private static OwaClientSecurityContextIdentity InternalCreateFromClientSecurityContextIdentity(ClientSecurityContextIdentity cscIdentity, string logonName, OrganizationId userOrganizationId = null)
        {
            SidBasedIdentity sidBasedIdentity = cscIdentity as SidBasedIdentity;

            if (sidBasedIdentity != null)
            {
                OwaClientSecurityContextIdentity.PrePopulateUserGroupSids(sidBasedIdentity);
            }
            OwaClientSecurityContextIdentity result;

            try
            {
                using (ClientSecurityContext clientSecurityContext = cscIdentity.CreateClientSecurityContext())
                {
                    result = new OwaClientSecurityContextIdentity(clientSecurityContext, logonName, cscIdentity.AuthenticationType, userOrganizationId);
                }
            }
            catch (AuthzException ex)
            {
                ExTraceGlobals.CoreTracer.TraceDebug <string, string, AuthzException>(0L, "OwaClientSecurityContextIdentity.CreateFromClientSecurityContextIdentity for ClientSecurityContextIdentity.Name={0} ClientSecurityContextIdentity.AuthenticationType={1} failed with exception: {2}", cscIdentity.Name, cscIdentity.AuthenticationType, ex);
                if (ex.InnerException is Win32Exception)
                {
                    throw new OwaIdentityException("There was a problem creating the Client Security Context.", ex);
                }
                throw;
            }
            return(result);
        }
 internal static OwaClientSecurityContextIdentity CreateFromsidBasedIdentity(SidBasedIdentity sidBasedIdentity)
 {
     if (sidBasedIdentity == null)
     {
         throw new ArgumentNullException("sidBasedIdentity");
     }
     return(OwaClientSecurityContextIdentity.InternalCreateFromClientSecurityContextIdentity(sidBasedIdentity, sidBasedIdentity.MemberName, sidBasedIdentity.UserOrganizationId));
 }
Beispiel #3
0
        protected static OwaIdentity GetOwaIdentity(IIdentity identity)
        {
            CompositeIdentity compositeIdentity = identity as CompositeIdentity;

            if (compositeIdentity != null)
            {
                ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve CompositeIdentity.");
                return(OwaCompositeIdentity.CreateFromCompositeIdentity(compositeIdentity));
            }
            WindowsIdentity windowsIdentity = identity as WindowsIdentity;

            if (windowsIdentity != null)
            {
                ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve WindowsIdentity.");
                if (windowsIdentity.IsAnonymous)
                {
                    ExTraceGlobals.CoreCallTracer.TraceError(0L, "[OwaIdentity::ResolveLogonIdentity] - Windows identity cannot be anonymous.");
                    throw new OwaIdentityException("Cannot create security context for anonymous windows identity.");
                }
                return(OwaWindowsIdentity.CreateFromWindowsIdentity(windowsIdentity));
            }
            else
            {
                LiveIDIdentity liveIDIdentity = identity as LiveIDIdentity;
                if (liveIDIdentity != null)
                {
                    ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve LiveIDIdentity.");
                    return(OwaClientSecurityContextIdentity.CreateFromLiveIDIdentity(liveIDIdentity));
                }
                WindowsTokenIdentity windowsTokenIdentity = identity as WindowsTokenIdentity;
                if (windowsTokenIdentity != null)
                {
                    ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve WindowsTokenIdentity.");
                    return(OwaClientSecurityContextIdentity.CreateFromClientSecurityContextIdentity(windowsTokenIdentity));
                }
                OAuthIdentity oauthIdentity = identity as OAuthIdentity;
                if (oauthIdentity != null)
                {
                    ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve OAuthIdentity.");
                    return(OwaClientSecurityContextIdentity.CreateFromOAuthIdentity(oauthIdentity));
                }
                AdfsIdentity adfsIdentity = identity as AdfsIdentity;
                if (adfsIdentity != null)
                {
                    ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve AdfsIdentity.");
                    return(OwaClientSecurityContextIdentity.CreateFromAdfsIdentity(identity as AdfsIdentity));
                }
                SidBasedIdentity sidBasedIdentity = identity as SidBasedIdentity;
                if (sidBasedIdentity != null)
                {
                    ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve SidBasedIdentity.");
                    return(OwaClientSecurityContextIdentity.CreateFromsidBasedIdentity(sidBasedIdentity));
                }
                ExTraceGlobals.CoreCallTracer.TraceError <Type>(0L, "[OwaIdentity::ResolveLogonIdentity] - Cannot resolve unsupported identity type: {0}.", identity.GetType());
                throw new NotSupportedException(string.Format("Unexpected identity type. {0}", identity.GetType()));
            }
        }
Beispiel #4
0
        private OrganizationId GetOrganizationIdFromIdentity(IIdentity identity)
        {
            OrganizationId   result           = OrganizationId.ForestWideOrgId;
            SidBasedIdentity sidBasedIdentity = identity as SidBasedIdentity;

