private static IdcrlAuth.FederationProviderInfo ParseFederationProviderInfo(XDocument xdoc, string fpDomainName)
 {
     foreach (XElement current in xdoc.Root.Elements("FP"))
     {
         if (current.Attribute("DomainName") != null && string.Equals(current.Attribute("DomainName").Value, fpDomainName, StringComparison.OrdinalIgnoreCase))
         {
             XElement elementAtPath = IdcrlUtility.GetElementAtPath(current, new string[]
             {
                 "URL",
                 "GETUSERREALM"
             });
             XElement elementAtPath2 = IdcrlUtility.GetElementAtPath(current, new string[]
             {
                 "URL",
                 "RST2"
             });
             XElement elementAtPath3 = IdcrlUtility.GetElementAtPath(current, new string[]
             {
                 "URL",
                 "ENTITYID"
             });
             if (elementAtPath == null || elementAtPath2 == null || elementAtPath3 == null)
             {
                 ClientULS.SendTraceTag(3454941u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "Cannot get the user realm service url or security token service url for federation provider {0}", new object[]
                 {
                     fpDomainName
                 });
                 throw IdcrlAuth.CreateIdcrlException(-2147186646);
             }
             ClientULS.SendTraceTag(3454942u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "Find federation provider information for federation provider domain name {0}. UserRealmServiceUrl={1}, SecurityTokenServiceUrl={2}, FederationTokenIssuer={3}", new object[]
             {
                 fpDomainName,
                 elementAtPath.Value,
                 elementAtPath2.Value,
                 elementAtPath3.Value
             });
             return(new IdcrlAuth.FederationProviderInfo
             {
                 UserRealmServiceUrl = elementAtPath.Value,
                 SecurityTokenServiceUrl = elementAtPath2.Value,
                 FederationTokenIssuer = elementAtPath3.Value
             });
         }
     }
     ClientULS.SendTraceTag(3454943u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "Cannot find federation provider information for federation domain {0}", new object[]
     {
         fpDomainName
     });
     throw IdcrlAuth.CreateIdcrlException(-2147186646);
 }
        private static string ParseFPDomainName(XDocument xdoc)
        {
            XElement elementAtPath = IdcrlUtility.GetElementAtPath(xdoc.Root, new string[]
            {
                "FPDOMAINNAME"
            });

            if (elementAtPath == null)
            {
                ClientULS.SendTraceTag(3454940u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "Cannot find FPDOMAINNAME element", new object[0]);
                throw IdcrlAuth.CreateIdcrlException(-2147186646);
            }
            return(elementAtPath.Value);
        }
        private string GetServiceToken(string securityXml, string serviceTarget, string servicePolicy)
        {
            string serviceTokenUrl = this.ServiceTokenUrl;
            string text            = string.Empty;

            if (!string.IsNullOrEmpty(servicePolicy))
            {
                text = string.Format(CultureInfo.InvariantCulture, "<wsp:PolicyReference URI=\"{0}\"></wsp:PolicyReference>", new object[]
                {
                    servicePolicy
                });
            }
            string body = string.Format(CultureInfo.InvariantCulture, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<S:Envelope xmlns:S=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" xmlns:wsa=\"http://www.w3.org/2005/08/addressing\" xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\">\r\n  <S:Header>\r\n    <wsa:Action S:mustUnderstand=\"1\">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action>\r\n    <wsa:To S:mustUnderstand=\"1\">{0}</wsa:To>\r\n    <ps:AuthInfo xmlns:ps=\"http://schemas.microsoft.com/LiveID/SoapServices/v1\" Id=\"PPAuthInfo\">\r\n      <ps:BinaryVersion>5</ps:BinaryVersion>\r\n      <ps:HostingApp>Managed IDCRL</ps:HostingApp>\r\n    </ps:AuthInfo>\r\n    <wsse:Security>{1}</wsse:Security>\r\n  </S:Header>\r\n  <S:Body>\r\n    <wst:RequestSecurityToken xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\" Id=\"RST0\">\r\n      <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>\r\n      <wsp:AppliesTo>\r\n        <wsa:EndpointReference>\r\n          <wsa:Address>{2}</wsa:Address>\r\n        </wsa:EndpointReference>\r\n      </wsp:AppliesTo>\r\n      {3}\r\n    </wst:RequestSecurityToken>\r\n  </S:Body>\r\n</S:Envelope>\r\n", new object[]
            {
                IdcrlUtility.XmlValueEncode(serviceTokenUrl),
                securityXml,
                IdcrlUtility.XmlValueEncode(serviceTarget),
                text
            });
            XDocument xDocument     = this.DoPost(serviceTokenUrl, "application/soap+xml; charset=utf-8", body, new Func <WebException, Exception>(IdcrlAuth.HandleWebException));
            Exception soapException = IdcrlAuth.GetSoapException(xDocument);

