/// <summary>
/// Handles the click event on the logon button.
/// </summary>
/// <param name="sender">The sender.</param>
/// <param name="e">The event arguments.</param>
private void _logonButton_Click(object sender, EventArgs e)
{
// Get the user provider.
var userProvider = this.Container.Resolve <IUserProvider>();
// Get the principal object for the current user.
IPrincipal principal;
try
{
principal = userProvider.Logon(this._loginTextBox.Text, this._passwordTextBox.Text);
}
catch (SecurityException)
{
return;
}
// Create the sign in request.
var signInRequestMessage =
(SignInRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url);
// Create the security token service.
var securityTokenService =
new SecurityTokenService(new SecurityTokenServiceConfiguration());
// Send the sign request to the security token service and get a sign in response.
var signInResponseMessage =
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(
signInRequestMessage, principal, securityTokenService);
// Redirect based on the sign in response.
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(
signInResponseMessage, this.Response);
}
private RequestedToken GetDelegationToken(ADUser user, Uri target, SecurityTokenService securityTokenService)
{
RequestedToken result;
try
{
DelegationTokenRequest request = new DelegationTokenRequest
{
FederatedIdentity = user.GetFederatedIdentity(),
EmailAddress = user.GetFederatedSmtpAddress().ToString(),
Target = new TokenTarget(target),
Offer = TestFederationTrust.TokenOffer
};
RequestedToken requestedToken = securityTokenService.IssueToken(request);
this.Log(EventTypeEnumeration.Success, TestFederationTrust.TestFederationTrustEventId.TokenRequest, Strings.DelegationTokenRequestSuccess);
result = requestedToken;
}
catch (LocalizedException ex)
{
this.Log(EventTypeEnumeration.Error, TestFederationTrust.TestFederationTrustEventId.TokenRequest, Strings.TokenRequestFailed);
base.WriteVerbose(Strings.FailureAndReason(Strings.TokenRequestFailed.ToString(), ex.ToString()));
result = null;
}
return(result);
}
private async Task <ItemResponse <Guid> > SendNewConfirmationEmail(string firstName, string lastName, string email, string id)
{
SecurityTokenAddRequest securityToken = new SecurityTokenAddRequest();
securityToken.FirstName = firstName;
securityToken.LastName = lastName;
securityToken.Email = email;
securityToken.TokenTypeId = 1;
securityToken.AspNetUserId = id;
Guid emailSecurityToken = SecurityTokenService.Insert(securityToken);
ConfirmationEmailRequest emailRequest = new ConfirmationEmailRequest();
emailRequest.FirstName = firstName;
emailRequest.LastName = lastName;
emailRequest.Email = email;
emailRequest.SecurityToken = emailSecurityToken;
//Removed static to enable DI
await _emailService.ConfirmRegistration(emailRequest);
ItemResponse <Guid> response = new ItemResponse <Guid>();
response.Item = emailSecurityToken;
return(response);
}
public HttpResponseMessage ConfirmToken(String userId, Guid guid)
{
SecurityToken securityToken = SecurityTokenService.SelectByGuid(guid);
if (securityToken.AspNetUserId != null && securityToken.AspNetUserId == userId)
{
DateTime now = DateTime.UtcNow;
TimeSpan daysElapsed = (now - securityToken.DateCreated);
if (daysElapsed.TotalDays > 1)
{
String errorMessage = "1|Not activated in 24 hours";
ErrorResponse response = new ErrorResponse(errorMessage);
return(Request.CreateResponse(HttpStatusCode.NotAcceptable, response));
}
else
{
UserService.ConfirmEmail(securityToken.AspNetUserId);
if (!PersonService.CheckIfPerson(securityToken.AspNetUserId))
{
PersonAddRequest person = new PersonAddRequest();
person.Email = securityToken.Email;
person.AspNetUserId = securityToken.AspNetUserId;
int id = PersonService.Insert(person);
}
SuccessResponse response = new SuccessResponse();
return(Request.CreateResponse(HttpStatusCode.OK, response));
}
}
else
{
String errorMessage = "2|Confirm failed";
ErrorResponse response = new ErrorResponse(errorMessage);
return(Request.CreateResponse(HttpStatusCode.BadRequest, response));
}
}
public HttpResponseMessage ConfirmResetToken(Guid guid)
{
SecurityToken securityToken = SecurityTokenService.SelectByGuid(guid);
if (securityToken.AspNetUserId != null)
{
DateTime now = DateTime.UtcNow;
TimeSpan daysElapsed = (now - securityToken.DateCreated);
if (daysElapsed.TotalDays > 1)
{
String errorMessage = "1|Not activated in 24 hours";
ErrorResponse response = new ErrorResponse(errorMessage);
return(Request.CreateResponse(HttpStatusCode.NotAcceptable, response));
}
else
{
ItemResponse <SecurityToken> response = new ItemResponse <SecurityToken>();
response.Item = securityToken;
return(Request.CreateResponse(HttpStatusCode.OK, response));
}
}
else
{
String errorMessage = "2|Confirm failed";
ErrorResponse response = new ErrorResponse(errorMessage);
return(Request.CreateResponse(HttpStatusCode.BadRequest, response));
}
}
private async Task <ItemResponse <Guid> > SendResetPasswordEmail(PersonBase pb, ConfirmationEmailRequest model)
{
SecurityTokenAddRequest securityToken = new SecurityTokenAddRequest();
securityToken.FirstName = pb.FirstName;
securityToken.LastName = pb.LastName;
securityToken.Email = model.Email;
securityToken.TokenTypeId = 2;
securityToken.AspNetUserId = "";
Guid emailSecurityToken = SecurityTokenService.Insert(securityToken);
ConfirmationEmailRequest emailRequest = new ConfirmationEmailRequest();
emailRequest.FirstName = pb.FirstName;
emailRequest.LastName = pb.LastName;
emailRequest.Email = model.Email;
emailRequest.SecurityToken = emailSecurityToken;
await _emailService.ForgotPassword(emailRequest);
ItemResponse <Guid> response = new ItemResponse <Guid>();
response.Item = emailSecurityToken;
return(response);
}
//[Route("{guid:Guid}"), HttpPut]
//public async Task<HttpResponseMessage> ResendConfirmationEmail(Guid guid)
//{
// SecurityToken securityToken = SecurityTokenService.SelectByGuid(guid);
// ItemResponse<Guid> response = await SendNewConfirmationEmail(securityToken.FirstName, securityToken.LastName, securityToken.Email, securityToken.AspNetUserId);
// return Request.CreateResponse(HttpStatusCode.OK, response);
//}
