddress.Empty) { xmlElement = SharingKeyHandler.Encrypt(sharingKey, token.ProofToken); } SoapHttpClientAuthenticator soapHttpClientAuthenticator = SoapHttpClientAuthenticator.Create(token); if (xmlElement != null) { soapHttpClientAuthenticator.AdditionalSoapHeaders.Add(new SharingSecurityHeader(xmlElement)); } ProxyAuthenticator.SetMessageId(soapHttpClientAuthenticator, messageId); return(new ProxyAuthenticator(soapHttpClientAuthenticator, AuthenticatorType.WSSecurity)); }
// Token: 0x06000284 RID: 644 RVA: 0x000115F4 File Offset: 0x0000F7F4 private static bool CheckClaimSetsForExternalUser(AuthorizationContext authorizationContext, OperationContext operationContext) { HttpContext.Current.Items["AuthType"] = "External"; SamlSecurityToken samlSecurityToken = null; foreach (SupportingTokenSpecification supportingTokenSpecification in operationContext.SupportingTokens) { samlSecurityToken = (supportingTokenSpecification.SecurityToken as SamlSecurityToken); if (samlSecurityToken != null) { break; } } if (samlSecurityToken == null) { ExTraceGlobals.AuthenticationTracer.TraceError(0L, "Found no security token in authorization context"); return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Cannot find security token in authorization context")); } ExternalAuthentication current = ExternalAuthentication.GetCurrent(); if (!current.Enabled) { ExTraceGlobals.AuthenticationTracer.TraceError(0L, "Federation is not enabled"); return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Federation is not enabled")); } TokenValidationResults tokenValidationResults = current.TokenValidator.ValidateToken(samlSecurityToken, Offer.Autodiscover); if (tokenValidationResults.Result != TokenValidationResult.Valid || !SmtpAddress.IsValidSmtpAddress(tokenValidationResults.EmailAddress)) { ExTraceGlobals.AuthenticationTracer.TraceError <TokenValidationResults>(0L, "Validation of security token in WS-Security header failed: {0}", tokenValidationResults); return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Validation of the delegation failed")); } SmtpAddress smtpAddress = SmtpAddress.Empty; int num = -1; try { num = operationContext.IncomingMessageHeaders.FindHeader("SharingSecurity", "http://schemas.microsoft.com/exchange/services/2006/types"); } catch (MessageHeaderException ex) { AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Exception when looking for SharingSecurity header in request: " + ex.ToString()); return(false); } if (num < 0) { ExTraceGlobals.AuthenticationTracer.TraceDebug(0L, "Request has no SharingSecurity header"); } else { XmlElement header = operationContext.IncomingMessageHeaders.GetHeader <XmlElement>(num); smtpAddress = SharingKeyHandler.Decrypt(header, tokenValidationResults.ProofToken); if (smtpAddress == SmtpAddress.Empty) { ExTraceGlobals.AuthenticationTracer.TraceError <string>(0L, "SharingSecurity is present but invalid: {0}", header.OuterXml); AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Validation of the SharingSecurity failed"); return(false); } ExTraceGlobals.AuthenticationTracer.TraceDebug <SmtpAddress>(0L, "SharingSecurity header contains external identity: {0}", smtpAddress); } AutodiscoverAuthorizationManager.PushUserAndOrgInfoToContext(tokenValidationResults.EmailAddress, null); HttpContext.Current.User = new GenericPrincipal(new ExternalIdentity(new SmtpAddress(tokenValidationResults.EmailAddress), smtpAddress), null); return(true); }