private static bool HasAcceptedAccruals(RPSProfile ticket)
{
string consumerPuid = ticket.ConsumerPuid;
bool flag;
bool flag2;
bool flag3;
if (string.IsNullOrEmpty(consumerPuid))
{
int tokenFlags = ticket.TokenFlags;
flag = ((tokenFlags & 536870912) == 0 || (tokenFlags & 16384) == 0);
flag2 = ((tokenFlags & 128) != 0);
flag3 = ((tokenFlags & 32) != 0 || (tokenFlags & 64) != 0);
}
else
{
flag = Convert.ToBoolean(ticket.HasSignedTOU);
flag2 = Convert.ToBoolean(ticket.ConsumerChild);
string consumerConsentLevel = ticket.ConsumerConsentLevel;
flag3 = ("FULL".Equals(consumerConsentLevel) || "PARTIAL".Equals(consumerConsentLevel));
}
return(flag && (!flag2 || flag3));
}
public static bool Authenticate(HttpContext httpContext, string siteName, string authPolicyOverrideValue, string[] memberNameIgnorePrefixes, bool useConsumerRps, out string puid, out string orgIdPuid, out string cid, out string membername, out uint issueTime, out uint loginAttributes, out string responseHeaders, out uint rpsTicketType, out RPSTicket deprecatedRpsTicketObject, out bool hasAcceptedAccrual, out uint rpsAuthState, out bool isOrgIdFederatedMsaIdentity)
{
if (!LiveIdAuthentication.IsInitialized)
{
throw new InvalidOperationException(Strings.ComponentNotInitialized);
}
if (siteName == null)
{
throw new ArgumentNullException("siteName");
}
hasAcceptedAccrual = false;
puid = null;
orgIdPuid = null;
cid = null;
membername = null;
issueTime = 0U;
loginAttributes = 0U;
responseHeaders = null;
rpsTicketType = 0U;
deprecatedRpsTicketObject = null;
rpsAuthState = 0U;
isOrgIdFederatedMsaIdentity = false;
RPSPropBag rpspropBag = null;
string text = httpContext.Request.QueryString["f"];
if (!string.IsNullOrEmpty(text))
{
ExTraceGlobals.LiveIdAuthenticationModuleTracer.TraceError <string>(0L, "Querystring contains F-code: {0}.", text);
return(false);
}
try
{
if (!useConsumerRps)
{
rpspropBag = new RPSPropBag(LiveIdAuthentication.rpsOrgIdSession);
}
RPSProfile rpsprofile = null;
using (RPSHttpAuthClient rpshttpAuthClient = LiveIdAuthentication.CreateRPSClient(useConsumerRps))
{
int? rpsErrorCode;
string rpsErrorString;
rpsprofile = rpshttpAuthClient.Authenticate(siteName, authPolicyOverrideValue, LiveIdAuthentication.sslOffloaded, httpContext.Request, rpspropBag, out rpsErrorCode, out rpsErrorString, out deprecatedRpsTicketObject);
LiveIdAuthentication.ValidateRpsCallAndThrowOnFailure(rpsErrorCode, rpsErrorString);
}
if (rpsprofile == null)
{
return(false);
}
if (!useConsumerRps && deprecatedRpsTicketObject != null)
{
try
{
using (RPSPropBag rpspropBag2 = new RPSPropBag(LiveIdAuthentication.rpsOrgIdSession))
{
rpspropBag2["SlidingWindow"] = 0;
if (!string.IsNullOrEmpty(authPolicyOverrideValue))
{
rpspropBag2["AuthPolicy"] = authPolicyOverrideValue;
}
if (!deprecatedRpsTicketObject.Validate(rpspropBag2))
{
return(false);
}
}
}
catch (COMException ex)
{
ExTraceGlobals.LiveIdAuthenticationModuleTracer.TraceError <COMException>(0L, "Failed to validate ticket: {0}.", ex);
LiveIdErrorHandler.ThrowRPSException(ex);
}
}
rpsAuthState = rpsprofile.RPSAuthState;
rpsTicketType = rpsprofile.TicketType;
if (LiveIdAuthenticationModule.AppPasswordCheckEnabled && !httpContext.Request.Url.AbsolutePath.StartsWith("/owa/", StringComparison.OrdinalIgnoreCase) && rpsprofile.AppPassword)
{
AppPasswordAccessException exception = new AppPasswordAccessException();
httpContext.Response.AppendToLog("&AppPasswordBlocked");
Utilities.HandleException(httpContext, exception, false);
}
hasAcceptedAccrual = LiveIdAuthentication.HasAcceptedAccruals(rpsprofile);
orgIdPuid = rpsprofile.HexPuid;
cid = (string.IsNullOrWhiteSpace(rpsprofile.ConsumerCID) ? rpsprofile.HexCID : rpsprofile.ConsumerCID);
puid = (string.IsNullOrWhiteSpace(rpsprofile.ConsumerPuid) ? orgIdPuid : rpsprofile.ConsumerPuid);
membername = rpsprofile.MemberName;
string text2;
if (LiveIdAuthentication.TryRemoveMemberNamePrefixes(membername, memberNameIgnorePrefixes, out text2))
{
membername = text2;
isOrgIdFederatedMsaIdentity = true;
}
issueTime = rpsprofile.IssueInstant;
loginAttributes = rpsprofile.LoginAttributes;
string text3 = loginAttributes.ToString();
httpContext.Response.AppendToLog("&loginAttributes=" + text3);
if (!string.IsNullOrWhiteSpace(text3))
{
httpContext.Response.AppendToLog(string.Format("loginAttributes={0}", text3));
httpContext.Request.Headers.Add("X-LoginAttributes", text3);
}
responseHeaders = rpsprofile.ResponseHeader;
}
finally
{
if (rpspropBag != null)
{
rpspropBag.Dispose();
}
}
return(true);
}
