internal override void OnPostAuthorizeRequest(object sender, EventArgs e)
{
RequestDetailsLogger getRequestDetailsLogger = OwaApplication.GetRequestDetailsLogger;
RequestDetailsLogger.LogEvent(getRequestDetailsLogger, OwaServerLogger.LoggerData.OnPostAuthorizeRequestBegin);
OwaRequestHandler.InternalOnPostAuthorizeRequest(sender);
RequestDetailsLogger.LogEvent(getRequestDetailsLogger, OwaServerLogger.LoggerData.OnPostAuthorizeRequestEnd);
}
private static void InternalOnPostAuthorizeRequest(object sender)
{
ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaRequestHandler::InternalOnPostAuthorizeRequest] entry.");
RequestDetailsLogger getRequestDetailsLogger = OwaApplication.GetRequestDetailsLogger;
SubActivityScopeLogger subActivityScopeLogger = SubActivityScopeLogger.Create(getRequestDetailsLogger, OwaServerLogger.LoggerData.OnPostAuthorizeRequestLatencyDetails);
HttpApplication httpApplication = (HttpApplication)sender;
HttpContext context = httpApplication.Context;
if (!context.Request.IsAuthenticated && (context.Request.Url.LocalPath.EndsWith("service.svc", StringComparison.OrdinalIgnoreCase) || context.Request.Url.LocalPath.EndsWith("Speech.reco", StringComparison.OrdinalIgnoreCase)))
{
ExTraceGlobals.CoreCallTracer.TraceDebug <string>(0L, "[OwaRequestHandler::InternalOnPostAuthorizeRequest] unauthorized request. Request URL={0}.", context.Request.Url.OriginalString);
context.Response.StatusCode = 401;
httpApplication.CompleteRequest();
return;
}
RequestContext requestContext = RequestContext.Get(httpApplication.Context);
subActivityScopeLogger.LogNext("a");
RequestDispatcher.DispatchRequest(requestContext);
subActivityScopeLogger.LogNext("b");
OwaRequestType requestType = requestContext.RequestType;
RequestDispatcherUtilities.SetXFrameOptionsHeader(RequestContext.Current, requestType);
subActivityScopeLogger.LogNext("c");
if (context.User != null && context.User.Identity != null)
{
if (context.User.Identity is ClientSecurityContextIdentity)
{
IMailboxContext mailboxContext = UserContextManager.GetMailboxContext(context, null, false);
subActivityScopeLogger.LogNext("d");
if (OwaRequestHandler.IsProxyLogonRequest(requestType))
{
ExTraceGlobals.CoreCallTracer.TraceDebug <OwaRequestType>(0L, "[OwaRequestHandler::InternalOnPostAuthorizeRequest] proxy logon request. RequestType={0}", requestType);
return;
}
RequestDetailsLogger.LogEvent(getRequestDetailsLogger, OwaServerLogger.LoggerData.CanaryValidationBegin);
bool flag = OwaRequestHandler.IsRequestWithCanary(context.Request, requestType, context.Request.IsAuthenticated);
bool flag2 = OwaRequestHandler.IsAfterLogonRequest(context.Request);
string originalIdentitySid = OwaRequestHandler.GetOriginalIdentitySid(context);
CanaryLogEvent.CanaryStatus canaryStatus = CanaryLogEvent.CanaryStatus.None;
bool flag3 = !flag || flag2;
if (!flag3)
{
Canary15Cookie.CanaryValidationResult canaryValidationResult;
flag3 = Canary15Cookie.ValidateCanaryInHeaders(context, originalIdentitySid, Canary15Profile.Owa, out canaryValidationResult);
canaryStatus |= (CanaryLogEvent.CanaryStatus)canaryValidationResult;
}
OwaRequestHandler.UpdateCanaryStatus(ref canaryStatus, flag, CanaryLogEvent.CanaryStatus.IsCanaryNeeded);
OwaRequestHandler.UpdateCanaryStatus(ref canaryStatus, flag3, CanaryLogEvent.CanaryStatus.IsCanaryValid);
OwaRequestHandler.UpdateCanaryStatus(ref canaryStatus, flag2, CanaryLogEvent.CanaryStatus.IsCanaryAfterLogonRequest);
Canary15Cookie canary15Cookie = Canary15Cookie.TryCreateFromHttpContext(context, originalIdentitySid, Canary15Profile.Owa);
OwaRequestHandler.UpdateCanaryStatus(ref canaryStatus, canary15Cookie.IsAboutToExpire, CanaryLogEvent.CanaryStatus.IsCanaryAboutToExpire);
OwaRequestHandler.UpdateCanaryStatus(ref canaryStatus, canary15Cookie.IsRenewed, CanaryLogEvent.CanaryStatus.IsCanaryRenewed);
subActivityScopeLogger.LogNext("e");
bool flag4 = flag || canary15Cookie.IsAboutToExpire;
if (flag4)
{
canary15Cookie = new Canary15Cookie(originalIdentitySid, Canary15Profile.Owa);
}
if (canary15Cookie.IsRenewed || flag4)
{
context.Response.SetCookie(canary15Cookie.HttpCookie);