            if (sidBasedIdentity != null && sidBasedIdentity.UserOrganizationId != null)
            {
                result = sidBasedIdentity.UserOrganizationId;
            }
            return(result);
        }
Beispiel #5
0
 private void ResolveAccessedUser()
 {
     if (string.IsNullOrEmpty(this.accessedUserSmtpAddress))
     {
         this.accessedUserExchangePrincipal = ExchangePrincipal.FromUserSid(this.GetOrganizationIdFromIdentity(this.accessedUserIdentity).ToADSessionSettings(), this.accessedUserSid);
         this.logonUserPrincipal            = new GenericPrincipal(this.LogonUserIdentity, null);
     }
     else
     {
         OrganizationId   organizationId   = OrganizationId.ForestWideOrgId;
         SidBasedIdentity sidBasedIdentity = this.LogonUserIdentity as SidBasedIdentity;
         if (sidBasedIdentity != null)
         {
             organizationId = sidBasedIdentity.UserOrganizationId;
         }
         else
         {
             DelegatedPrincipal delegatedPrincipal = this.logonUserPrincipal as DelegatedPrincipal;
             if (delegatedPrincipal != null)
             {
                 SmtpDomain domain;
                 if (SmtpDomain.TryParse(delegatedPrincipal.DelegatedOrganization, out domain))
                 {
                     organizationId = DomainCache.Singleton.Get(new SmtpDomainWithSubdomains(domain, false)).OrganizationId;
                 }
             }
             else
             {
                 ExchangePrincipal exchangePrincipal = this.GetLogonUserExchangePrincipal();
                 if (exchangePrincipal != null)
                 {
                     organizationId = exchangePrincipal.MailboxInfo.OrganizationId;
                 }
             }
         }
         ADSessionSettings adSettings  = organizationId.ToADSessionSettings();
         string            partitionId = null;
         if (organizationId != null && organizationId != OrganizationId.ForestWideOrgId && organizationId.PartitionId != null)
         {
             partitionId = organizationId.PartitionId.ToString();
         }
         this.accessedUserExchangePrincipal = ExchangePrincipal.FromProxyAddress(adSettings, this.accessedUserSmtpAddress, RemotingOptions.AllowCrossSite);
         this.accessedUserIdentity          = new GenericSidIdentity(this.accessedUserExchangePrincipal.Sid.Value, this.LogonUserIdentity.AuthenticationType + "-ExplicitSignOn", this.accessedUserExchangePrincipal.Sid, partitionId);
         this.accessedUserSid = this.accessedUserIdentity.GetSecurityIdentifier();
     }
     this.hasFullAccess    = this.CanOpenAccessedUserMailbox();
     this.identityResolved = true;
 }
        internal static OwaClientSecurityContextIdentity CreateFromOAuthIdentity(OAuthIdentity oauthIdentity)
        {
            if (oauthIdentity == null)
            {
                throw new ArgumentNullException("oauthIdentity");
            }
            ExAssert.RetailAssert(!oauthIdentity.IsAppOnly, "IsApplyOnly cannot be null in OAuthIdentity.");
            ExAssert.RetailAssert(oauthIdentity.ActAsUser != null, "ActAsUser cannot be null in OAuthIdentity.");
            string partitionId = string.Empty;

