// Token: 0x06000433 RID: 1075 RVA: 0x000181F8 File Offset: 0x000163F8
private static ADRawEntry GetCallerAdEntry(IRequestContext requestContext)
{
if (!requestContext.HttpContext.Items.Contains(Constants.CallerADRawEntryKeyName))
{
CommonAccessToken commonAccessToken = requestContext.HttpContext.Items["Item-CommonAccessToken"] as CommonAccessToken;
if (commonAccessToken == null)
{
throw new InvalidOperationException("CAT token not present - cannot lookup LiveIdBasic user's AD entry.");
}
ADRawEntry value = null;
LatencyTracker latencyTracker = (LatencyTracker)requestContext.HttpContext.Items[Constants.LatencyTrackerContextKeyName];
LiveIdBasicTokenAccessor accessor = LiveIdBasicTokenAccessor.Attach(commonAccessToken);
if (accessor.TokenType == 2)
{
if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1))
{
ExTraceGlobals.VerboseTracer.TraceDebug <string, string>(0L, "[Extensions::GetFullCallerIdentity] Calling AD to convert PUID {0} for LiveIdMemberName {1} to SID to construct GenericSidIdentity.", accessor.Puid, accessor.LiveIdMemberName);
}
ITenantRecipientSession session = DirectoryHelper.GetTenantRecipientSessionFromSmtpOrLiveId(accessor.LiveIdMemberName, requestContext.Logger, latencyTracker, false);
value = DirectoryHelper.InvokeAccountForest <ADRawEntry>(latencyTracker, () => session.FindUniqueEntryByNetID(accessor.Puid, null, UserBasedAnchorMailbox.ADRawEntryPropertySet, "d:\\dbs\\sh\\e16df\\0212_214120_0\\cmd\\1g\\sources\\Dev\\Cafe\\src\\HttpProxy\\Misc\\LiveIdBasicHelper.cs", 92, "GetCallerAdEntry"), requestContext.Logger, session);
}
requestContext.HttpContext.Items[Constants.CallerADRawEntryKeyName] = value;
}
return((ADRawEntry)requestContext.HttpContext.Items[Constants.CallerADRawEntryKeyName]);
}
// Token: 0x0600000B RID: 11 RVA: 0x0000220C File Offset: 0x0000040C
private static CommonAccessToken CommonAccessTokenFromUrl(string user, Uri requestURI, out Exception ex)
{
if (requestURI == null)
{
throw new ArgumentNullException("requestURI");
}
ex = null;
CommonAccessToken result = null;
NameValueCollection nameValueCollectionFromUri = LiveIdBasicAuthModule.GetNameValueCollectionFromUri(requestURI);
string text = nameValueCollectionFromUri.Get("X-Rps-CAT");
if (!string.IsNullOrWhiteSpace(text))
{
try
{
result = CommonAccessToken.Deserialize(Uri.UnescapeDataString(text));
}
catch (Exception ex2)
{
Logger.TraceError(ExTraceGlobals.RemotePowershellBackendCmdletProxyModuleTracer, "Got exception when trying to parse CommonAccessToken: {0}.", new object[]
{
ex2.ToString()
});
Logger.LogEvent(TaskEventLogConstants.Tuple_LogInvalidCommonAccessTokenReceived, text, new object[]
{
user,
requestURI.ToString(),
Strings.ErrorWhenParsingCommonAccessToken(ex2.ToString())
});
ex = ex2;
}
}
return(result);
}
internal static CommonAccessToken CommonAccessTokenForCmdletProxy(this UserToken userToken, int targetVersion)
{
CommonAccessToken commonAccessToken = userToken.CommonAccessToken;
if (commonAccessToken != null)
{
if (userToken.AuthenticationType == AuthenticationType.OAuth && targetVersion < Server.E15MinVersion)
{
OAuthIdentity oauthIdentity = OAuthIdentitySerializer.ConvertFromCommonAccessToken(commonAccessToken);
SidOAuthIdentity sidIdentity = SidOAuthIdentity.Create(oauthIdentity);
CertificateSidTokenAccessor certificateSidTokenAccessor = CertificateSidTokenAccessor.Create(sidIdentity);