            if (soapException != null)
            {
                ClientULS.SendTraceTag(3454926u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "Soap error from {0}. Exception={1}", new object[]
                {
                    serviceTokenUrl,
                    soapException
                });
                throw soapException;
            }
            XElement elementAtPath = IdcrlUtility.GetElementAtPath(xDocument.Root, new string[]
            {
                "{http://www.w3.org/2003/05/soap-envelope}Body",
                "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityTokenResponse",
                "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestedSecurityToken",
                "{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken"
            });

            if (elementAtPath == null)
            {
                ClientULS.SendTraceTag(3454927u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "Cannot get binary security token for from {0}", new object[]
                {
                    serviceTokenUrl
                });
                throw IdcrlAuth.CreateIdcrlException(-2147186656);
            }
            return(elementAtPath.Value);
        }
        private string GetPartnerTicketFromAdfs(string adfsUrl, string username, string password)
        {
            string body = string.Format(CultureInfo.InvariantCulture, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<s:Envelope xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" xmlns:wsa=\"http://www.w3.org/2005/08/addressing\" xmlns:wssc=\"http://schemas.xmlsoap.org/ws/2005/02/sc\" xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\">\r\n    <s:Header>\r\n        <wsa:Action s:mustUnderstand=\"1\">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action>\r\n        <wsa:To s:mustUnderstand=\"1\">{0}</wsa:To>\r\n        <wsa:MessageID>{1}</wsa:MessageID>\r\n        <ps:AuthInfo xmlns:ps=\"http://schemas.microsoft.com/Passport/SoapServices/PPCRL\" Id=\"PPAuthInfo\">\r\n            <ps:HostingApp>Managed IDCRL</ps:HostingApp>\r\n            <ps:BinaryVersion>6</ps:BinaryVersion>\r\n            <ps:UIVersion>1</ps:UIVersion>\r\n            <ps:Cookies></ps:Cookies>\r\n            <ps:RequestParams>AQAAAAIAAABsYwQAAAAxMDMz</ps:RequestParams>\r\n        </ps:AuthInfo>\r\n        <wsse:Security>\r\n            <wsse:UsernameToken wsu:Id=\"user\">\r\n                <wsse:Username>{2}</wsse:Username>\r\n                <wsse:Password>{3}</wsse:Password>\r\n            </wsse:UsernameToken>\r\n            <wsu:Timestamp Id=\"Timestamp\">\r\n                <wsu:Created>{4}</wsu:Created>\r\n                <wsu:Expires>{5}</wsu:Expires>\r\n            </wsu:Timestamp>\r\n        </wsse:Security>\r\n    </s:Header>\r\n    <s:Body>\r\n        <wst:RequestSecurityToken Id=\"RST0\">\r\n            <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>\r\n            <wsp:AppliesTo>\r\n                <wsa:EndpointReference>\r\n                    <wsa:Address>{6}</wsa:Address>\r\n                </wsa:EndpointReference>\r\n            </wsp:AppliesTo>\r\n            <wst:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</wst:KeyType>\r\n        </wst:RequestSecurityToken>\r\n    </s:Body>\r\n</s:Envelope>", new object[]
            {
                IdcrlUtility.XmlValueEncode(adfsUrl),
                Guid.NewGuid().ToString(),
                IdcrlUtility.XmlValueEncode(username),
                IdcrlUtility.XmlValueEncode(password),
                DateTime.UtcNow.ToString("o", CultureInfo.InvariantCulture),
                DateTime.UtcNow.AddMinutes(10.0).ToString("o", CultureInfo.InvariantCulture),
                this.FederationTokenIssuer
            });
            XDocument xDocument     = this.DoPost(adfsUrl, "application/soap+xml; charset=utf-8", body, new Func <WebException, Exception>(IdcrlAuth.HandleWebException));
            Exception soapException = IdcrlAuth.GetSoapException(xDocument);