CanaryLogEvent logEvent = new CanaryLogEvent(context, mailboxContext, canaryStatus, canary15Cookie.CreationTime, canary15Cookie.LogData);
OwaServerLogger.AppendToLog(logEvent);
subActivityScopeLogger.LogNext("f");
}
if (flag3)
{
RequestDetailsLoggerBase <RequestDetailsLogger> .SafeSetLogger(getRequestDetailsLogger, OwaServerLogger.LoggerData.CanaryCreationTime, canary15Cookie.CreationTime);
RequestDetailsLoggerBase <RequestDetailsLogger> .SafeSetLogger(getRequestDetailsLogger, OwaServerLogger.LoggerData.CanaryLogData, canary15Cookie.LogData);
subActivityScopeLogger.LogNext("g");
}
else
{
if (RequestDispatcherUtilities.IsDownLevelClient(context, false))
{
throw new OwaCanaryException(Canary15Profile.Owa.Name, canary15Cookie.Value);
}
context.Response.StatusCode = 449;
context.Response.End();
}
RequestDetailsLoggerBase <RequestDetailsLogger> requestDetailsLogger = getRequestDetailsLogger;
Enum key = OwaServerLogger.LoggerData.CanaryStatus;
int num = (int)canaryStatus;
RequestDetailsLoggerBase <RequestDetailsLogger> .SafeSetLogger(requestDetailsLogger, key, num.ToString("X"));
RequestDetailsLogger.LogEvent(getRequestDetailsLogger, OwaServerLogger.LoggerData.CanaryValidationEnd);
subActivityScopeLogger.LogEnd();
return;
}
}
else
{
ExTraceGlobals.CoreCallTracer.TraceError(0L, "[OwaRequestHandler::InternalOnPostAuthorizeRequest] httpContext.User or httpContext.User.Identity is <NULL>.");
}
}
private static bool IsRequestWithCanary(HttpRequest request, OwaRequestType requestType, bool isAuthenticated)
{
if (!isAuthenticated)
{
return(false);
}
if (requestType != OwaRequestType.EsoRequest)
{
switch (requestType)
{
case OwaRequestType.ProxyPing:
case OwaRequestType.KeepAlive:
case OwaRequestType.Resource:
case OwaRequestType.PublishedCalendarView:
case OwaRequestType.ICalHttpHandler:
case OwaRequestType.HealthPing:
case OwaRequestType.SpeechReco:
return(false);
}
if (string.Compare(request.Path, OwaUrl.Default14Page.ImplicitUrl, true, CultureInfo.InvariantCulture) == 0)
{
return(false);
}
if (string.CompareOrdinal(request.HttpMethod, "POST") == 0)
{
return(string.Compare(request.Path, OwaUrl.SessionDataPage.ImplicitUrl, true, CultureInfo.InvariantCulture) != 0 && string.Compare(request.Path, OwaUrl.PreloadSessionDataPage.ImplicitUrl, true, CultureInfo.InvariantCulture) != 0 && string.Compare(request.Path, OwaUrl.PLT1Page.ImplicitUrl, true, CultureInfo.InvariantCulture) != 0 && !UrlUtilities.IsRemoteNotificationRequest(request));
}
return(string.CompareOrdinal(request.HttpMethod, "GET") != 0 || requestType == OwaRequestType.Oeh || (requestType == OwaRequestType.ServiceRequest && OwaRequestHandler.IsGetRequestWithCanary(request)));
}
return(false);
}
private static DispatchStepResult DispatchIfLanguagePost(RequestContext requestContext)
{
ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[RequestDispatcher::DispatchIfLanguagePost] entry.");
Canary15Cookie.CanaryValidationResult canaryValidationResult;
if (requestContext.RequestType == OwaRequestType.LanguagePost && HttpUtilities.IsPostRequest(requestContext.HttpContext.Request) && Canary15Cookie.ValidateCanaryInHeaders(requestContext.HttpContext, OwaRequestHandler.GetOriginalIdentitySid(requestContext.HttpContext), Canary15Profile.Owa, out canaryValidationResult))
{
OwaDiagnostics.TracePfd(25865, "The request is a post from the language selection page, processing this request...", new object[0]);
ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[RequestDispatcher::DispatchIfLanguagePost] Dispatching.");
HttpRequest request = requestContext.HttpContext.Request;
CultureInfo culture;
string timeZoneKeyName;
bool isOptimized;
string destination;
RequestDispatcherUtilities.GetLanguagePostFormParameters(requestContext, request, out culture, out timeZoneKeyName, out isOptimized, out destination);
ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[RequestDispatcher::DispatchIfLanguagePost] Dispatching language post request locally...");
return(RequestDispatcher.HandleLanguagePost(requestContext, culture, timeZoneKeyName, isOptimized, destination));
}
return(DispatchStepResult.Continue);
}