private FederationProviderInfo ParseFederationProviderInfo(XDocument xdoc, string fpDomainName)
{
foreach (XElement item in xdoc.Root.Elements("FP"))
{
if (item.Attribute("DomainName") != null && string.Equals(item.Attribute("DomainName").Value, fpDomainName, StringComparison.OrdinalIgnoreCase))
{
XElement elementAtPath = IdcrlUtility.GetElementAtPath(item, IdcrlMessageConstants.URL, IdcrlMessageConstants.GETUSERREALM);
XElement elementAtPath2 = IdcrlUtility.GetElementAtPath(item, IdcrlMessageConstants.URL, IdcrlMessageConstants.RST2);
XElement elementAtPath3 = IdcrlUtility.GetElementAtPath(item, IdcrlMessageConstants.URL, IdcrlMessageConstants.ENTITYID);
if (elementAtPath != null && elementAtPath2 != null && elementAtPath3 != null)
{
this._Logger?.LogError("Find federation provider information for federation provider domain name {0}. UserRealmServiceUrl={1}, SecurityTokenServiceUrl={2}, FederationTokenIssuer={3}", fpDomainName, elementAtPath.Value, elementAtPath2.Value, elementAtPath3.Value);
var federationProviderInfo = new FederationProviderInfo {
UserRealmServiceUrl = elementAtPath.Value,
SecurityTokenServiceUrl = elementAtPath2.Value,
FederationTokenIssuer = elementAtPath3.Value
};
return(federationProviderInfo);
}
this._Logger?.LogError("Cannot get the user realm service url or security token service url for federation provider {0}", fpDomainName);
throw IdcrlAuth.CreateIdcrlException(-2147186646);
}
}
this._Logger?.LogError("Cannot find federation provider information for federation domain {0}", fpDomainName);
throw IdcrlAuth.CreateIdcrlException(-2147186646);
}
private Exception GetSoapException(XDocument xdoc)
{
XElement elementAtPath = IdcrlUtility.GetElementAtPath(xdoc.Root, "{http://www.w3.org/2003/05/soap-envelope}Body", "{http://www.w3.org/2003/05/soap-envelope}Fault");
if (elementAtPath == null)
{
return(null);
}
XElement elementAtPathCode = IdcrlUtility.GetElementAtPath(xdoc.Root, "{http://www.w3.org/2003/05/soap-envelope}Body", "{http://www.w3.org/2003/05/soap-envelope}Fault", "{http://www.w3.org/2003/05/soap-envelope}Code", "{http://www.w3.org/2003/05/soap-envelope}Subcode", "{http://www.w3.org/2003/05/soap-envelope}Value");
XElement elementAtPathValue = IdcrlUtility.GetElementAtPath(xdoc.Root, "{http://www.w3.org/2003/05/soap-envelope}Body", "{http://www.w3.org/2003/05/soap-envelope}Fault", "{http://www.w3.org/2003/05/soap-envelope}Detail", "{http://schemas.microsoft.com/Passport/SoapServices/SOAPFault}error", "{http://schemas.microsoft.com/Passport/SoapServices/SOAPFault}value");
XElement elementAtPathInternalError = IdcrlUtility.GetElementAtPath(xdoc.Root, "{http://www.w3.org/2003/05/soap-envelope}Body", "{http://www.w3.org/2003/05/soap-envelope}Fault", "{http://www.w3.org/2003/05/soap-envelope}Detail", "{http://schemas.microsoft.com/Passport/SoapServices/SOAPFault}error", "{http://schemas.microsoft.com/Passport/SoapServices/SOAPFault}internalerror", "{http://schemas.microsoft.com/Passport/SoapServices/SOAPFault}text");
string textCode = null;
if (elementAtPathCode != null)
{
textCode = elementAtPathCode.Value;
int num = textCode.IndexOf(':');
if (num >= 0)
{
textCode = textCode.Substring(num + 1);
}
}
string textValue = null;
if (elementAtPathValue != null)
{
textValue = elementAtPathValue.Value;
}
string textInternalError = null;
if (elementAtPathInternalError != null)
{
textInternalError = elementAtPathInternalError.Value;
}
this._Logger?.LogError("PassportErrorCode={0}, PassportDetailCode={1}, PassportErrorText={2}", textCode, textValue, textInternalError);