commonAccessToken = certificateSidTokenAccessor.GetToken();
}
}
else
{
commonAccessToken = new CommonAccessToken(AccessTokenType.CertificateSid);
ExAssert.RetailAssert(userToken.UserSid != null, "UserToken.UserSid is expected to NOT NULL when CommonAccessToken doesn't exist. UserToken = " + userToken);
commonAccessToken.ExtensionData["UserSid"] = userToken.UserSid.ToString();
if (userToken.PartitionId != null)
{
commonAccessToken.ExtensionData["Partition"] = userToken.PartitionId.ToString();
}
}
commonAccessToken.IsCompressed = true;
return(commonAccessToken);
}
// Token: 0x060000C1 RID: 193 RVA: 0x000059B8 File Offset: 0x00003BB8
private PartitionId GetPartitionId(CommonAccessToken commonAccessToken, IIdentity identity)
{
string text = null;
if (commonAccessToken != null && commonAccessToken.ExtensionData.ContainsKey("Partition"))
{
ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[BuildUserTokenModule::GetPartitionId] From CAT.");
text = commonAccessToken.ExtensionData["Partition"];
}
else
{
GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity;
if (genericSidIdentity != null)
{
ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[BuildUserTokenModule::GetPartitionId] From Generic Sid Identity.");
text = genericSidIdentity.PartitionId;
}
}
if (text != null)
{
PartitionId result;
if (PartitionId.TryParse(text, out result))
{
return(result);
}
ExTraceGlobals.HttpModuleTracer.TraceError <string>((long)this.GetHashCode(), "[BuildUserTokenModule::GetPartitionId] Invalid partition id {0}.", text);
HttpLogger.SafeAppendGenericError("BuildUserTokenModule.GetPartition", "Invalid partition id " + text, false);
}
return(null);
}
public static AnchorMailbox CreateFromCaller(IRequestContext requestContext)
{
if (requestContext == null)
{
throw new ArgumentNullException("requestContext");
}
CommonAccessToken commonAccessToken = requestContext.HttpContext.Items["Item-CommonAccessToken"] as CommonAccessToken;
if (commonAccessToken != null)
{
AnchorMailbox anchorMailbox = AnchorMailboxFactory.TryCreateFromCommonAccessToken(commonAccessToken, requestContext);
if (anchorMailbox != null)
{
return(anchorMailbox);
}
}
if (requestContext.HttpContext.User == null || requestContext.HttpContext.User.Identity == null)
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "UnauthenticatedRequest-RandomBackEnd");
return(new AnonymousAnchorMailbox(requestContext));
}
WindowsIdentity windowsIdentity = requestContext.HttpContext.User.Identity as WindowsIdentity;
if (windowsIdentity != null && windowsIdentity.User == null)
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "AnonymousRequest-RandomBackEnd");
return(new AnonymousAnchorMailbox(requestContext));
}
return(AnchorMailboxFactory.CreateFromLogonIdentity(requestContext));
}
// Token: 0x0600000C RID: 12 RVA: 0x000022C8 File Offset: 0x000004C8
private void OnAuthenticateRequest(object source, EventArgs args)
{
Logger.EnterFunction(ExTraceGlobals.RemotePowershellBackendCmdletProxyModuleTracer, "OnAuthenticateOrPostAuthenticateRequest");
HttpContext httpContext = HttpContext.Current;
if (httpContext.Request.IsAuthenticated)
{
Logger.TraceDebug(ExTraceGlobals.RemotePowershellBackendCmdletProxyModuleTracer, "[RemotePowershellBackendCmdletProxyModule::OnAuthenticateOrPostAuthenticateRequest] Current authenticated user is {0} of type {1}.", new object[]
{