private async Task <SuccessResponse> SendNewConfirmationEmail(string email, string id)
{
SecurityTokenAddRequest securityTokenAddRequest = new SecurityTokenAddRequest();
securityTokenAddRequest.Email = email;
securityTokenAddRequest.AspNetUserId = id;
SecurityToken securityToken = new SecurityToken();
securityToken.TokenGuid = SecurityTokenService.Insert(securityTokenAddRequest);
securityToken.AspNetUserId = id;
StringBuilder UrlBuilder = new StringBuilder(ConfigurationManager.AppSettings.Get("BaseUrl"));
UrlBuilder.Append("/account/confirmemail?id=");
UrlBuilder.Append(securityToken.AspNetUserId);
UrlBuilder.Append("&token=");
UrlBuilder.Append(securityToken.TokenGuid);
await ExternalEmailService.ConfirmRegistration(UrlBuilder.ToString(), email);
SuccessResponse response = new SuccessResponse();
return(response);
}
public async Task <HttpResponseMessage> ResendConfirmationEmail(Guid guid)
{
SecurityToken securityToken = SecurityTokenService.SelectByGuid(guid);
ItemResponse <Guid> response = await SendNewConfirmationEmail(securityToken.FirstName, securityToken.LastName, securityToken.Email, securityToken.AspNetUserId);
return(Request.CreateResponse(HttpStatusCode.OK, response));
}
public HttpResponseMessage ResetPassWord(PasswordResetRequest model)
{
SecurityToken securityToken = SecurityTokenService.SelectByGuid(model.Guid);
UserService.ChangePassWord(securityToken.AspNetUserId, model.Password);
ItemsResponse <bool> response = new ItemsResponse <bool>();
return(Request.CreateResponse(HttpStatusCode.OK, response));
}
public STS(SecurityTokenService sts)
{
if (sts == null)
{
throw new ArgumentNullException("sts");
}
_sts = sts;
}
public async Task ThrowExceptionWhenNoTokenStoredTest()
{
// Arrange
var securityTokenService = new SecurityTokenService(context);
// Act
Func <Task <IList <string> > > act = async() => await securityTokenService.GetSavedData(Guid.NewGuid(), string.Empty);
// Assert
await act.Should().ThrowAsync <InvalidOperationException>().WithMessage("Sequence contains no elements");
}
public async Task <HttpResponseMessage> ResendResetPasswordEmail(Guid guid)
{
SecurityToken securityToken = SecurityTokenService.SelectByGuid(guid);
PersonBase pb = new PersonBase();
pb.FirstName = securityToken.FirstName;
pb.LastName = securityToken.LastName;
pb.Email = securityToken.Email;
ConfirmationEmailRequest r = new ConfirmationEmailRequest();
r.Email = securityToken.Email;
ItemResponse <Guid> response = await SendResetPasswordEmail(pb, r);
return(Request.CreateResponse(HttpStatusCode.OK, response));
}
public async Task ThrowExceptionWhenTokenDoesNotMatchTest()
{
// Arrange
var userId = Guid.NewGuid();
var securityTokenService = new SecurityTokenService(context);
await securityTokenService.SaveDataWithTokenAsync(
new List <string>
{
Guid.NewGuid().ToString(),
Guid.NewGuid().ToString()
},
userId);
// Act
Func <Task <IList <string> > > act = async() => await securityTokenService.GetSavedData(userId, string.Empty);
// Assert
await act.Should().ThrowAsync <GeneratorException>().WithMessage("User Token doesn't match stored one");
}
/// <summary>
/// Inserts a new queued message into the database
/// </summary>
/// <param name="queuedMessage">The queued message to insert</param>
/// <param name="cancellationToken">(Optional) A cancellation token through which the
/// caller can request cancellation of the insert operation</param>
/// <returns>Returns a task that completes when the insert operation completes</returns>
protected virtual async Task InsertQueuedMessage(QueuedMessage queuedMessage, CancellationToken cancellationToken = default(CancellationToken))
{
var message = queuedMessage.Message;
var principal = queuedMessage.Principal;
var expires = message.Headers.Expires;
var connection = ConnectionProvider.GetConnection();
var securityToken = await SecurityTokenService.NullSafeIssue(principal, expires);
var persistedMessage = message.WithSecurityToken(securityToken);
if (MessageEncryptionService != null)
{
persistedMessage = await MessageEncryptionService.Encrypt(message);
}
try
{
var headers = persistedMessage.Headers;
var commandBuilder = CommandBuilders.NewInsertQueuedMessageCommandBuilder();
commandBuilder.MessageId = headers.MessageId;
commandBuilder.QueueName = QueueName;
commandBuilder.Origination = headers.Origination?.ToString();
commandBuilder.Destination = headers.Destination?.ToString();
commandBuilder.ReplyTo = headers.ReplyTo?.ToString();
commandBuilder.Expires = headers.Expires;
commandBuilder.ContentType = headers.ContentType;
commandBuilder.Headers = SerializeHeaders(headers);
commandBuilder.Content = persistedMessage.Content;
using (var scope = new TransactionScope(TransactionScopeOption.Required, TransactionScopeAsyncFlowOption.Enabled))
{
using (var command = commandBuilder.BuildDbCommand(connection))
{
await command.ExecuteNonQueryAsync(cancellationToken);
}
scope.Complete();
}
}
finally
{
ConnectionProvider.ReleaseConnection(connection);
}
}
private async Task <SuccessResponse> SendResetPasswordEmail(String email)
{
SecurityTokenAddRequest securityTokenAddRequest = new SecurityTokenAddRequest();
securityTokenAddRequest.Email = email;
securityTokenAddRequest.AspNetUserId = UserService.GetUser(email).Id;
SecurityToken securityToken = new SecurityToken();
securityToken.TokenGuid = SecurityTokenService.Insert(securityTokenAddRequest);
securityToken.AspNetUserId = UserService.GetUser(email).Id;
StringBuilder UrlBuilder = new StringBuilder(ConfigurationManager.AppSettings.Get("BaseUrl"));
UrlBuilder.Append("/account/resetpassword/");
UrlBuilder.Append(securityToken.TokenGuid);
await ExternalEmailService.ResetPassword(UrlBuilder.ToString(), email);
SuccessResponse response = new SuccessResponse();
return(response);
}
public int Create(AccountUpsertRequest userModel)
{
int userId = 0;
string salt;
string passwordHash;
string password = userModel.Password;
salt = _cryptographyService.GenerateRandomString(RAND_LENGTH);
passwordHash = _cryptographyService.Hash(password, salt, HASH_ITERATION_COUNT);
_dataProvider.ExecuteNonQuery("dbo.Person_UpsertAccount",
inputParamMapper : delegate(SqlParameterCollection paramCollection)
{
paramCollection.AddWithValue("@Id", userModel.Id);
