// Token: 0x06000286 RID: 646 RVA: 0x000118C4 File Offset: 0x0000FAC4
private static bool CheckClaimSetsForX509CertUser(AuthorizationContext authorizationContext, OperationContext operationContext)
{
HttpContext.Current.Items["AuthType"] = "X509Cert";
ReadOnlyCollection <ClaimSet> claimSets = authorizationContext.ClaimSets;
claimSets.TraceClaimSets();
X509CertUser x509CertUser = null;
if (!X509CertUser.TryCreateX509CertUser(claimSets, out x509CertUser))
{
ExTraceGlobals.AuthenticationTracer.TraceDebug(0L, "[AutodiscoverAuthorizationManager.CheckClaimSetsForX509CertUser] unable to create the x509certuser");
AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "unable to create the X509CertUser based on the given claim sets.");
return(false);
}
OrganizationId value;
WindowsIdentity windowsIdentity;
string arg;
if (!x509CertUser.TryGetWindowsIdentity(out value, out windowsIdentity, out arg))
{
ExTraceGlobals.AuthenticationTracer.TraceDebug <X509CertUser>(0L, "[AutodiscoverAuthorizationManager.CheckClaimSetsForX509CertUser] unable to find the windows identity for cert user: {0}", x509CertUser);
string reason = string.Format("unable to find the windows identity for the given cert {0}, reason: {1}", x509CertUser, arg);
AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, reason);
return(false);
}
ExTraceGlobals.AuthenticationTracer.TraceDebug <string, string>(0L, "[AutodiscoverAuthorizationManager.CheckClaimSetsForX509CertUser] ws-security header contains the x509 cert user identity: {0}, upn: {1}", Common.GetIdentityNameForTrace(windowsIdentity), x509CertUser.UserPrincipalName);
AutodiscoverAuthorizationManager.PushUserAndOrgInfoToContext(x509CertUser.UserPrincipalName, null);
HttpContext.Current.User = new WindowsPrincipal(windowsIdentity);
HttpContext.Current.Items["UserOrganizationId"] = value;
return(true);
}
// Token: 0x060003D2 RID: 978 RVA: 0x000159C4 File Offset: 0x00013BC4
internal string FindAddressFromWsSecurity(Stream stream, WsSecurityHeaderType headerType, out bool isDelegationToken)
{
isDelegationToken = false;
long position = stream.Position;
try
{
XmlReader xmlReader = XmlReader.Create(stream);
if (xmlReader.Settings != null && xmlReader.Settings.DtdProcessing != DtdProcessing.Prohibit)
{
xmlReader.Settings.DtdProcessing = DtdProcessing.Prohibit;
}
XmlElement xmlElement = null;
XmlElement xmlElement2 = null;
XmlElement xmlElement3 = null;
xmlReader.MoveToContent();
bool flag = true;
while (flag && xmlReader.Read())
{
if (xmlReader.NodeType == XmlNodeType.Element && xmlReader.LocalName == "Header")
{
if (!(xmlReader.NamespaceURI == "http://schemas.xmlsoap.org/soap/envelope/"))
{
if (!(xmlReader.NamespaceURI == "http://www.w3.org/2003/05/soap-envelope"))
{
continue;
}
}
while (flag && xmlReader.Read())
{
if (stream.Position > 73628L)
{
throw new QuotaExceededException();
}
if (xmlReader.NodeType == XmlNodeType.EndElement && xmlReader.LocalName == "Header" && (xmlReader.NamespaceURI == "http://schemas.xmlsoap.org/soap/envelope/" || xmlReader.NamespaceURI == "http://www.w3.org/2003/05/soap-envelope"))
{
if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1))
{
ExTraceGlobals.VerboseTracer.TraceDebug <int>((long)this.GetHashCode(), "[WsSecurityParser::FindAddressFromWsSecurity]: Context {0}; Hit the end of the SOAP header unexpectedly", this.TraceContext);
}
flag = false;
break;
}
if (headerType != WsSecurityHeaderType.PartnerAuth)
{
if (xmlReader.NodeType == XmlNodeType.Element && xmlReader.LocalName == "Security" && xmlReader.NamespaceURI == "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")
{
while (flag)
{
if (!xmlReader.Read())
{
break;
}
if (stream.Position > 73628L)
{
throw new QuotaExceededException();
}
if (xmlReader.NodeType == XmlNodeType.EndElement && xmlReader.LocalName == "Security" && xmlReader.NamespaceURI == "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")
{
if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1))
{
ExTraceGlobals.VerboseTracer.TraceDebug <int>((long)this.GetHashCode(), "[WsSecurityParser::FindAddressFromWsSecurity]: Context {0}; Hit the end of the WS-Security header unexpectedly", this.TraceContext);
}
flag = false;
break;
}
if (xmlReader.NodeType == XmlNodeType.Element && ((headerType == WsSecurityHeaderType.WSSecurityAuth && xmlReader.LocalName == "EncryptedData" && xmlReader.NamespaceURI == "http://www.w3.org/2001/04/xmlenc#") || (headerType == WsSecurityHeaderType.X509CertAuth && xmlReader.LocalName == "BinarySecurityToken" && xmlReader.NamespaceURI == "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")))