httpContext.User.Identity,
httpContext.User.Identity.GetType()
});
string value = httpContext.Request.Headers["X-CommonAccessToken"];
if (string.IsNullOrEmpty(value))
{
Uri url = httpContext.Request.Url;
Exception ex = null;
CommonAccessToken commonAccessToken = RemotePowershellBackendCmdletProxyModule.CommonAccessTokenFromUrl(httpContext.User.Identity.ToString(), url, out ex);
if (ex != null)
{
WinRMInfo.SetFailureCategoryInfo(httpContext.Response.Headers, FailureCategory.BackendCmdletProxy, ex.GetType().Name);
httpContext.Response.StatusCode = 500;
httpContext.ApplicationInstance.CompleteRequest();
}
else if (commonAccessToken != null)
{
httpContext.Request.Headers["X-CommonAccessToken"] = commonAccessToken.Serialize();
Logger.TraceDebug(ExTraceGlobals.RemotePowershellBackendCmdletProxyModuleTracer, "[RemotePowershellBackendCmdletProxyModule::OnAuthenticateOrPostAuthenticateRequest] The CommonAccessToken has been successfully stampped in request HTTP header.", new object[0]);
}
}
}
Logger.ExitFunction(ExTraceGlobals.RemotePowershellBackendCmdletProxyModuleTracer, "OnAuthenticateOrPostAuthenticateRequest");
}
public static ProxyAuthenticator Create(CommonAccessToken commonAccessToken, string messageId)
{
ProxyAuthenticator.SecurityTracer.TraceDebug <object, CommonAccessToken>(0L, "{0}: creating ProxyAuthenticator for CommonAccessToken: {1}", TraceContext.Get(), commonAccessToken);
SoapHttpClientAuthenticator soapHttpClientAuthenticator = SoapHttpClientAuthenticator.Create(commonAccessToken);
ProxyAuthenticator.SetMessageId(soapHttpClientAuthenticator, messageId);
return(new ProxyAuthenticator(soapHttpClientAuthenticator, AuthenticatorType.OAuth));
}
// Token: 0x060000BC RID: 188 RVA: 0x00005474 File Offset: 0x00003674
private UserToken BuildCurrentUserToken()
{
HttpContext httpContext = HttpContext.Current;
CommonAccessToken commonAccessToken = httpContext.Items["Item-CommonAccessToken"] as CommonAccessToken;
IIdentity identity = httpContext.User.Identity;
AccessTokenType accessTokenType;
return(new UserToken(this.GetAuthenticationType(commonAccessToken, identity, out accessTokenType), httpContext.User as DelegatedPrincipal, this.GetWindowsLiveId(commonAccessToken, accessTokenType), this.GetUserName(commonAccessToken, identity, accessTokenType), this.GetUserSid(commonAccessToken, identity), this.GetPartitionId(commonAccessToken, identity), this.GetOrganization(commonAccessToken, identity, accessTokenType), this.GetManagedOrganization(identity), this.GetAppPasswordUsed(commonAccessToken), commonAccessToken));
}
// Token: 0x060000C0 RID: 192 RVA: 0x000057CC File Offset: 0x000039CC
private SecurityIdentifier GetUserSid(CommonAccessToken commonAccessToken, IIdentity identity)
{
if (!(HttpContext.Current.User is DelegatedPrincipal))
{
try
{
SecurityIdentifier securityIdentifier = identity.GetSecurityIdentifier();
ExTraceGlobals.HttpModuleTracer.TraceDebug <string>((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserSid] Get user sid from HttpContext.Current.User. sid = {0}", securityIdentifier.ToString());
return(securityIdentifier);
}
catch (Exception ex)
{
Exception ex3;
ExTraceGlobals.HttpModuleTracer.TraceError <Exception>((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserSid] Exception {0}", ex3);
HttpLogger.SafeAppendGenericError("BuildUserTokenModule.GetUserSid", ex3, (Exception ex) => false);