paramCollection.AddWithValue("@FirstName", userModel.FirstName);
paramCollection.AddWithValue("@LastName", userModel.LastName);
paramCollection.AddWithValue("@Email", userModel.Email);
paramCollection.AddWithValue("@Salt", salt);
paramCollection.AddWithValue("@PasswordHash", passwordHash);
paramCollection.AddWithValue("@RoleId", userModel.RoleId);
//SqlParameter idParameter = new SqlParameter("@Id", SqlDbType.Int);
//idParameter.Direction = ParameterDirection.Output;
//paramCollection.Add(idParameter);
}
//,
//returnParameters: delegate (SqlParameterCollection param)
//{
// Int32.TryParse(param["@Id"].Value.ToString(), out userId);
//}
);
//1)creating token
SecurityTokenService sts = new SecurityTokenService(_dataProvider);
SecurityTokenAddRequest star = new SecurityTokenAddRequest()
{
TokenTypeId = 1,
UserEmail = userModel.Email
};
System.Guid tokenGuid = sts.Insert(star);
//2)emailing confirmation
var source = SiteConfig.BaseUrl;
var message =
"<body style='margin: 0; padding: 0; background:#ccc;'><table cellpadding=0 cellspacing=0 style='width: 100%;'><tr><td style='padding: 12px 2%;'><table cellpadding=0 cellspacing=0 style='margin:auto; background: #fff; width: 96%;'><tr><td style='padding: 12px 2%;'><div><h1 style='color:white;background-color:#1E90FF;'>Youth Mentoring Connection</h1></div > <div><h2 style='margin-top: 0;'>Congratulations</h2><p>You've successfully registered. Please confirm your email with Youth Mentoring Connection.To confirm your email click the link below:<br/></br> <span style='text-align:center; margin:0;'><a href="
+ source + "/confirmationPages?guid="
+ tokenGuid + ">Click Here To Confirm Email</a></p><p>...</p></div><div><h4 style='margin-top: 0;'>Sawubona!</h4><p></p></div><div style='border-top: solid 1px #ccc;'><p></p></div></td ></tr ></table ></td ></tr ></table ></body >";
ConfirmationEmailService ces = new ConfirmationEmailService();
ConfirmationEmailRequest cer = new ConfirmationEmailRequest()
{
From = "*****@*****.**",
To = userModel.Email,
Subject = "YMC Confirmation",
Body = message
};
Task <bool> email = ces.Execute(cer);
return(userId);
//DB provider call to create user and get us a user id
//be sure to store both salt and passwordHash
//DO NOT STORE the original password value that the user passed us
}
public WSFederationSecurityTokenService()
: base()
{
stsConfiguration = new CustomSecurityTokenServiceConfiguration();
securityTokenService = new CustomSecurityTokenService(this.stsConfiguration);
}
/// <summary>
/// Determines the principal stored with the queued message
/// </summary>
protected async Task <IPrincipal> ResolvePrincipal(IMessageHeaders headers, string senderPrincipal)
{
return(await SecurityTokenService.NullSafeValidate(headers.SecurityToken));
}
private SoapHttpClientAuthenticator CreateAuthenticator(Offer offer)
{
DelegationTokenRequest delegationTokenRequest = this.GetDelegationTokenRequest(offer);
SharingEngine.Tracer.TraceDebug <DelegationTokenRequest>((long)this.GetHashCode(), "Requesting token for: {0}", delegationTokenRequest);
if (this.adUser == null)
{
SharingEngine.Tracer.TraceError((long)this.GetHashCode(), "adUser is null here");
throw new ADUserNotFoundException();
}
if (this.externalAuthentication == null)
{
SharingEngine.Tracer.TraceError((long)this.GetHashCode(), "externalAuthentication is null here");
throw new InvalidParamException(Strings.ArgumentValidationFailedException("externalAuthentication"));
}
SecurityTokenService securityTokenService = this.externalAuthentication.GetSecurityTokenService(this.adUser.OrganizationId);
if (securityTokenService == null)
{
SharingEngine.Tracer.TraceError((long)this.GetHashCode(), "securityTokenService is null here");
throw new InvalidParamException(Strings.ArgumentValidationFailedException("securityTokenService"));
}
Stopwatch stopwatch = Stopwatch.StartNew();
bool flag = false;
RequestedToken requestedToken;
try
{
requestedToken = securityTokenService.IssueToken(delegationTokenRequest);
flag = true;
}
catch (WSTrustException ex)
{
SharingEngine.Tracer.TraceError <WSTrustException>((long)this.GetHashCode(), "Unable to request token due exception: {0}", ex);
throw new FailedCommunicationException(ex, delegationTokenRequest);
}
finally
{
if (flag)
{
stopwatch.Stop();
PerformanceCounters.AverageExternalAuthenticationTokenRequestTime.IncrementBy(stopwatch.ElapsedTicks);
PerformanceCounters.AverageExternalAuthenticationTokenRequestTimeBase.Increment();
PerformanceCounters.SuccessfulExternalAuthenticationTokenRequests.Increment();
}
else
{
PerformanceCounters.FailedExternalAuthenticationTokenRequests.Increment();
}
}
if (requestedToken == null)
{
SharingEngine.Tracer.TraceError((long)this.GetHashCode(), "token is null here");
throw new InvalidParamException(Strings.ArgumentValidationFailedException("token"));
}
if (this.subscription == null)
{
SharingEngine.Tracer.TraceError((long)this.GetHashCode(), "subscription is null here");
throw new SubscriptionNotFoundException();
}
XmlElement any = SharingKeyHandler.Encrypt(new SmtpAddress(this.subscription.SharingKey), requestedToken.ProofToken);
SoapHttpClientAuthenticator soapHttpClientAuthenticator = SoapHttpClientAuthenticator.Create(requestedToken);
soapHttpClientAuthenticator.AdditionalSoapHeaders.Add(new SharingSecurityHeader(any));
return(soapHttpClientAuthenticator);
}
private bool ProcessError(SecurityTokenService secureService, SoapException exception, MSNTicket msnticket, EventHandler onSuccess, EventHandler <ExceptionEventArgs> onError)
{
string errFedDirectLogin = @"Direct login to WLID is not allowed for this federated namespace";
if (exception == null)
{
return(false);
}
if (secureService.pp == null)
{
return(false);
}
uint errorCode = uint.Parse(secureService.pp.reqstatus.Remove(0, "0x".Length), NumberStyles.HexNumber);
if (errorCode == 0x800488ee)
{
if (exception.Detail.InnerXml.IndexOf(errFedDirectLogin) != -1)
{
string fedLoginURL = string.Empty;
string fedAuthURL = string.Empty;
string fedBrandName = string.Empty;
foreach (extPropertyType extProperty in secureService.pp.extProperties)
{
switch (extProperty.Name)
{
case "STSAuthURL": //STS means Security Token Service.
