private void CreateInputHtmlCollection(SecureNameValueCollection collection, SecureHttpBuffer buffer, Uri redirectUrl, int majorCasVersion)
{
foreach (string text in collection)
{
buffer.CopyAtCurrentPosition("<input type='hidden' name='");
buffer.CopyAtCurrentPosition(text);
buffer.CopyAtCurrentPosition("' value='");
if (text == "password")
{
SecureString securePassword;
collection.TryGetSecureValue(text, out securePassword);
using (SecureArray <char> secureArray = securePassword.TransformToSecureCharArray(new CharTransformDelegate(FbaFormPostProxyRequestHandler.EncodeForSingleQuotedAttribute)))
{
buffer.CopyAtCurrentPosition(secureArray);
goto IL_14B;
}
goto IL_72;
}
goto IL_72;
IL_14B:
buffer.CopyAtCurrentPosition("'>");
continue;
IL_72:
string text2;
if (!(text == "destination"))
{
collection.TryGetUnsecureValue(text, out text2);
buffer.CopyAtCurrentPosition(EncodingUtilities.HtmlEncode(text2));
goto IL_14B;
}
collection.TryGetUnsecureValue(text, out text2);
Uri uri;
if (!Uri.TryCreate(text2, UriKind.Absolute, out uri))
{
throw new HttpException(400, "destination value is not valid");
}
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.Append(redirectUrl.Scheme);
stringBuilder.Append(Uri.SchemeDelimiter);
stringBuilder.Append(redirectUrl.Authority);
if (FbaFormPostProxyRequestHandler.IsOwaUrl(uri, OwaUrl.AuthPost, true))
{
stringBuilder.Append(OwaUrl.ApplicationRoot.ImplicitUrl);
}
else if (string.IsNullOrEmpty(this.explicitLogonUser))
{
stringBuilder.Append(redirectUrl.PathAndQuery);
}
else
{
stringBuilder.Append(uri.PathAndQuery);
}
buffer.CopyAtCurrentPosition(stringBuilder.ToString());
goto IL_14B;
}
}
private void ChangePassword()
{
SecureHtmlFormReader secureHtmlFormReader = new SecureHtmlFormReader(base.Request);
secureHtmlFormReader.AddSensitiveInputName("oldPwd");
secureHtmlFormReader.AddSensitiveInputName("newPwd1");
secureHtmlFormReader.AddSensitiveInputName("newPwd2");
SecureNameValueCollection secureNameValueCollection = null;
try
{
if (secureHtmlFormReader.TryReadSecureFormData(out secureNameValueCollection))
{
string text = null;
SecureString secureString = null;
SecureString secureString2 = null;
SecureString secureString3 = null;
try
{
secureNameValueCollection.TryGetUnsecureValue("username", out text);
secureNameValueCollection.TryGetSecureValue("oldPwd", out secureString);
secureNameValueCollection.TryGetSecureValue("newPwd1", out secureString2);
secureNameValueCollection.TryGetSecureValue("newPwd2", out secureString3);
if (text != null && secureString != null && secureString2 != null && secureString3 != null)
{
if (!ExpiredPassword.SecureStringEquals(secureString2, secureString3))
{
this.reason = ExpiredPassword.ExpiredPasswordReason.PasswordConflict;
}
else
{
switch (ExpiredPassword.ChangePasswordNUCP(text, secureString, secureString2))
{
case ExpiredPassword.ChangePasswordResult.Success:
this.reason = ExpiredPassword.ExpiredPasswordReason.None;
this.passwordChanged = true;
break;
case ExpiredPassword.ChangePasswordResult.InvalidCredentials:
this.reason = ExpiredPassword.ExpiredPasswordReason.InvalidCredentials;
break;
case ExpiredPassword.ChangePasswordResult.LockedOut:
this.reason = ExpiredPassword.ExpiredPasswordReason.LockedOut;
break;
case ExpiredPassword.ChangePasswordResult.BadNewPassword:
this.reason = ExpiredPassword.ExpiredPasswordReason.InvalidNewPassword;
break;
case ExpiredPassword.ChangePasswordResult.OtherError:
this.reason = ExpiredPassword.ExpiredPasswordReason.InvalidCredentials;
break;
}
}
}
}
finally
{
secureString.Dispose();
secureString2.Dispose();
secureString3.Dispose();
}
}
}
finally
{
if (secureNameValueCollection != null)
{
secureNameValueCollection.Dispose();
}
}
}
private bool HandleFbaAuthFormPost(HttpApplication httpApplication)
{
HttpContext context = httpApplication.Context;
HttpRequest request = context.Request;
HttpResponse response = context.Response;
if (request.GetHttpMethod() != HttpMethod.Post)
{
return(false);
}
string strB = request.Url.Segments[request.Url.Segments.Length - 1];
if (string.Compare("auth.owa", strB, StringComparison.OrdinalIgnoreCase) != 0 && string.Compare("owaauth.dll", strB, StringComparison.OrdinalIgnoreCase) != 0)
{
return(false);
}
if (string.IsNullOrEmpty(request.ContentType))
{
request.ContentType = "application/x-www-form-urlencoded";
}
SecureHtmlFormReader secureHtmlFormReader = new SecureHtmlFormReader(request);
secureHtmlFormReader.AddSensitiveInputName("password");
SecureNameValueCollection secureNameValueCollection = null;
try
{
if (!secureHtmlFormReader.TryReadSecureFormData(out secureNameValueCollection))
{
AspNetHelper.EndResponse(context, HttpStatusCode.BadRequest);
}
string text = null;
string text2 = null;
SecureString secureString = null;
string text3 = null;
secureNameValueCollection.TryGetUnsecureValue("username", out text2);
secureNameValueCollection.TryGetSecureValue("password", out secureString);
secureNameValueCollection.TryGetUnsecureValue("destination", out text);
secureNameValueCollection.TryGetUnsecureValue("flags", out text3);
if (text == null || text2 == null || secureString == null || text3 == null || !this.CheckPostDestination(text, context.Request))
{
AspNetHelper.EndResponse(context, HttpStatusCode.BadRequest);
}
this.password = secureString.Copy();
this.userName = text2;
this.destinationUrl = text;
int num;
if (int.TryParse(text3, NumberStyles.Integer, CultureInfo.InvariantCulture, out num))
{
this.flags = num;
}
else
{
this.flags = 0;
}
text2 += ":";
Encoding @default = Encoding.Default;
int maxByteCount = @default.GetMaxByteCount(text2.Length + secureString.Length);
using (SecureArray <byte> secureArray = new SecureArray <byte>(maxByteCount))
{
int num2 = @default.GetBytes(text2, 0, text2.Length, secureArray.ArrayValue, 0);
using (SecureArray <char> secureArray2 = secureString.ConvertToSecureCharArray())
{
num2 += @default.GetBytes(secureArray2.ArrayValue, 0, secureArray2.Length(), secureArray.ArrayValue, num2);
this.basicAuthString = "Basic " + Convert.ToBase64String(secureArray.ArrayValue, 0, num2);
request.Headers["Authorization"] = this.basicAuthString;
}
}
}
finally
{
if (secureNameValueCollection != null)
{
secureNameValueCollection.Dispose();
}
}
ExTraceGlobals.VerboseTracer.TraceDebug <Uri>(0L, "HandleFbaAuthFormPost - {0}", request.Url);
return(true);
}