}
}
HttpContext httpContext = HttpContext.Current;
string text = null;
if (commonAccessToken != null && commonAccessToken.ExtensionData.ContainsKey("UserSid"))
{
text = commonAccessToken.ExtensionData["UserSid"];
ExTraceGlobals.HttpModuleTracer.TraceDebug <string>((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserSid] Get user sid from CAT. sid = {0}", text);
}
else if (!string.IsNullOrWhiteSpace((string)httpContext.Items["X-EX-UserSid"]))
{
text = (string)httpContext.Items["X-EX-UserSid"];
ExTraceGlobals.HttpModuleTracer.TraceDebug <string>((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserSid] Get user sid from HttpContext. sid = {0}", text);
}
else if (commonAccessToken != null && "Windows".Equals(commonAccessToken.TokenType) && commonAccessToken.WindowsAccessToken != null)
{
text = commonAccessToken.WindowsAccessToken.UserSid;
ExTraceGlobals.HttpModuleTracer.TraceDebug <string>((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserSid] Get user sid from CAT for Kerberos. sid = {0}", text);
}
if (string.IsNullOrWhiteSpace(text))
{
ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserSid] Get user sid from HttpContext. sid = null");
return(null);
}
SecurityIdentifier result;
try
{
result = new SecurityIdentifier(text);
}
catch (Exception ex2)
{
HttpLogger.SafeAppendGenericError("BuildUserTokenModule.GetUserSid", ex2, new Func <Exception, bool>(KnownException.IsUnhandledException));
ExTraceGlobals.HttpModuleTracer.TraceError <Exception>((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserSid] Exception {0}", ex2);
result = null;
}
return(result);
}
public CallerInfo(bool isOpenAsAdmin, CommonAccessToken commonAccessToken, ClientSecurityContext securityContext, string primarySmtpAddress, OrganizationId orgId, string userAgent, Guid queryCorrelationId, string[] userRoles, string[] applicationRoles)
{
this.isOpenAsAdmin = isOpenAsAdmin;
this.commonAccessToken = commonAccessToken;
this.clientSecurityContext = securityContext;
this.orgId = orgId;
this.primarySmtpAddress = primarySmtpAddress;
this.userAgent = userAgent;
this.queryCorrelationId = queryCorrelationId;
this.userRoles = userRoles;
this.applicationRoles = applicationRoles;
}
// Token: 0x060003D4 RID: 980 RVA: 0x000160E0 File Offset: 0x000142E0
public static CommonAccessToken FixupCommonAccessToken(HttpContext httpContext, int targetVersion)
{
if (!httpContext.Request.IsAuthenticated)
{
return(null);
}
CommonAccessToken commonAccessToken = null;
try
{
if (httpContext.User.Identity is OAuthIdentity)
{
commonAccessToken = (httpContext.User.Identity as OAuthIdentity).ToCommonAccessToken(targetVersion);
}
else if (httpContext.User is DelegatedPrincipal)
{
commonAccessToken = new CommonAccessToken(8);
commonAccessToken.ExtensionData["DelegatedData"] = IIdentityExtensions.GetSafeName(((DelegatedPrincipal)httpContext.User).Identity, true);
}
else
{
CommonAccessToken commonAccessToken2 = httpContext.Items["Item-CommonAccessToken"] as CommonAccessToken;
if (commonAccessToken2 != null)
{
return(commonAccessToken2);
}
if (httpContext.User.Identity is WindowsIdentity)
{
WindowsIdentity windowsIdentity = httpContext.User.Identity as WindowsIdentity;
string value;
if (HttpContextItemParser.TryGetLiveIdMemberName(httpContext.Items, ref value))
{
commonAccessToken = new CommonAccessToken(3);