fedLoginURL = extProperty.Value;
break;
case "AuthURL":
fedAuthURL = extProperty.Value;
break;
case "AllowFedUsersWLIDSignIn": //Is it allow to login by MSN ? Not all feduser can log in with a WLM client.
if (!bool.Parse(extProperty.Value))
{
return(false);
}
break;
case "FederationBrandName":
fedBrandName = extProperty.Value;
break;
case "IsFederatedNS":
if (!bool.Parse(extProperty.Value))
{
return(false);
}
break;
}
}
if (fedLoginURL == string.Empty)
{
return(false);
}
Uri fedLoginURI = new Uri(fedLoginURL);
string strFedLoginURI = fedLoginURI.Scheme.ToUpperInvariant() + "://" + fedLoginURI.Host + (fedLoginURI.Scheme.ToLowerInvariant() == "https" ? ":443" : string.Empty) + "/" + fedLoginURI.PathAndQuery;
SecurityTokenService fedSecureService = CreateSecurityTokenService(@"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue", strFedLoginURI);
fedSecureService.Url = fedLoginURL;
RequestSecurityTokenType token = new RequestSecurityTokenType();
token.Id = "RST0";
token.RequestType = RequestTypeOpenEnum.httpschemasxmlsoaporgws200502trustIssue;
AppliesTo appliesTo = new AppliesTo();
appliesTo.EndpointReference = new EndpointReferenceType();
appliesTo.EndpointReference.Address = new AttributedURIType();
appliesTo.EndpointReference.Address.Value = strFedLoginURI.Remove(0, @"HTTPS://".Length);
token.AppliesTo = appliesTo;
RequestSecurityTokenResponseType response = null;
if (onSuccess != null && onError != null)
{
//Async request.
fedSecureService.RequestSecurityTokenCompleted += delegate(object sender, RequestSecurityTokenCompletedEventArgs e)
{
if (!e.Cancelled)
{
if (e.Error != null)
{
MSNPSharpException sexp = new MSNPSharpException(e.Error.Message + ". See innerexception for detail.", e.Error);
onError(this, new ExceptionEventArgs(sexp));
return;
}
response = e.Result;
if (response.RequestedSecurityToken == null || response.RequestedSecurityToken.Assertion == null)
{
return;
}
AssertionType assertion = response.RequestedSecurityToken.Assertion;
secureService = CreateSecurityTokenService(@"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue", @"HTTPS://login.live.com:443//RST2.srf");
secureService.Security.Assertion = assertion;
if (response.Lifetime != null)
{
secureService.Security.Timestamp.Created = response.Lifetime.Created;
secureService.Security.Timestamp.Expires = response.Lifetime.Expires;
}
Authenticate(secureService, msnticket, onSuccess, onError);
}
};
fedSecureService.RequestSecurityTokenAsync(token, new object());
return(true);
}
else
{
//Sync request.
try
{
response = fedSecureService.RequestSecurityToken(token);
}
catch (Exception ex)
{
MSNPSharpException sexp = new MSNPSharpException(ex.Message + ". See innerexception for detail.", ex);
throw sexp;
}
if (response.RequestedSecurityToken == null)
{
return(false);
}
if (response.RequestedSecurityToken.Assertion == null)
{
return(false);
}
AssertionType assertion = response.RequestedSecurityToken.Assertion;
secureService = CreateSecurityTokenService(@"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue", @"HTTPS://login.live.com:443//RST2.srf");
secureService.Security.Assertion = assertion;
Authenticate(secureService, msnticket, onSuccess, onError);
return(true);
}
}
}
return(false);
}
private void Authenticate(SecurityTokenService securService, MSNTicket msnticket, EventHandler onSuccess, EventHandler <ExceptionEventArgs> onError)
{
if (user.Split('@').Length > 1)
{
if (user.Split('@')[1].ToLower(CultureInfo.InvariantCulture) == "msn.com")
{
securService.Url = @"https://msnia.login.live.com/RST2.srf";
}
}
else
{
AuthenticationException authenticationException = new AuthenticationException("Invalid account. The account must contain @ char");
if (onError != null && onSuccess != null)
{
onError(this, new ExceptionEventArgs(authenticationException));
}
else
{
throw authenticationException;
}
}
RequestMultipleSecurityTokensType mulToken = new RequestMultipleSecurityTokensType();
mulToken.Id = "RSTS";
mulToken.RequestSecurityToken = auths.ToArray();
// ASYNC
if (onSuccess != null && onError != null)
{
securService.RequestMultipleSecurityTokensCompleted += delegate(object sender, RequestMultipleSecurityTokensCompletedEventArgs e)
{
if (!e.Cancelled)
{
if (e.Error != null)
{
SoapException sex = e.Error as SoapException;
if (sex != null && ProcessError(securService, sex, msnticket, onSuccess, onError))
{
return;
}
MSNPSharpException sexp = new MSNPSharpException(e.Error.Message + ". See innerexception for detail.", e.Error);
if (securService.pp != null)
{
sexp.Data["Code"] = securService.pp.reqstatus; //Error code
}
onError(this, new ExceptionEventArgs(sexp));
}
else if (e.Result != null)
{
GetTickets(e.Result, securService, msnticket);
onSuccess(this, EventArgs.Empty);
}
else
{
// Is this possible? Answer: No.
}
}
};
securService.RequestMultipleSecurityTokensAsync(mulToken, new object());
}
else
{
try
{
RequestSecurityTokenResponseType[] result = securService.RequestMultipleSecurityTokens(mulToken);
if (result != null)
{
GetTickets(result, securService, msnticket);
}
}
catch (SoapException sex)
{
if (ProcessError(securService, sex, msnticket, onSuccess, onError))
{
return;
}
throw sex;
}
catch (Exception ex)
{
MSNPSharpException sexp = new MSNPSharpException(ex.Message + ". See innerexception for detail.", ex);
if (securService.pp != null)
{
sexp.Data["Code"] = securService.pp.reqstatus; //Error code
}
throw sexp;
}
}
}
private void InitSTS(string domain)
{
stsConfiguration = new CustomSTSConfig(domain);
securityTokenService = new CustomSTS(stsConfiguration);
}
public SecurityTokenApiController(SecurityTokenService svc)
{
_svc = svc;
}
/// <summary>
///
/// </summary>
/// <param name="requestMessage"></param>
/// <param name="principal"></param>
/// <param name="sts"></param>
/// <returns></returns>
public static AccessTokenResponse ProcessAccessTokenRequest(AccessTokenRequest requestMessage, IPrincipal principal, SecurityTokenService sts)
{
return ProcessAccessTokenRequest(requestMessage, principal, sts, false);
}
/// <summary>
/// Requests a token from the issuer and builds a response with that token.