            if (soapException != null)
            {
                ClientULS.SendTraceTag(3454924u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "SOAP error from {0}. Exception={1}", new object[]
                {
                    adfsUrl,
                    soapException
                });
                throw soapException;
            }
            XElement elementAtPath = IdcrlUtility.GetElementAtPath(xDocument.Root, new string[]
            {
                "{http://www.w3.org/2003/05/soap-envelope}Body",
                "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityTokenResponse",
                "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestedSecurityToken",
                "{urn:oasis:names:tc:SAML:1.0:assertion}Assertion"
            });

            if (elementAtPath == null)
            {
                ClientULS.SendTraceTag(3454925u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "Cannot get security assertion for user {0} from {1}", new object[]
                {
                    username,
                    adfsUrl
                });
                throw IdcrlAuth.CreateIdcrlException(-2147186451);
            }
            return(elementAtPath.ToString(SaveOptions.DisableFormatting | SaveOptions.OmitDuplicateNamespaces));
        }
        private IdcrlAuth.FederationProviderInfo RequestFederationProviderInfo(string domainname)
        {
            int num;

            while ((num = domainname.IndexOf('.')) > 0)
            {
                string text = string.Format(CultureInfo.InvariantCulture, IdcrlMessageConstants.FPUrlFullUrlFormat, new object[]
                {
                    domainname
                });
                try
                {
                    XDocument xdoc         = this.DoGet(text);
                    string    fpDomainName = IdcrlAuth.ParseFPDomainName(xdoc);
                    text = string.Format(CultureInfo.InvariantCulture, IdcrlMessageConstants.FPListFullUrlFormat, new object[]
                    {
                        domainname
                    });
                    xdoc = this.DoGet(text);
                    return(IdcrlAuth.ParseFederationProviderInfo(xdoc, fpDomainName));
                }
                catch (AggregateException aex)
                {
                    ClientULS.SendTraceTag(3454939u, ClientTraceCategory.Authentication, ClientTraceLevel.Medium, "Exception when request {0}. Exception={1}", new object[]
                    {
                        text,
                        aex
                    });
                }
                catch (WebException ex)
                {
                    ClientULS.SendTraceTag(3454939u, ClientTraceCategory.Authentication, ClientTraceLevel.Medium, "Exception when request {0}. Exception={1}", new object[]
                    {
                        text,
                        ex
                    });
                }
                domainname = domainname.Substring(num + 1);
            }
            return(null);
        }
        private static Exception HandleWebException(WebException webException)
        {
            HttpWebResponse httpWebResponse = webException.Response as HttpWebResponse;