commonAccessToken.ExtensionData["UserSid"] = windowsIdentity.User.ToString();
commonAccessToken.ExtensionData["MemberName"] = value;
}
else
{
commonAccessToken = new CommonAccessToken(windowsIdentity);
}
}
}
}
catch (CommonAccessTokenException ex)
{
if (ExTraceGlobals.BriefTracer.IsTraceEnabled(3))
{
ExTraceGlobals.BriefTracer.TraceError <string, CommonAccessTokenException>(0L, "[AspNetHelper::FixupCommonAccessToken] Error encountered when creating CommonAccessToken from current logong identity. User: {0} Exception: {1}.", IIdentityExtensions.GetSafeName(httpContext.User.Identity, true), ex);
}
throw new HttpProxyException(HttpStatusCode.Unauthorized, 3002, string.Format("Error encountered when creating common access token. User: {0}", IIdentityExtensions.GetSafeName(httpContext.User.Identity, true)));
}
return(commonAccessToken);
}
public static CommonAccessToken FixupCommonAccessToken(HttpContext httpContext, int targetVersion)
{
if (!httpContext.Request.IsAuthenticated)
{
return(null);
}
CommonAccessToken commonAccessToken = null;
try
{
if (httpContext.User.Identity is OAuthIdentity)
{
OAuthIdentity oauthIdentity = httpContext.User.Identity as OAuthIdentity;
commonAccessToken = oauthIdentity.ToCommonAccessToken(targetVersion);
}
else if (httpContext.User is DelegatedPrincipal)
{
commonAccessToken = new CommonAccessToken(AccessTokenType.RemotePowerShellDelegated);
commonAccessToken.ExtensionData["DelegatedData"] = ((DelegatedPrincipal)httpContext.User).Identity.GetSafeName(true);
}
else
{
CommonAccessToken commonAccessToken2 = httpContext.Items["Item-CommonAccessToken"] as CommonAccessToken;
if (commonAccessToken2 != null)
{
return(commonAccessToken2);
}
if (httpContext.User.Identity is WindowsIdentity)
{
WindowsIdentity windowsIdentity = httpContext.User.Identity as WindowsIdentity;
string value = httpContext.Items[Constants.WLIDMemberName] as string;
if (!string.IsNullOrEmpty(value))
{
commonAccessToken = new CommonAccessToken(AccessTokenType.LiveIdNego2);
commonAccessToken.ExtensionData["UserSid"] = windowsIdentity.User.ToString();
commonAccessToken.ExtensionData["MemberName"] = value;
}
else
{
commonAccessToken = new CommonAccessToken(windowsIdentity);
}
}
}
}
catch (CommonAccessTokenException arg)
{
ExTraceGlobals.BriefTracer.TraceError <string, CommonAccessTokenException>(0L, "[AspNetHelper::FixupCommonAccessToken] Error encountered when creating CommonAccessToken from current logong identity. User: {0} Exception: {1}.", httpContext.User.Identity.GetSafeName(true), arg);
throw new HttpProxyException(HttpStatusCode.Unauthorized, HttpProxySubErrorCode.UserNotFound, string.Format("Error encountered when creating common access token. User: {0}", httpContext.User.Identity.GetSafeName(true)));
}
return(commonAccessToken);
}
internal static string GetReadableCommonAccessToken(this UserToken userToken)
{
CommonAccessToken commonAccessToken = userToken.CommonAccessToken;
if (commonAccessToken == null)
{
return(null);
}
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.AppendFormat("Type:{0} Version:{1} WinAT:{2}", commonAccessToken.TokenType, commonAccessToken.Version, (commonAccessToken.WindowsAccessToken != null) ? commonAccessToken.WindowsAccessToken.UserSid : "null");
foreach (KeyValuePair <string, string> keyValuePair in commonAccessToken.ExtensionData)
{
stringBuilder.AppendFormat(" {0}:{1}", keyValuePair.Key, keyValuePair.Value);