/// </summary>
/// <param name="requestMessage"></param>
/// <param name="principal"></param>
/// <param name="sts"></param>
/// <param name="withRefreshToken"></param>
/// <returns></returns>
public static AccessTokenResponse ProcessAccessTokenRequest(AccessTokenRequest requestMessage, IPrincipal principal, SecurityTokenService sts, Boolean withRefreshToken)
{
if (null == requestMessage)
throw new ArgumentNullException("requestMessage");
if (null == principal)
throw new ArgumentNullException("principal");
if (null == sts)
throw new ArgumentNullException("sts");
// Call issuer to create token
// TODO
/*var context = new WSTrustSerializationContext(
sts.SecurityTokenServiceConfiguration.SecurityTokenHandlerCollectionManager,
sts.SecurityTokenServiceConfiguration.CreateAggregateTokenResolver(),
sts.SecurityTokenServiceConfiguration.IssuerTokenResolver);*/
var response = sts.Issue(
ClaimsPrincipal.CreateFromPrincipal(principal),
new WrapSerializer().CreateRequest(requestMessage));
// Create response
var token = response.RequestedSecurityToken.SecurityToken;
return WriteToken(token, withRefreshToken);
}
public EncryptionResults Encrypt(IExchangePrincipal mailboxOwner, IRecipientSession recipientSession, ExternalUserCollection externalUserCollection, ValidRecipient[] recipients, string sender, string containerClass, string folderId, IFrontEndLocator frontEndLocator)
{
SharingDataType sharingDataType = SharingDataType.FromContainerClass(containerClass);
if (sharingDataType == null || !sharingDataType.IsExternallySharable)
{
throw new ArgumentOutOfRangeException("containerClass");
}
ADUser aduser = DirectoryHelper.ReadADRecipient(mailboxOwner.MailboxInfo.MailboxGuid, mailboxOwner.MailboxInfo.IsArchive, recipientSession) as ADUser;
if (aduser == null)
{
SharedFolderDataEncryption.Tracer.TraceError <SharedFolderDataEncryption, string>((long)this.GetHashCode(), "{0}: The Active Directory user was not found. Sender={1}.", this, sender);
throw new ObjectNotFoundException(ServerStrings.ADUserNotFound);
}
ProxyAddress item = new SmtpProxyAddress(sender, false);
if (!aduser.EmailAddresses.Contains(item))
{
SharedFolderDataEncryption.Tracer.TraceError <SharedFolderDataEncryption, string>((long)this.GetHashCode(), "{0}: The SMTP address was not found in the user AD object for this mailbox. Sender={1}.", this, sender);
throw new ObjectNotFoundException(ServerStrings.ADUserNotFound);
}
SharingPolicy sharingPolicy = DirectoryHelper.ReadSharingPolicy(mailboxOwner.MailboxInfo.MailboxGuid, mailboxOwner.MailboxInfo.IsArchive, recipientSession);
SharedFolderDataEncryption.Tracer.TraceDebug <SharedFolderDataEncryption, object>((long)this.GetHashCode(), "{0}: Sharing policy to be applied to this user: {1}", this, (sharingPolicy == null) ? "<null>" : sharingPolicy.Id);
SharingPolicyAction sharingPolicyActions = SharedFolderDataEncryption.GetSharingPolicyActions(sharingDataType.StoreObjectType);
SharedFolderDataRecipient[] externalIdentities = SharedFolderDataEncryption.GetExternalIdentities(externalUserCollection, recipients);
List <InvalidRecipient> list = new List <InvalidRecipient>();
Dictionary <TokenTarget, List <SharedFolderDataRecipient> > dictionary = new Dictionary <TokenTarget, List <SharedFolderDataRecipient> >(externalIdentities.Length, SharedFolderDataEncryption.TokenTargetComparer);
for (int i = 0; i < recipients.Length; i++)
{
SharedFolderDataRecipient item2 = externalIdentities[i];
ValidRecipient validRecipient = recipients[i];
SmtpAddress smtpAddress = new SmtpAddress(validRecipient.SmtpAddress);
string domain = smtpAddress.Domain;
if (sharingPolicy == null || !sharingPolicy.IsAllowedForAnySharing(domain, sharingPolicyActions))
{
SharedFolderDataEncryption.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Sharing policy does not allow user to share with domain {0}", domain);
list.Add(new InvalidRecipient(validRecipient.SmtpAddress, InvalidRecipientResponseCodeType.SystemPolicyBlocksSharingWithThisRecipient));
}
else
{
SmtpAddress smtpAddress2 = new SmtpAddress(validRecipient.SmtpAddressForEncryption);
TokenTarget tokenTarget = TargetUriResolver.Resolve(smtpAddress2.Domain, aduser.OrganizationId);
if (tokenTarget == null)
{
list.Add(new InvalidRecipient(validRecipient.SmtpAddress, InvalidRecipientResponseCodeType.RecipientOrganizationNotFederated));
}
else
{
List <SharedFolderDataRecipient> list2;
if (!dictionary.TryGetValue(tokenTarget, out list2))
{
list2 = new List <SharedFolderDataRecipient>(1);
dictionary.Add(tokenTarget, list2);
}
list2.Add(item2);
}
}
}
List <EncryptedSharedFolderData> list3 = new List <EncryptedSharedFolderData>(dictionary.Count);
SharedFolderData sharedFolderData = new SharedFolderData();
sharedFolderData.DataType = sharingDataType.ExternalName;
sharedFolderData.FolderId = folderId;
sharedFolderData.SharingUrl = this.GetSharingUrl(aduser, frontEndLocator);
sharedFolderData.FederationUri = this.externalAuthentication.TokenValidator.TargetUri.ToString();
sharedFolderData.SenderSmtpAddress = sender;
DelegationTokenRequest delegationTokenRequest = new DelegationTokenRequest
{
FederatedIdentity = aduser.GetFederatedIdentity(),
EmailAddress = aduser.GetFederatedSmtpAddress(new SmtpAddress(sender)).ToString(),
Offer = Offer.SharingInviteMessage
};
SecurityTokenService securityTokenService = this.externalAuthentication.GetSecurityTokenService(aduser.OrganizationId);
foreach (KeyValuePair <TokenTarget, List <SharedFolderDataRecipient> > keyValuePair in dictionary)
{
delegationTokenRequest.Target = keyValuePair.Key;
sharedFolderData.Recipients = keyValuePair.Value.ToArray();
try
{
RequestedToken requestedToken = securityTokenService.IssueToken(delegationTokenRequest);
list3.Add(this.Encrypt(requestedToken, sharedFolderData));
}
catch (WSTrustException ex)
{
foreach (SharedFolderDataRecipient sharedFolderDataRecipient in sharedFolderData.Recipients)
{
list.Add(new InvalidRecipient(sharedFolderDataRecipient.SmtpAddress, SharedFolderDataEncryption.GetResponseCodeFromException(ex), ex.ToString()));
}
}
}
return(new EncryptionResults(list3.ToArray(), list.ToArray()));
}
/// <summary>
/// Authenticate the specified user. By asynchronous or synchronous ways.