int errorCode;
long errorCodeValue = default(long);
if (string.IsNullOrEmpty(textValue))
{
errorCode = IdcrlAuth.MapPartnerSoapFault(textCode);
}
else
{
if ((textValue.StartsWith("0x", StringComparison.OrdinalIgnoreCase) && long.TryParse(textValue.Substring(2), NumberStyles.HexNumber, (IFormatProvider)CultureInfo.InvariantCulture, out errorCodeValue)) ||
(long.TryParse(textValue, NumberStyles.Integer, (IFormatProvider)CultureInfo.InvariantCulture, out errorCodeValue)))
{
errorCode = (int)errorCodeValue;
if (string.Compare(textCode, "FailedAuthentication", StringComparison.OrdinalIgnoreCase) == 0)
{
errorCode = ((errorCode == -2147186639) ? errorCode : (-2147186655));
}
}
else
{
errorCode = -2147186656;
}
}
return(IdcrlAuth.CreateIdcrlException(errorCode));
}
private string ParseFPDomainName(XDocument xdoc)
{
XElement elementAtPath = IdcrlUtility.GetElementAtPath(xdoc.Root, IdcrlMessageConstants.FPDOMAINNAME);
if (elementAtPath == null)
{
this._Logger?.LogError("Cannot find FPDOMAINNAME element");
throw IdcrlAuth.CreateIdcrlException(-2147186646);
}
return(elementAtPath.Value);
}
private async Task <UserRealmInfo> GetUserRealmAsync(string login)
{
if (string.IsNullOrWhiteSpace(login))
{
throw new ArgumentNullException("login");
}
string userRealmServiceUrl = this.UserRealmServiceUrl;
string body = string.Format(CultureInfo.InvariantCulture, IdcrlMessageConstants.GetUserRealmMessage, new object[1]
{
Uri.EscapeDataString(login)
});
XDocument xDocument = await this.DoPostAsync(userRealmServiceUrl, IdcrlMessageConstants.GetUserRealmContentType, body, null);
XAttribute xAttribute = xDocument.Root.Attribute("Success");
if (xAttribute != null && string.Compare(xAttribute.Value, "true", StringComparison.OrdinalIgnoreCase) == 0)
{
XElement xElement = xDocument.Root.Element("NameSpaceType");
if (xElement == null)
{
this._Logger?.LogError("There is no NameSpaceType element in the response when get user realm for user {0}", login);
throw IdcrlAuth.CreateIdcrlException(-2147186539);
}
if (string.Compare(xElement.Value, "Federated", StringComparison.OrdinalIgnoreCase) != 0 && string.Compare(xElement.Value, "Managed", StringComparison.OrdinalIgnoreCase) != 0)
{
this._Logger?.LogError("Unknown namespace type for user {0}", login);
throw IdcrlAuth.CreateIdcrlException(-2147186539);
}
UserRealmInfo userRealmInfo = new UserRealmInfo {
IsFederated = (0 == string.Compare(xElement.Value, "Federated", StringComparison.OrdinalIgnoreCase))
};
xElement = xDocument.Root.Element("STSAuthURL");
if (xElement != null)
{
userRealmInfo.STSAuthUrl = xElement.Value;
}
if (userRealmInfo.IsFederated && string.IsNullOrEmpty(userRealmInfo.STSAuthUrl))
{
this._Logger?.LogError("User {0} is a federated account, but there is no STSAuthUrl for the user.", login);
throw CreateIdcrlException(-2147186539);
}
this._Logger?.LogDebug("User={0}, IsFederated={1}, STSAuthUrl={2}", login, userRealmInfo.IsFederated, userRealmInfo.STSAuthUrl);
return(userRealmInfo);
}
this._Logger?.LogError("Failed to get user's realm for user {0}", login);
throw CreateIdcrlException(-2147186539);
}
public async Task <string> GetAuthenticationCookieAsync(Uri url, string username, string password, bool alwaysThrowOnFailure, EventHandler <WebRequestEventArgs> executingWebRequest)
{
if (url == (Uri)null)
{
throw new ArgumentNullException("url");
}
if (string.IsNullOrEmpty(username))
{
throw new ArgumentNullException("username");
}
if (password == null)
{
throw new ArgumentNullException("password");
}
IdcrlHeader idcrlHeader = this.GetIdcrlHeader(url, alwaysThrowOnFailure, executingWebRequest);
