private MRSProxyAuthorizationManager.AuthenticationData GetAuthenticationData(OperationContext operationContext)
{
MRSProxyAuthorizationManager.AuthenticationData authenticationData = null;
if (!MRSProxyAuthorizationManager.Sessions.TryGetValue(operationContext.SessionId, out authenticationData))
{
authenticationData = new MRSProxyAuthorizationManager.AuthenticationData();
MRSProxyAuthorizationManager.Sessions.AddAbsolute(operationContext.SessionId, authenticationData, MRSProxyAuthorizationManager.authenticationDataExpiration, null);
}
return(authenticationData);
}
internal override bool PostAuthnCheck(OperationContext operationContext, IAuthenticationInfo authenticationInfo)
{
if (operationContext.ServiceSecurityContext.IsAnonymous)
{
return(false);
}
MRSProxyAuthorizationManager.AuthenticationData authenticationData = this.GetAuthenticationData(operationContext);
if (authenticationData.IsAuthorized)
{
return(true);
}
if (authenticationInfo.IsCertificateAuthentication)
{
authenticationData.IsAuthorized = true;
}
else
{
authenticationData.IsAuthorized = base.PostAuthnCheck(operationContext, authenticationInfo);
}
return(authenticationData.IsAuthorized);
}
private IAuthenticationInfo GetPrincipal(OperationContext operationContext)
{
MRSProxyAuthorizationManager.AuthenticationData authenticationData = this.GetAuthenticationData(operationContext);
if (authenticationData.AuthenticationInfo != null)
{
return(authenticationData.AuthenticationInfo);
}
IAuthenticationInfo authenticationInfo = base.Authenticate(operationContext);
if (authenticationInfo == null)
{
return(null);
}
if (operationContext.Channel.LocalAddress.Uri.Scheme == "net.tcp" || this.TestIntegration.UseHttpsForLocalMoves)
{
return(authenticationInfo);
}
WindowsPrincipal windowsPrincipal = authenticationInfo.WindowsPrincipal;
WindowsIdentity windowsIdentity = windowsPrincipal.Identity as WindowsIdentity;
using (ClientSecurityContext clientSecurityContext = new ClientSecurityContext(windowsIdentity))
{
if (!LocalServer.AllowsTokenSerializationBy(clientSecurityContext))
{
MrsTracer.ProxyService.Debug("MRSProxyAuthorizationManager: User {0} does not have the permission to serialize security token.", new object[]
{
authenticationInfo.PrincipalName
});
return(null);
}
}
object obj;
if (!OperationContext.Current.IncomingMessageProperties.TryGetValue(HttpRequestMessageProperty.Name, out obj))
{
return(null);
}
HttpRequestMessageProperty httpRequestMessageProperty = obj as HttpRequestMessageProperty;
if (httpRequestMessageProperty == null)
{
return(null);
}
string[] values = httpRequestMessageProperty.Headers.GetValues("X-CommonAccessToken");
if (values == null || values.Length != 1)
{
return(null);
}
string text = values[0];
if (string.IsNullOrEmpty(text))
{
return(null);
}
using (ClientSecurityContext clientSecurityContext2 = new ClientSecurityContext(windowsIdentity))
{
if (!LocalServer.AllowsTokenSerializationBy(clientSecurityContext2))
{
MrsTracer.ProxyService.Debug("MRSProxyAuthorizationManager: User {0} does not have the permission to serialize security token.", new object[]
{
windowsIdentity
});
return(null);
}
}
CommonAccessToken commonAccessToken = CommonAccessToken.Deserialize(text);
SecurityIdentifier securityIdentifier = new SecurityIdentifier(commonAccessToken.WindowsAccessToken.UserSid);
IRootOrganizationRecipientSession rootOrganizationRecipientSession = DirectorySessionFactory.Default.CreateRootOrgRecipientSession(true, ConsistencyMode.PartiallyConsistent, ADSessionSettings.FromRootOrgScopeSet(), 300, "GetPrincipal", "f:\\15.00.1497\\sources\\dev\\mrs\\src\\ProxyService\\MRSProxyAuthorizationManager.cs");
ADRawEntry adrawEntry = rootOrganizationRecipientSession.FindADRawEntryBySid(securityIdentifier, MRSProxyAuthorizationManager.userPrincipalName);
if (adrawEntry == null)
{
authenticationData.AuthenticationInfo = new AuthenticationInfo(securityIdentifier);
}
else
{
string sUserPrincipalName = (string)adrawEntry[ADUserSchema.UserPrincipalName];
windowsIdentity = new WindowsIdentity(sUserPrincipalName);
authenticationData.AuthenticationInfo = new AuthenticationInfo(windowsIdentity, windowsIdentity.Name);
}
return(authenticationData.AuthenticationInfo);
}