/// </summary>
/// <param name='msnticket'>
/// Msnticket.
/// </param>
/// <param name='onSuccess'>
/// Callback when the authentication was passed.
/// </param>
/// <param name='onError'>
/// Callback when the authentication encounts errors.
/// </param>
/// <exception cref='AuthenticationException'>
/// Is thrown when the authentication failed and the request is a synchronous request.
/// Or the <paramref name="onError"/> callback will be called.
/// </exception>
/// <remarks>
/// The method is asynchronous only when both <paramref name="onSuccess"/> and <paramref name="onError"/> are not null.
/// Otherwise it will perform a synchronous request.
/// </remarks>
public void Authenticate(MSNTicket msnticket, EventHandler onSuccess, EventHandler <ExceptionEventArgs> onError)
{
SecurityTokenService securService = CreateSecurityTokenService(@"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue", @"HTTPS://login.live.com:443//RST2.srf");
Authenticate(securService, msnticket, onSuccess, onError);
}
internal override AutodiscoverResponseMessage Execute()
{
GetFederationInformationResponseMessage getFederationInformationResponseMessage = new GetFederationInformationResponseMessage();
GetFederationInformationResponse response = getFederationInformationResponseMessage.Response;
if (this.Request == null || this.Request.Domain == null || !SmtpAddress.IsValidDomain(this.Request.Domain))
{
response.ErrorCode = ErrorCode.InvalidRequest;
response.ErrorMessage = Strings.InvalidRequest;
}
else
{
ExternalAuthentication current = ExternalAuthentication.GetCurrent();
if (!current.Enabled)
{
response.ErrorCode = ErrorCode.NotFederated;
response.ErrorMessage = Strings.NotFederated;
}
else
{
IEnumerable <string> enumerable = null;
OrganizationId organizationId = DomainToOrganizationIdCache.Singleton.Get(new SmtpDomain(this.Request.Domain));
if (organizationId != null)
{
OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get(organizationId);
enumerable = organizationIdCacheValue.FederatedDomains;
}
else
{
try
{
string text = MserveDomainCache.Singleton.Get(this.Request.Domain);
if (!string.IsNullOrEmpty(text))
{
AutodiscoverAuthorizationManager.BuildRedirectUrlAndRedirectCaller(OperationContext.Current, text);
return(null);
}
}
catch (OverBudgetException arg)
{
ExTraceGlobals.FrameworkTracer.TraceError <OverBudgetException>(0L, "GetFederationInformationRequestMessage.Execute() returning ServerBusy for exception: {0}.", arg);
response.ErrorCode = ErrorCode.ServerBusy;
response.ErrorMessage = Strings.ServerBusy;
return(getFederationInformationResponseMessage);
}
}
if (enumerable == null)
{
response.ErrorCode = ErrorCode.InvalidDomain;
response.ErrorMessage = Strings.InvalidDomain;
}
else
{
List <TokenIssuer> list = new List <TokenIssuer>(2);
SecurityTokenService securityTokenService = current.GetSecurityTokenService(organizationId);
if (securityTokenService != null)
{
list.Add(new TokenIssuer(securityTokenService.TokenIssuerUri, securityTokenService.TokenIssuerEndpoint));
}
response.ErrorCode = ErrorCode.NoError;
response.ApplicationUri = current.ApplicationUri;
response.Domains = new DomainCollection(enumerable);
response.TokenIssuers = new TokenIssuerCollection(list);
}
}
}
return(getFederationInformationResponseMessage);
}
/// <summary>
/// Handles the click event on the logon button.
/// </summary>
/// <param name="sender">The sender.</param>
/// <param name="e">The event arguments.</param>
private void _logonButton_Click(object sender, EventArgs e)
{
// Get the user provider.
var userProvider = this.Container.Resolve<IUserProvider>();
// Get the principal object for the current user.
IPrincipal principal;
try
{
principal = userProvider.Logon(this._loginTextBox.Text, this._passwordTextBox.Text);
}
catch (SecurityException)
{
return;
}
// Create the sign in request.
var signInRequestMessage =
(SignInRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url);
// Create the security token service.
var securityTokenService =
new SecurityTokenService(new SecurityTokenServiceConfiguration());
// Send the sign request to the security token service and get a sign in response.
var signInResponseMessage =
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(
signInRequestMessage, principal, securityTokenService);
// Redirect based on the sign in response.
