private static void ValidateQueryString(string httpURL, ADRawEntry userEntry)
{
string text;
string tenantOrganization = ExchangeRunspaceConfigurationSettings.FromUriConnectionString(httpURL, out text).TenantOrganization;
string value = tenantOrganization;
if (string.IsNullOrEmpty(tenantOrganization))
{
return;
}
AuthZLogger.SafeSetLogger(ConfigurationCoreMetadata.ManagedOrganization, value);
OrganizationId organizationId = userEntry[ADObjectSchema.OrganizationId] as OrganizationId;
if (organizationId != null && !ExchangeRunspaceConfiguration.IsAllowedOrganizationForPartnerAccounts(organizationId))
{
AuthZLogger.SafeAppendGenericError("ValidateQueryString", string.Format("Organization {0} not allowed for partner account.", organizationId.ToString()), false);
ExTraceGlobals.AccessDeniedTracer.TraceError <ADObjectId>(0L, "EAP.ValidateQueryString returns AccessDenied because user {0} does not belong to the appropriate organization", userEntry.Id);
throw new NotAllowedForPartnerAccessException(Strings.ErrorNotAllowedForPartnerAccess);
}
Uri uri;
if (!Uri.TryCreate(httpURL, UriKind.Absolute, out uri))
{
AuthZLogger.SafeAppendGenericError("ValidateQueryString", string.Format("Url {0} Incorrect.", httpURL), false);
ExTraceGlobals.AccessDeniedTracer.TraceError <ADObjectId, string, string>(0L, "EAP.ValidateQueryString returns AccessDenied because tenant user {0} requested partner access to {1} which is not found in the local forest and URL {2} is invalid", userEntry.Id, tenantOrganization, httpURL);
throw new UrlInValidException(Strings.ErrorUrlInValid);
}
ExTraceGlobals.ADConfigTracer.TraceDebug(0L, "EAP.ValidateQueryString returns Success.");
}
// Token: 0x060003B7 RID: 951 RVA: 0x0001721C File Offset: 0x0001541C
private void ExecuteCommand(IIdentity callerIdentity, CallContext callContext)
{
ADRecipient adrecipient = HttpContext.Current.Items["CallerRecipient"] as ADRecipient;
if (adrecipient == null && (Common.IsPartnerHostedOnly || VariantConfiguration.InvariantNoFlightingSnapshot.Autodiscover.NoCrossForestDiscover.Enabled))
{
string identityNameForTrace = Common.GetIdentityNameForTrace(callerIdentity);
ExTraceGlobals.FrameworkTracer.TraceError <string>(0L, "ExecuteCommand -- IRecipientSession.FindBySid user for {0} returned null.", identityNameForTrace);
callContext.Response.ErrorCode = ErrorCode.InvalidUser;
callContext.Response.ErrorMessage = string.Format(Strings.InvalidUser, identityNameForTrace);
return;
}
PartnerInfo partnerInfo = null;
string targetTenant = null;
bool flag = false;
string text = null;
byte[] binarySecret = null;
GetUserSettingsCommandBase getUserSettingsCommandBase;
if (VariantConfiguration.InvariantNoFlightingSnapshot.Autodiscover.ParseBinarySecretHeader.Enabled && AutodiscoverRequestMessage.HasBinarySecretHeader(out text))
{
PerformanceCounters.UpdatePartnerTokenRequests(callContext.UserAgent);
bool flag2 = false;
if (!string.IsNullOrEmpty(text))
{
try
{
binarySecret = Convert.FromBase64String(text);
flag2 = true;
}
catch (FormatException)
{
ExTraceGlobals.FrameworkTracer.TraceDebug <string>((long)this.GetHashCode(), "[GetUserSettingsRequestMessage::ExecuteCommand] the binary secret header {0} has invalid format", text);
}
}
if (!flag2)
{
PerformanceCounters.UpdatePartnerTokenRequestsFailed(callContext.UserAgent);
callContext.Response.ErrorCode = ErrorCode.InvalidRequest;
callContext.Response.ErrorMessage = Strings.InvalidBinarySecretHeader;
return;
}
if (!this.TryGetMailboxAccessPartnerInfo(callContext, adrecipient, out partnerInfo, out targetTenant))
{
ExTraceGlobals.FrameworkTracer.TraceDebug((long)this.GetHashCode(), "[GetUserSettingsRequestMessage::ExecuteCommand] TryGetMailboxAccessPartnerInfo returns false.");
PerformanceCounters.UpdatePartnerTokenRequestsFailed(callContext.UserAgent);
callContext.Response.ErrorCode = ErrorCode.InvalidRequest;
callContext.Response.ErrorMessage = Strings.InvalidPartnerTokenRequest;
return;
}
flag = true;
ExTraceGlobals.FrameworkTracer.TraceDebug <ADRecipient>((long)this.GetHashCode(), "GetUserSettingsForPartner created for the '{0}'. The caller is FPO partner.", adrecipient);
getUserSettingsCommandBase = new GetUserSettingsForPartner(callerIdentity.GetSecurityIdentifier(), callContext);
}
else if (adrecipient == null)
{
ExTraceGlobals.FrameworkTracer.TraceDebug <string>((long)this.GetHashCode(), "GetUserSettingsForUserWithUnscopedCaller created for '{0}'.", Common.GetIdentityNameForTrace(callerIdentity));
getUserSettingsCommandBase = new GetUserSettingsForUserWithUnscopedCaller(callerIdentity.GetSecurityIdentifier(), callContext);
}
else if (ExchangeRunspaceConfiguration.IsAllowedOrganizationForPartnerAccounts(adrecipient.OrganizationId))
{
ExTraceGlobals.FrameworkTracer.TraceDebug <ADRecipient>((long)this.GetHashCode(), "GetUserSettingsForPartner created for '{0}'.", adrecipient);
getUserSettingsCommandBase = new GetUserSettingsForPartner(callerIdentity.GetSecurityIdentifier(), callContext);
}
else
{
ExTraceGlobals.FrameworkTracer.TraceDebug <ADRecipient>((long)this.GetHashCode(), "GetUserSettingsForUser created for '{0}'.", adrecipient);
getUserSettingsCommandBase = new GetUserSettingsForUser(adrecipient, callerIdentity.GetSecurityIdentifier(), callContext);
}
getUserSettingsCommandBase.Execute();
if (flag)
{
UserResponse userResponse = callContext.Response.UserResponses[0];
if (userResponse.ErrorCode == ErrorCode.NoError || userResponse.ErrorCode == ErrorCode.RedirectUrl)
{
string assertionId = SecurityTokenService.CreateSamlAssertionId();
MessageHeader header = MessageHeader.CreateHeader("PartnerToken", "http://schemas.microsoft.com/exchange/2010/Autodiscover", partnerInfo.CreateSamlToken(assertionId, targetTenant, binarySecret, GetUserSettingsRequestMessage.tokenLifetime.Value));
MessageHeader header2 = MessageHeader.CreateHeader("PartnerTokenReference", "http://schemas.microsoft.com/exchange/2010/Autodiscover", PartnerInfo.GetTokenReference(assertionId));
OperationContext.Current.OutgoingMessageHeaders.Add(header);
OperationContext.Current.OutgoingMessageHeaders.Add(header2);
return;
}
PerformanceCounters.UpdatePartnerTokenRequestsFailed(callContext.UserAgent);
ExTraceGlobals.FrameworkTracer.TraceDebug <ErrorCode, string>((long)this.GetHashCode(), "No partner token header added since the user response error code is {0}, error message is '{1}'", userResponse.ErrorCode, userResponse.ErrorMessage);
}
}