            if (httpWebResponse != null && httpWebResponse.ContentType != null && httpWebResponse.ContentType.IndexOf("application/soap+xml", StringComparison.OrdinalIgnoreCase) >= 0)
            {
                try
                {
                    using (TextReader textReader = new StreamReader(httpWebResponse.GetResponseStream()))
                    {
                        string text = textReader.ReadToEnd();
                        ClientULS.SendTraceTag(3454932u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "StatusCode={0}, ResponseText={1}", new object[]
                        {
                            (int)httpWebResponse.StatusCode,
                            text
                        });
                        using (XmlReader xmlReader = XmlReader.Create(new StringReader(text)))
                        {
                            XDocument xdoc = XDocument.Load(xmlReader);
                            return(IdcrlAuth.GetSoapException(xdoc));
                        }
                    }
                }
                catch (XmlException ex)
                {
                    ClientULS.SendTraceTag(3454933u, ClientTraceCategory.Authentication, ClientTraceLevel.Medium, "Error when read error response. Exception={0}", new object[]
                    {
                        ex
                    });
                }
                catch (IOException ex2)
                {
                    ClientULS.SendTraceTag(3454934u, ClientTraceCategory.Authentication, ClientTraceLevel.Medium, "Error when read error response. Exception={0}", new object[]
                    {
                        ex2
                    });
                }
            }
            return(null);
        }
Beispiel #7
0
 public string GetAuthenticationCookie(Uri url, string username, SecureString password, bool alwaysThrowOnFailure, EventHandler <SharePointOnlineCredentialsWebRequestEventArgs> executingWebRequest)
 {
     if (url == null)
     {
         throw new ArgumentNullException("url");
     }
     if (string.IsNullOrEmpty(username))
     {
         throw new ArgumentNullException("username");
     }
     if (password == null)
     {
         throw new ArgumentNullException("password");
     }
     SharePointOnlineAuthenticationProvider.IdcrlHeader idcrlHeader = this.GetIdcrlHeader(url, alwaysThrowOnFailure, executingWebRequest);
     if (idcrlHeader == null)
     {
         ClientULS.SendTraceTag(3991707u, ClientTraceCategory.Authentication, ClientTraceLevel.Medium, "Cannot get IDCRL header for {0}", new object[]
         {
             url
         });
         if (alwaysThrowOnFailure)
         {
             throw new ClientRequestException(Resources.GetString("CannotContactSite", new object[]
             {
                 url
             }));
         }
         return(null);
     }
     else
     {
         IdcrlEnvironment env;
         if (string.Compare(SharePointOnlineAuthenticationProvider.IdcrlServiceEnvironment, "INT-MSO", StringComparison.OrdinalIgnoreCase) == 0)
         {
             env = IdcrlEnvironment.Int;
         }
         else if (string.Equals(SharePointOnlineAuthenticationProvider.IdcrlServiceEnvironment, "PPE-MSO", StringComparison.OrdinalIgnoreCase))
         {
             env = IdcrlEnvironment.Ppe;
         }
         else
         {
             env = IdcrlEnvironment.Production;
         }
         IdcrlAuth idcrlAuth = new IdcrlAuth(env, executingWebRequest);
         //Edited for .NET Core - Changed from SecureString to string
         string password2    = SharePointOnlineAuthenticationProvider.FromSecureString(password);
         string serviceToken = idcrlAuth.GetServiceToken(username, password2, idcrlHeader.ServiceTarget, idcrlHeader.ServicePolicy);
         if (!string.IsNullOrEmpty(serviceToken))
         {
             return(this.GetCookie(url, idcrlHeader.Endpoint, serviceToken, alwaysThrowOnFailure, executingWebRequest));
         }
         ClientULS.SendTraceTag(3991708u, ClientTraceCategory.Authentication, ClientTraceLevel.Medium, "Cannot get IDCRL ticket for username {0}", new object[]
         {
             username
         });
         if (alwaysThrowOnFailure)
         {
             throw new IdcrlException(Resources.GetString("PPCRL_REQUEST_E_UNKNOWN", new object[]
             {
                 -2147186615
             }));
         }
         return(null);
     }
 }
        private static Exception GetSoapException(XDocument xdoc)
        {
            if (IdcrlUtility.GetElementAtPath(xdoc.Root, new string[]
            {
                "{http://www.w3.org/2003/05/soap-envelope}Body",
                "{http://www.w3.org/2003/05/soap-envelope}Fault"
            }) == null)
            {
                return(null);
            }
            XElement elementAtPath = IdcrlUtility.GetElementAtPath(xdoc.Root, new string[]
            {
                "{http://www.w3.org/2003/05/soap-envelope}Body",
                "{http://www.w3.org/2003/05/soap-envelope}Fault",
                "{http://www.w3.org/2003/05/soap-envelope}Code",
                "{http://www.w3.org/2003/05/soap-envelope}Subcode",
                "{http://www.w3.org/2003/05/soap-envelope}Value"
            });
            XElement elementAtPath2 = IdcrlUtility.GetElementAtPath(xdoc.Root, new string[]
            {
                "{http://www.w3.org/2003/05/soap-envelope}Body",
                "{http://www.w3.org/2003/05/soap-envelope}Fault",
                "{http://www.w3.org/2003/05/soap-envelope}Detail",
                "{http://schemas.microsoft.com/Passport/SoapServices/SOAPFault}error",
                "{http://schemas.microsoft.com/Passport/SoapServices/SOAPFault}value"
            });
            XElement elementAtPath3 = IdcrlUtility.GetElementAtPath(xdoc.Root, new string[]
            {
                "{http://www.w3.org/2003/05/soap-envelope}Body",
                "{http://www.w3.org/2003/05/soap-envelope}Fault",
                "{http://www.w3.org/2003/05/soap-envelope}Detail",
                "{http://schemas.microsoft.com/Passport/SoapServices/SOAPFault}error",
                "{http://schemas.microsoft.com/Passport/SoapServices/SOAPFault}internalerror",
                "{http://schemas.microsoft.com/Passport/SoapServices/SOAPFault}text"
            });
            string text = null;

