public static ProxyAuthenticator Create(RequestedToken token, SmtpAddress sharingKey, string messageId)
{
ProxyAuthenticator.SecurityTracer.TraceDebug(0L, "{0}: creating ProxyAuthenticator for WS-Security", new object[]
{
TraceContext.Get()
});
XmlElement xmlElement = null;
if (sharingKey != SmtpAddress.Empty)
{
xmlElement = SharingKeyHandler.Encrypt(sharingKey, token.ProofToken);
}
SoapHttpClientAuthenticator soapHttpClientAuthenticator = SoapHttpClientAuthenticator.Create(token);
if (xmlElement != null)
{
soapHttpClientAuthenticator.AdditionalSoapHeaders.Add(new SharingSecurityHeader(xmlElement));
}
ProxyAuthenticator.SetMessageId(soapHttpClientAuthenticator, messageId);
return(new ProxyAuthenticator(soapHttpClientAuthenticator, AuthenticatorType.WSSecurity));
}
// Token: 0x06000284 RID: 644 RVA: 0x000115F4 File Offset: 0x0000F7F4
private static bool CheckClaimSetsForExternalUser(AuthorizationContext authorizationContext, OperationContext operationContext)
{
HttpContext.Current.Items["AuthType"] = "External";
SamlSecurityToken samlSecurityToken = null;
foreach (SupportingTokenSpecification supportingTokenSpecification in operationContext.SupportingTokens)
{
samlSecurityToken = (supportingTokenSpecification.SecurityToken as SamlSecurityToken);
if (samlSecurityToken != null)
{
break;
}
}
if (samlSecurityToken == null)
{
ExTraceGlobals.AuthenticationTracer.TraceError(0L, "Found no security token in authorization context");
return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Cannot find security token in authorization context"));
}
ExternalAuthentication current = ExternalAuthentication.GetCurrent();
if (!current.Enabled)
{
ExTraceGlobals.AuthenticationTracer.TraceError(0L, "Federation is not enabled");
return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Federation is not enabled"));
}
TokenValidationResults tokenValidationResults = current.TokenValidator.ValidateToken(samlSecurityToken, Offer.Autodiscover);
if (tokenValidationResults.Result != TokenValidationResult.Valid || !SmtpAddress.IsValidSmtpAddress(tokenValidationResults.EmailAddress))
{
ExTraceGlobals.AuthenticationTracer.TraceError <TokenValidationResults>(0L, "Validation of security token in WS-Security header failed: {0}", tokenValidationResults);
return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Validation of the delegation failed"));
}
SmtpAddress smtpAddress = SmtpAddress.Empty;
int num = -1;
try
{
num = operationContext.IncomingMessageHeaders.FindHeader("SharingSecurity", "http://schemas.microsoft.com/exchange/services/2006/types");
}
catch (MessageHeaderException ex)
{
AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Exception when looking for SharingSecurity header in request: " + ex.ToString());
return(false);
}
if (num < 0)
{
ExTraceGlobals.AuthenticationTracer.TraceDebug(0L, "Request has no SharingSecurity header");
}
else
{
XmlElement header = operationContext.IncomingMessageHeaders.GetHeader <XmlElement>(num);
smtpAddress = SharingKeyHandler.Decrypt(header, tokenValidationResults.ProofToken);
if (smtpAddress == SmtpAddress.Empty)
{
ExTraceGlobals.AuthenticationTracer.TraceError <string>(0L, "SharingSecurity is present but invalid: {0}", header.OuterXml);
AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Validation of the SharingSecurity failed");
return(false);
}
ExTraceGlobals.AuthenticationTracer.TraceDebug <SmtpAddress>(0L, "SharingSecurity header contains external identity: {0}", smtpAddress);
}
AutodiscoverAuthorizationManager.PushUserAndOrgInfoToContext(tokenValidationResults.EmailAddress, null);
HttpContext.Current.User = new GenericPrincipal(new ExternalIdentity(new SmtpAddress(tokenValidationResults.EmailAddress), smtpAddress), null);
return(true);
}