if (idcrlHeader == null)
{
this._Logger?.LogWarning("Cannot get IDCRL header for {0}", url);
if (alwaysThrowOnFailure)
{
throw new ClientRequestException($"CannotContactSite {url}");
}
return(null);
}
#if UseRegistry
IdcrlEnvironment env = (IdcrlEnvironment)((string.Compare(IdcrlServiceEnvironment, "INT-MSO", StringComparison.OrdinalIgnoreCase) == 0) ? 1 : (string.Equals(IdcrlServiceEnvironment, "PPE-MSO", StringComparison.OrdinalIgnoreCase) ? 2 : 0));
IdcrlAuth idcrlAuth = new IdcrlAuth(env, executingWebRequest, this._Logger);
#else
IdcrlAuth idcrlAuth = new IdcrlAuth(executingWebRequest, this._Logger);
#endif
string serviceToken = await idcrlAuth.GetServiceTokenAsync(username, password, idcrlHeader.ServiceTarget, idcrlHeader.ServicePolicy);
if (string.IsNullOrEmpty(serviceToken))
{
this._Logger?.LogWarning("Cannot get IDCRL ticket for username {0}", username);
if (alwaysThrowOnFailure)
{
throw new IdcrlException("PPCRL_REQUEST_E_UNKNOWN -2147186615");
}
return(null);
}
return(this.GetCookie(url, idcrlHeader.Endpoint, serviceToken, alwaysThrowOnFailure, executingWebRequest));
}
private async Task <string> GetServiceTokenAsync(string securityXml, string serviceTarget, string servicePolicy)
{
string serviceTokenUrl = this.ServiceTokenUrl;
string text = string.Empty;
if (!string.IsNullOrEmpty(servicePolicy))
{
text = string.Format(CultureInfo.InvariantCulture, "<wsp:PolicyReference URI=\"{0}\"></wsp:PolicyReference>", new object[1] {
servicePolicy
});
}
string body = string.Format(
CultureInfo.InvariantCulture,
/*
* "<?xml version=\"1.0\" encoding=\"UTF-8\"?><S:Envelope xmlns:S=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" xmlns:wsa=\"http://www.w3.org/2005/08/addressing\" xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\"><S:Header><wsa:Action S:mustUnderstand=\"1\">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action><wsa:To S:mustUnderstand=\"1\">{0}</wsa:To><ps:AuthInfo xmlns:ps=\"http://schemas.microsoft.com/LiveID/SoapServices/v1\" Id=\"PPAuthInfo\"><ps:BinaryVersion>5</ps:BinaryVersion><ps:HostingApp>Managed IDCRL</ps:HostingApp></ps:AuthInfo><wsse:Security>{1}</wsse:Security></S:Header><S:Body><wst:RequestSecurityToken xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\" Id=\"RST0\"><wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType><wsp:AppliesTo><wsa:EndpointReference><wsa:Address>{2}</wsa:Address></wsa:EndpointReference></wsp:AppliesTo>{3}</wst:RequestSecurityToken></S:Body></S:Envelope>\r\n",
*/
IdcrlMessageConstants.AuthMessage,
IdcrlUtility.XmlValueEncode(serviceTokenUrl),
securityXml,
IdcrlUtility.XmlValueEncode(serviceTarget),
text);
XDocument xDocument = await this.DoPostAsync(serviceTokenUrl, IdcrlMessageConstants.SoapContentType, body, this.HandleWebException);
Exception soapException = GetSoapException(xDocument);
if (soapException != null)
{
this._Logger?.LogError("Soap error from {0}. Exception={1}", serviceTokenUrl, soapException);
throw soapException;
}
XElement elementAtPath = IdcrlUtility.GetElementAtPath(xDocument.Root, "{http://www.w3.org/2003/05/soap-envelope}Body", "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityTokenResponse", "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestedSecurityToken", "{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken");
if (elementAtPath == null)
{
this._Logger?.LogError("Cannot get binary security token for from {0}", serviceTokenUrl);
throw IdcrlAuth.CreateIdcrlException(-2147186656);
}
return(elementAtPath.Value);
}