            if (elementAtPath != null)
            {
                text = elementAtPath.Value;
                int num = text.IndexOf(':');
                if (num >= 0)
                {
                    text = text.Substring(num + 1);
                }
            }
            string text2 = null;

            if (elementAtPath2 != null)
            {
                text2 = elementAtPath2.Value;
            }
            string text3 = null;

            if (elementAtPath3 != null)
            {
                text3 = elementAtPath3.Value;
            }
            ClientULS.SendTraceTag(3454935u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "PassportErrorCode={0}, PassportDetailCode={1}, PassportErrorText={2}", new object[]
            {
                text,
                text2,
                text3
            });
            int  num2;
            long num3;

            if (string.IsNullOrEmpty(text2))
            {
                num2 = IdcrlAuth.MapPartnerSoapFault(text);
            }
            else if ((text2.StartsWith("0x", StringComparison.OrdinalIgnoreCase) && long.TryParse(text2.Substring(2), NumberStyles.HexNumber, CultureInfo.InvariantCulture, out num3)) || long.TryParse(text2, NumberStyles.Integer, CultureInfo.InvariantCulture, out num3))
            {
                num2 = (int)num3;
                if (string.Compare(text, "FailedAuthentication", StringComparison.OrdinalIgnoreCase) == 0)
                {
                    num2 = ((num2 == -2147186639) ? num2 : -2147186655);
                }
            }
            else
            {
                num2 = -2147186656;
            }
            return(IdcrlAuth.CreateIdcrlException(num2));
        }
        private IdcrlAuth.UserRealmInfo GetUserRealm(string login)
        {
            if (string.IsNullOrWhiteSpace(login))
            {
                throw new ArgumentNullException("login");
            }
            string userRealmServiceUrl = this.UserRealmServiceUrl;
            string body = string.Format(CultureInfo.InvariantCulture, "login={0}&xml=1", new object[]
            {
                Uri.EscapeDataString(login)
            });
            XDocument  xDocument  = this.DoPost(userRealmServiceUrl, "application/x-www-form-urlencoded", body, null);
            XAttribute xAttribute = xDocument.Root.Attribute("Success");

            if (xAttribute == null || string.Compare(xAttribute.Value, "true", StringComparison.OrdinalIgnoreCase) != 0)
            {
                ClientULS.SendTraceTag(3454919u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "Failed to get user's realm for user {0}", new object[]
                {
                    login
                });
                throw IdcrlAuth.CreateIdcrlException(-2147186539);
            }
            XElement xElement = xDocument.Root.Element("NameSpaceType");

            if (xElement == null)
            {
                ClientULS.SendTraceTag(3454920u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "There is no NameSpaceType element in the response when get user realm for user {0}", new object[]
                {
                    login
                });
                throw IdcrlAuth.CreateIdcrlException(-2147186539);
            }
            if (string.Compare(xElement.Value, "Federated", StringComparison.OrdinalIgnoreCase) != 0 && string.Compare(xElement.Value, "Managed", StringComparison.OrdinalIgnoreCase) != 0)
            {
                ClientULS.SendTraceTag(3454921u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "Unknown namespace type for user {0}", new object[]
                {
                    login
                });
                throw IdcrlAuth.CreateIdcrlException(-2147186539);
            }
            IdcrlAuth.UserRealmInfo userRealmInfo = new IdcrlAuth.UserRealmInfo();
            userRealmInfo.IsFederated = (0 == string.Compare(xElement.Value, "Federated", StringComparison.OrdinalIgnoreCase));
            xElement = xDocument.Root.Element("STSAuthURL");
            if (xElement != null)
            {
                userRealmInfo.STSAuthUrl = xElement.Value;
            }
            if (userRealmInfo.IsFederated && string.IsNullOrEmpty(userRealmInfo.STSAuthUrl))
            {
                ClientULS.SendTraceTag(3454922u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "User {0} is a federated account, but there is no STSAuthUrl for the user.", new object[]
                {
                    login
                });
                throw IdcrlAuth.CreateIdcrlException(-2147186539);
            }
            ClientULS.SendTraceTag(3454923u, ClientTraceCategory.Authentication, ClientTraceLevel.Verbose, "User={0}, IsFederated={1}, STSAuthUrl={2}", new object[]
            {
                login,
                userRealmInfo.IsFederated,
                userRealmInfo.STSAuthUrl
            });
            return(userRealmInfo);
        }