{
using (XmlReader xmlReader2 = xmlReader.ReadSubtree())
{
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.Load(xmlReader2);
xmlElement = xmlDocument.DocumentElement;
}
flag = false;
break;
}
}
}
}
else
{
if (xmlReader.NodeType == XmlNodeType.Element && xmlReader.LocalName == "ExchangeImpersonation" && xmlReader.NamespaceURI == "http://schemas.microsoft.com/exchange/services/2006/types")
{
using (XmlReader xmlReader3 = xmlReader.ReadSubtree())
{
XmlDocument xmlDocument2 = new XmlDocument();
xmlDocument2.Load(xmlReader3);
xmlElement2 = xmlDocument2.DocumentElement;
}
flag = false;
break;
}
if (xmlReader.NodeType == XmlNodeType.Element && xmlReader.LocalName == "Attribute" && xmlReader.NamespaceURI == "urn:oasis:names:tc:SAML:1.0:assertion" && xmlReader.HasAttributes && xmlReader.GetAttribute("AttributeName") == "targettenant")
{
using (XmlReader xmlReader4 = xmlReader.ReadSubtree())
{
XmlDocument xmlDocument3 = new XmlDocument();
xmlDocument3.Load(xmlReader4);
xmlElement3 = xmlDocument3.DocumentElement;
}
flag = false;
break;
}
}
}
}
}
if (headerType == WsSecurityHeaderType.PartnerAuth)
{
if (xmlElement2 != null)
{
if (xmlElement2.NodeType == XmlNodeType.Element && xmlElement2.FirstChild.NodeType == XmlNodeType.Element && xmlElement2.FirstChild.LocalName == "ConnectingSID")
{
XmlNode firstChild = xmlElement2.FirstChild.FirstChild;
if (firstChild.LocalName == "PrincipalName" || firstChild.LocalName == "PrimarySmtpAddress" || firstChild.LocalName == "SmtpAddress" || firstChild.LocalName == "SID")
{
return(firstChild.InnerXml);
}
if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1))
{
ExTraceGlobals.VerboseTracer.TraceDebug <int, string>((long)this.GetHashCode(), "[WsSecurityParser::FindAddressFromWsSecurity]: Context {0}; Unexpected type {1} in ConnectingSID in impersonation header", this.TraceContext, firstChild.Name);
}
return(null);
}
}
else if (xmlElement3 != null && xmlElement3.NodeType == XmlNodeType.Element && xmlElement3.FirstChild.LocalName == "AttributeValue")
{
return(xmlElement3.FirstChild.InnerText);
}
}
else if (xmlElement != null)
{
ExternalAuthentication current = ExternalAuthentication.GetCurrent();
if (!current.Enabled)
{
if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1))
{
ExTraceGlobals.VerboseTracer.TraceDebug((long)this.GetHashCode(), "[WsSecurityParser::FindAddressFromWsSecurity]: ExternalAuthentication is not enabled");
}
return(null);
}
if (headerType == WsSecurityHeaderType.X509CertAuth)
{
AuthorizationContext authorizationContext;
if (current.TokenValidator.AuthorizationContextFromToken(xmlElement, ref authorizationContext).Result == null)
{
ReadOnlyCollection <ClaimSet> claimSets = authorizationContext.ClaimSets;
X509CertUser x509CertUser = null;
if (!X509CertUser.TryCreateX509CertUser(claimSets, ref x509CertUser))
{
if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1))
{
ExTraceGlobals.VerboseTracer.TraceDebug <int>((long)this.GetHashCode(), "[WsSecurityParser::FindAddressFromWsSecurity]: Context {0}; Unable to create the x509certuser", this.TraceContext);
}
return(null);
}
OrganizationId organizationId;
WindowsIdentity windowsIdentity;
string text;
if (!x509CertUser.TryGetWindowsIdentity(ref organizationId, ref windowsIdentity, ref text))
{
if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1))
{
ExTraceGlobals.VerboseTracer.TraceDebug <int, X509CertUser, string>((long)this.GetHashCode(), "[WsSecurityParser::FindAddressFromWsSecurity]: Context {0}; unable to find the windows identity for cert user: {1}, reason: {2}", this.TraceContext, x509CertUser, text);
}
return(null);
}
return(x509CertUser.UserPrincipalName);
}
}
else
{
TokenValidationResults tokenValidationResults = current.TokenValidator.FindEmailAddress(xmlElement, ref isDelegationToken);
if (!string.IsNullOrEmpty(tokenValidationResults.EmailAddress))
{
return(tokenValidationResults.EmailAddress);
}
}
}
}
catch (XmlException ex)
{
if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1))
{
ExTraceGlobals.VerboseTracer.TraceDebug <int, XmlException>((long)this.GetHashCode(), "[WsSecurityParser::FindAddressFromWsSecurity]: Context {0}; XmlException {1}", this.TraceContext, ex);
}
}
if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1))
{
ExTraceGlobals.VerboseTracer.TraceDebug <int>((long)this.GetHashCode(), "[WsSecurityParser::FindAddressFromWsSecurity]: Context {0}; No email address found in Ws-Trust token", this.TraceContext);
}
return(null);
}