}
return(stringBuilder.ToString());
}
// Token: 0x060000C2 RID: 194 RVA: 0x00005A6C File Offset: 0x00003C6C
private OrganizationId GetOrganization(CommonAccessToken commonAccessToken, IIdentity identity, AccessTokenType accessTokenType)
{
if (commonAccessToken != null && commonAccessToken.ExtensionData.ContainsKey("OrganizationIdBase64"))
{
string text = commonAccessToken.ExtensionData["OrganizationIdBase64"];
if (!string.IsNullOrEmpty(text))
{
ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[BuildUserTokenModule::GetOrganization] From CAT.");
return(CommonAccessTokenAccessor.DeserializeOrganizationId(text));
}
}
if (identity is LiveIDIdentity)
{
LiveIDIdentity liveIDIdentity = (LiveIDIdentity)identity;
if (liveIDIdentity.UserOrganizationId != null)
{
ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[BuildUserTokenModule::GetOrganization] From LiveIdIdentity.");
return(liveIDIdentity.UserOrganizationId);
}
}
if (identity is SidOAuthIdentity)
{
SidOAuthIdentity sidOAuthIdentity = (SidOAuthIdentity)identity;
if (sidOAuthIdentity.OAuthIdentity != null && !sidOAuthIdentity.OAuthIdentity.IsAppOnly)
{
ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[BuildUserTokenModule::GetOrganization] From SidOAuthIdentity.");
return(sidOAuthIdentity.OAuthIdentity.OrganizationId);
}
}
if (commonAccessToken != null)
{
if (accessTokenType == AccessTokenType.CertificateSid)
{
ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[BuildUserTokenModule::GetOrganization] Certificate - First Org.");
return(OrganizationId.ForestWideOrgId);
}
if (accessTokenType == AccessTokenType.Windows && commonAccessToken.WindowsAccessToken != null)
{
ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[BuildUserTokenModule::GetOrganization] Kerberos - First Org.");
return(OrganizationId.ForestWideOrgId);
}
}
ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[BuildUserTokenModule::GetOrganization] Org=Null.");
return(null);
}
// Token: 0x060000BD RID: 189 RVA: 0x000054FC File Offset: 0x000036FC
private AuthenticationType GetAuthenticationType(CommonAccessToken commonAccessToken, IIdentity identity, out AccessTokenType accessTokenType)
{
AuthenticationType result = AuthenticationType.Unknown;
accessTokenType = AccessTokenType.Anonymous;
if (commonAccessToken != null)
{
if (!Enum.TryParse <AccessTokenType>(commonAccessToken.TokenType, true, out accessTokenType))
{
HttpLogger.SafeAppendGenericError("Invalid-CAT-Type", accessTokenType.ToString(), false);
ExTraceGlobals.UserTokenTracer.TraceError <string>((long)this.GetHashCode(), "[BuildUserTokenModule::GetAuthenticationType] Invalid token type {0}", commonAccessToken.TokenType);
throw new ArgumentException(string.Format("The token type {0} is unexpected.", commonAccessToken.TokenType));
}
ExTraceGlobals.UserTokenTracer.TraceDebug <AccessTokenType>((long)this.GetHashCode(), "[BuildUserTokenModule::GetAuthenticationType] Access token type {0}", accessTokenType);
switch (accessTokenType)
{
case AccessTokenType.Windows:
return(AuthenticationType.Kerberos);
case AccessTokenType.LiveIdBasic:
return(AuthenticationType.LiveIdBasic);
case AccessTokenType.LiveIdNego2:
return(AuthenticationType.LiveIdNego2);
case AccessTokenType.OAuth:
return(AuthenticationType.OAuth);
case AccessTokenType.CertificateSid:
return(AuthenticationType.Certificate);