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(
signInResponseMessage, this.Response);
}
protected virtual bool TryGetExchangeRpcUrlFromAutodiscoverSettings(SmtpAddress remoteIdentity, SecurityTokenService securityTokenService, DelegationTokenRequest autoDiscoveryTokenRequest, Uri autoDiscoveryEndpoint, out Uri exchangeRpcUrl)
{
exchangeRpcUrl = null;
FedOrgCredentials credentials = new FedOrgCredentials(autoDiscoveryTokenRequest, securityTokenService);
bool result;
using (AutoDiscoverUserSettingsClient autoDiscoverUserSettingsClient = AutoDiscoverUserSettingsClient.CreateInstance(DirectorySessionFactory.Default.CreateTopologyConfigurationSession(ConsistencyMode.IgnoreInvalid, this.storeSession.MailboxOwner.MailboxInfo.OrganizationId.ToADSessionSettings(), 250, "TryGetExchangeRpcUrlFromAutodiscoverSettings", "f:\\15.00.1497\\sources\\dev\\data\\src\\storage\\ExchangePrincipal\\RemoteMailboxProperties.cs"), credentials, remoteIdentity, autoDiscoveryEndpoint, RemoteMailboxProperties.AutodiscoveryRequestedSettings))
{
autoDiscoverUserSettingsClient.AnchorMailbox = this.storeSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString();
UserSettings userSettings = autoDiscoverUserSettingsClient.Discover();
StringSetting stringSetting = userSettings.GetSetting(RemoteMailboxProperties.AutodiscoveryRequestedSettings[0]) as StringSetting;
result = (stringSetting != null && Uri.TryCreate(stringSetting.Value, UriKind.Absolute, out exchangeRpcUrl));
}
return(result);
}
private static ExternalAuthentication.FederationTrustResults TryCreateSecurityTokenService(FederationTrust federationTrust, WebProxy webProxy)
{
if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.TokenIssuerUri, "TokenIssuerUri"))
{
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingTokenIssuerUri
});
}
if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.TokenIssuerEpr, "TokenIssuerEpr"))
{
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingTokenIssuerEpr
});
}
if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.ApplicationUri, "ApplicationUri"))
{
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingApplicationUri
});
}
if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.TokenIssuerCertificate, "TokenIssuerCertificate"))
{
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingTokenIssuerCertificate
});
}
X509Certificate2[] tokenSignatureCertificates = (federationTrust.TokenIssuerPrevCertificate != null) ? new X509Certificate2[]
{
federationTrust.TokenIssuerCertificate,
federationTrust.TokenIssuerPrevCertificate
} : new X509Certificate2[]
{
federationTrust.TokenIssuerCertificate
};
if (!ExternalAuthentication.HasAtLeastOneValidCertificate(tokenSignatureCertificates, federationTrust.Id, "TokenIssuerCertificate and TokenIssuerPrevCertificate"))
{
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.InvalidTokenIssuerCertificate,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.NoSubCode
});
}
if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.OrgPrivCertificate, "OrgPrivCertificate"))
{
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingOrgPrivCertificate
});
}
X509Store x509Store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
x509Store.Open(OpenFlags.ReadOnly);
X509Certificate2 certificate;
X509Certificate2[] tokenDecryptionCertificates;
try
{
ExternalAuthentication.ExternalAuthenticationSubFailureType externalAuthenticationSubFailureType;
certificate = ExternalAuthentication.GetCertificate(x509Store, federationTrust.OrgPrivCertificate, federationTrust.Id, "OrgPrivCertificate", true, out externalAuthenticationSubFailureType);
if (certificate == null)
{
ExternalAuthentication.ConfigurationTracer.TraceError <string>(0L, "Federation trust is misconfigured. Unable to find certificate corresponding to OrgPrivCertificate={0}", federationTrust.OrgPrivCertificate);
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust,
SubFailureType = externalAuthenticationSubFailureType
});
}
X509Certificate2 x509Certificate = null;
if (!string.IsNullOrEmpty(federationTrust.OrgPrevPrivCertificate))
{
x509Certificate = ExternalAuthentication.GetCertificate(x509Store, federationTrust.OrgPrevPrivCertificate, federationTrust.Id, "OrgPrevPrivCertificate", false, out externalAuthenticationSubFailureType);
}
tokenDecryptionCertificates = ((x509Certificate != null) ? new X509Certificate2[]
{
certificate,
x509Certificate
} : new X509Certificate2[]
{
certificate
});
}
finally
{
x509Store.Close();
}
SecurityTokenService securityTokenService = new SecurityTokenService(federationTrust.TokenIssuerEpr, webProxy, certificate, federationTrust.TokenIssuerUri, federationTrust.PolicyReferenceUri, federationTrust.ApplicationUri.OriginalString);
ExternalAuthentication.ConfigurationTracer.TraceDebug(0L, "New instance of SecurityTokenService successfully built.");
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.NoFailure,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.NoFailure,
SecurityTokenService = securityTokenService,
TokenSignatureCertificates = tokenSignatureCertificates,
TokenDecryptionCertificates = tokenDecryptionCertificates
});
}
/// <summary>
/// Requests a token from the issuer and builds a response with that token.
/// </summary>
/// <param name="requestMessage"></param>
/// <param name="principal"></param>
/// <param name="sts"></param>
/// <param name="withRefreshToken"></param>
/// <returns></returns>
public static AccessTokenResponse ProcessAccessTokenRequest(AccessTokenRequest requestMessage, IPrincipal principal, SecurityTokenService sts, Boolean withRefreshToken)
{
if (null == requestMessage)
throw new ArgumentNullException("requestMessage");
if (null == principal)
throw new ArgumentNullException("principal");
if (null == sts)
throw new ArgumentNullException("sts");
// Call issuer to create token
var response = sts.Issue(
ClaimsPrincipal.CreateFromPrincipal(principal),
new WrapSerializer().CreateRequest(requestMessage));
// Create response
var token = response.RequestedSecurityToken.SecurityToken;
return WriteToken(token, withRefreshToken);
}
// Token: 0x060003B7 RID: 951 RVA: 0x0001721C File Offset: 0x0001541C
private void ExecuteCommand(IIdentity callerIdentity, CallContext callContext)
{
ADRecipient adrecipient = HttpContext.Current.Items["CallerRecipient"] as ADRecipient;
if (adrecipient == null && (Common.IsPartnerHostedOnly || VariantConfiguration.InvariantNoFlightingSnapshot.Autodiscover.NoCrossForestDiscover.Enabled))
{