            if (!(oauthIdentity.OrganizationId == null) && !(oauthIdentity.OrganizationId.PartitionId == null))
            {
                partitionId = oauthIdentity.OrganizationId.PartitionId.ToString();
            }
            SidBasedIdentity cscIdentity = new SidBasedIdentity(oauthIdentity.ActAsUser.UserPrincipalName, oauthIdentity.ActAsUser.Sid.Value, oauthIdentity.ActAsUser.UserPrincipalName, oauthIdentity.AuthenticationType, partitionId)
            {
                UserOrganizationId = oauthIdentity.OrganizationId
            };

            return(OwaClientSecurityContextIdentity.InternalCreateFromClientSecurityContextIdentity(cscIdentity, oauthIdentity.ActAsUser.UserPrincipalName, null));
        }
 private static void PrePopulateUserGroupSids(SidBasedIdentity sidBasedIdentity)
 {
     if (sidBasedIdentity.PrepopulatedGroupSidIds == null || sidBasedIdentity.PrepopulatedGroupSidIds.Count <string>() <= 0)
     {
         ExTraceGlobals.CoreCallTracer.TraceDebug <string>(0L, "Attempting to prepopulate group SIDS for user '{0}'.", sidBasedIdentity.Sid.Value);
         if (sidBasedIdentity.UserOrganizationId != null)
         {
             List <string>     list = null;
             IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(null, true, ConsistencyMode.IgnoreInvalid, null, ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(sidBasedIdentity.UserOrganizationId), 647, "PrePopulateUserGroupSids", "f:\\15.00.1497\\sources\\dev\\clients\\src\\Owa2\\Server\\Core\\common\\OwaClientSecurityContextIdentity.cs");
             if (tenantOrRootOrgRecipientSession != null)
             {
                 ExTraceGlobals.CoreCallTracer.TraceDebug <string>(0L, "OwaClientSecurityContextIdentity.GetUserGroupSidIds created IRecipientSession instance for user '{0}'.", sidBasedIdentity.Sid.Value);
                 ADRecipient adrecipient = tenantOrRootOrgRecipientSession.FindBySid(sidBasedIdentity.Sid);
                 if (adrecipient != null)
                 {
                     ExTraceGlobals.CoreCallTracer.TraceDebug <string, SmtpAddress, string>(0L, "OwaClientSecurityContextIdentity.GetUserGroupSidIds fetched ADRecipient instance with DisplaName '{0}' and PrimarySmtpAddress '{1}' for user '{2}'.", adrecipient.DisplayName, adrecipient.PrimarySmtpAddress, sidBasedIdentity.Sid.Value);
                     list = tenantOrRootOrgRecipientSession.GetTokenSids(adrecipient, AssignmentMethod.S4U);
                 }
                 else
                 {
                     ExTraceGlobals.CoreCallTracer.TraceError <string>(0L, "OwaClientSecurityContextIdentity.GetUserGroupSidIds was unable to get ADRecipient instance for user '{0}'.", sidBasedIdentity.Sid.Value);
                 }
             }
             else
             {
                 ExTraceGlobals.CoreCallTracer.TraceError <string>(0L, "OwaClientSecurityContextIdentity.GetUserGroupSidIds was unable to get IRecipientSession instance for user '{0}'.", sidBasedIdentity.Sid.Value);
             }
             if (list == null)
             {
                 ExTraceGlobals.CoreCallTracer.TraceError <string>(0L, "OwaClientSecurityContextIdentity.GetUserGroupSidIds was unable to find any group SIDs for user '{0}'.", sidBasedIdentity.Sid.Value);
                 return;
             }
             ExTraceGlobals.CoreCallTracer.TraceDebug <string, string>(0L, "Prepopulating User group SIds '{0}', for user '{1}'.", string.Join(", ", list), sidBasedIdentity.Sid.Value);
             sidBasedIdentity.PrepopulateGroupSidIds(list);
         }
     }
 }