string identityNameForTrace = Common.GetIdentityNameForTrace(callerIdentity);
ExTraceGlobals.FrameworkTracer.TraceError <string>(0L, "ExecuteCommand -- IRecipientSession.FindBySid user for {0} returned null.", identityNameForTrace);
callContext.Response.ErrorCode = ErrorCode.InvalidUser;
callContext.Response.ErrorMessage = string.Format(Strings.InvalidUser, identityNameForTrace);
return;
}
PartnerInfo partnerInfo = null;
string targetTenant = null;
bool flag = false;
string text = null;
byte[] binarySecret = null;
GetUserSettingsCommandBase getUserSettingsCommandBase;
if (VariantConfiguration.InvariantNoFlightingSnapshot.Autodiscover.ParseBinarySecretHeader.Enabled && AutodiscoverRequestMessage.HasBinarySecretHeader(out text))
{
PerformanceCounters.UpdatePartnerTokenRequests(callContext.UserAgent);
bool flag2 = false;
if (!string.IsNullOrEmpty(text))
{
try
{
binarySecret = Convert.FromBase64String(text);
flag2 = true;
}
catch (FormatException)
{
ExTraceGlobals.FrameworkTracer.TraceDebug <string>((long)this.GetHashCode(), "[GetUserSettingsRequestMessage::ExecuteCommand] the binary secret header {0} has invalid format", text);
}
}
if (!flag2)
{
PerformanceCounters.UpdatePartnerTokenRequestsFailed(callContext.UserAgent);
callContext.Response.ErrorCode = ErrorCode.InvalidRequest;
callContext.Response.ErrorMessage = Strings.InvalidBinarySecretHeader;
return;
}
if (!this.TryGetMailboxAccessPartnerInfo(callContext, adrecipient, out partnerInfo, out targetTenant))
{
ExTraceGlobals.FrameworkTracer.TraceDebug((long)this.GetHashCode(), "[GetUserSettingsRequestMessage::ExecuteCommand] TryGetMailboxAccessPartnerInfo returns false.");
PerformanceCounters.UpdatePartnerTokenRequestsFailed(callContext.UserAgent);
callContext.Response.ErrorCode = ErrorCode.InvalidRequest;
callContext.Response.ErrorMessage = Strings.InvalidPartnerTokenRequest;
return;
}
flag = true;
ExTraceGlobals.FrameworkTracer.TraceDebug <ADRecipient>((long)this.GetHashCode(), "GetUserSettingsForPartner created for the '{0}'. The caller is FPO partner.", adrecipient);
getUserSettingsCommandBase = new GetUserSettingsForPartner(callerIdentity.GetSecurityIdentifier(), callContext);
}
else if (adrecipient == null)
{
ExTraceGlobals.FrameworkTracer.TraceDebug <string>((long)this.GetHashCode(), "GetUserSettingsForUserWithUnscopedCaller created for '{0}'.", Common.GetIdentityNameForTrace(callerIdentity));
getUserSettingsCommandBase = new GetUserSettingsForUserWithUnscopedCaller(callerIdentity.GetSecurityIdentifier(), callContext);
}
else if (ExchangeRunspaceConfiguration.IsAllowedOrganizationForPartnerAccounts(adrecipient.OrganizationId))
{
ExTraceGlobals.FrameworkTracer.TraceDebug <ADRecipient>((long)this.GetHashCode(), "GetUserSettingsForPartner created for '{0}'.", adrecipient);
getUserSettingsCommandBase = new GetUserSettingsForPartner(callerIdentity.GetSecurityIdentifier(), callContext);
}
else
{
ExTraceGlobals.FrameworkTracer.TraceDebug <ADRecipient>((long)this.GetHashCode(), "GetUserSettingsForUser created for '{0}'.", adrecipient);
getUserSettingsCommandBase = new GetUserSettingsForUser(adrecipient, callerIdentity.GetSecurityIdentifier(), callContext);
}
getUserSettingsCommandBase.Execute();
if (flag)
{
UserResponse userResponse = callContext.Response.UserResponses[0];
if (userResponse.ErrorCode == ErrorCode.NoError || userResponse.ErrorCode == ErrorCode.RedirectUrl)
{
string assertionId = SecurityTokenService.CreateSamlAssertionId();
MessageHeader header = MessageHeader.CreateHeader("PartnerToken", "http://schemas.microsoft.com/exchange/2010/Autodiscover", partnerInfo.CreateSamlToken(assertionId, targetTenant, binarySecret, GetUserSettingsRequestMessage.tokenLifetime.Value));
MessageHeader header2 = MessageHeader.CreateHeader("PartnerTokenReference", "http://schemas.microsoft.com/exchange/2010/Autodiscover", PartnerInfo.GetTokenReference(assertionId));
OperationContext.Current.OutgoingMessageHeaders.Add(header);
OperationContext.Current.OutgoingMessageHeaders.Add(header2);
return;
}
PerformanceCounters.UpdatePartnerTokenRequestsFailed(callContext.UserAgent);
ExTraceGlobals.FrameworkTracer.TraceDebug <ErrorCode, string>((long)this.GetHashCode(), "No partner token header added since the user response error code is {0}, error message is '{1}'", userResponse.ErrorCode, userResponse.ErrorMessage);
}
}
private void GetTickets(RequestSecurityTokenResponseType[] result, SecurityTokenService securService, MSNTicket msnticket)
{
if (securService.pp != null)
{
if (securService.pp.credProperties != null)
{
foreach (credPropertyType credproperty in securService.pp.credProperties)
{
if (credproperty.Name == "MainBrandID")
{
msnticket.MainBrandID = credproperty.Value;
}
if (credproperty.Name == "CID" && !String.IsNullOrEmpty(credproperty.Value))
{
msnticket.OwnerCID = long.Parse(credproperty.Value, NumberStyles.HexNumber);
}
}
}
if (securService.pp.extProperties != null)
{
foreach (extPropertyType extproperty in securService.pp.extProperties)
{
if (extproperty.Name == "CID" && !String.IsNullOrEmpty(extproperty.Value))
{
msnticket.OwnerCID = long.Parse(extproperty.Value, NumberStyles.HexNumber);
}
}
}
}
foreach (RequestSecurityTokenResponseType token in result)
{
SSOTicketType ticketype = SSOTicketType.None;
switch (token.AppliesTo.EndpointReference.Address.Value)
{
case "contacts.msn.com":
ticketype = SSOTicketType.Contact;
break;
case "messengerclear.live.com":
ticketype = SSOTicketType.Clear;
break;
case "storage.msn.com":
ticketype = SSOTicketType.Storage;
break;
case "sup.live.com":
ticketype = SSOTicketType.WhatsUp;
break;
case "directory.services.live.com":
ticketype = SSOTicketType.Directory;
break;
case "rpstauth.live.com":
ticketype = SSOTicketType.RPST;
break;
}
SSOTicket ssoticket = new SSOTicket(ticketype);
if (token.AppliesTo != null)
{
ssoticket.Domain = token.AppliesTo.EndpointReference.Address.Value;
}
if (token.RequestedSecurityToken.BinarySecurityToken != null)
{
ssoticket.Ticket = token.RequestedSecurityToken.BinarySecurityToken.Value;
}
if (token.RequestedProofToken != null && token.RequestedProofToken.BinarySecret != null)
{
ssoticket.BinarySecret = token.RequestedProofToken.BinarySecret.Value;
}
if (token.Lifetime != null)
{
ssoticket.Created = XmlConvert.ToDateTime(token.Lifetime.Created.Value, "yyyy-MM-ddTHH:mm:ssZ");
ssoticket.Expires = XmlConvert.ToDateTime(token.Lifetime.Expires.Value, "yyyy-MM-ddTHH:mm:ssZ");
}
lock (msnticket.SSOTickets)
{
msnticket.SSOTickets[ticketype] = ssoticket;
}
}
}