case AccessTokenType.RemotePowerShellDelegated:
return(AuthenticationType.RemotePowerShellDelegated);
}
HttpLogger.SafeAppendGenericError("NotSupported-CAT-Type", accessTokenType.ToString(), false);
ExTraceGlobals.UserTokenTracer.TraceError <AccessTokenType>((long)this.GetHashCode(), "[BuildUserTokenModule::GetAuthenticationType] Not supported token type {0}", accessTokenType);
throw new NotSupportedException(string.Format("Unknown token type {0}", accessTokenType));
}
else if (identity is SidOAuthIdentity)
{
result = AuthenticationType.OAuth;
}
return(result);
}
// Token: 0x060000BE RID: 190 RVA: 0x00005620 File Offset: 0x00003820
private string GetWindowsLiveId(CommonAccessToken commonAccessToken, AccessTokenType accessTokenType)
{
if (accessTokenType != AccessTokenType.LiveIdBasic)
{
ExTraceGlobals.UserTokenTracer.TraceDebug <AccessTokenType>((long)this.GetHashCode(), "[BuildUserTokenModule::GetWindowsLiveId] accessTokenType={0}", accessTokenType);
return(null);
}
if (commonAccessToken == null)
{
ExTraceGlobals.UserTokenTracer.TraceDebug <AccessTokenType>((long)this.GetHashCode(), "[BuildUserTokenModule::GetWindowsLiveId] commonAccessToken={0}", accessTokenType);
return(null);
}
if (!commonAccessToken.ExtensionData.ContainsKey("MemberName"))
{
ExTraceGlobals.UserTokenTracer.TraceDebug((long)this.GetHashCode(), "[BuildUserTokenModule::GetWindowsLiveId] CAT doesn't contain MemberName");
return(null);
}
return(commonAccessToken.ExtensionData["MemberName"]);
}
internal static UserToken CreateDefaultUserTokenInERC(IIdentity identity, DelegatedPrincipal delegatedPrincipal, bool impersonated)
{
if (!impersonated && delegatedPrincipal != null)
{
CommonAccessToken commonAccessToken = new CommonAccessToken(AccessTokenType.RemotePowerShellDelegated);
commonAccessToken.ExtensionData["DelegatedData"] = delegatedPrincipal.Identity.Name;
return(new UserToken(AuthenticationType.RemotePowerShellDelegated, delegatedPrincipal, null, delegatedPrincipal.Identity.Name, null, null, null, delegatedPrincipal.DelegatedOrganization, false, commonAccessToken));
}
SidOAuthIdentity sidOAuthIdentity = identity as SidOAuthIdentity;
if (sidOAuthIdentity != null)
{
PartitionId partitionId;
PartitionId.TryParse(sidOAuthIdentity.PartitionId, out partitionId);
return(new UserToken(AuthenticationType.OAuth, null, null, sidOAuthIdentity.Name, sidOAuthIdentity.Sid, partitionId, sidOAuthIdentity.OAuthIdentity.OrganizationId, sidOAuthIdentity.ManagedTenantName, false, sidOAuthIdentity.OAuthIdentity.ToCommonAccessTokenVersion1()));
}
WindowsIdentity windowsIdentity = identity as WindowsIdentity;
if (windowsIdentity != null)
{
return(new UserToken(AuthenticationType.Kerberos, null, null, windowsIdentity.Name, windowsIdentity.User, null, null, null, false, new CommonAccessToken(windowsIdentity)));
}
WindowsTokenIdentity windowsTokenIdentity = identity as WindowsTokenIdentity;
if (windowsTokenIdentity != null && windowsTokenIdentity.AccessToken != null && windowsTokenIdentity.AccessToken.CommonAccessToken != null)
{
PartitionId partitionId2;
PartitionId.TryParse(windowsTokenIdentity.PartitionId, out partitionId2);
return(new UserToken(AuthenticationType.Kerberos, null, null, windowsTokenIdentity.Name, windowsTokenIdentity.Sid, partitionId2, null, null, false, windowsTokenIdentity.AccessToken.CommonAccessToken));
}
CommonAccessToken commonAccessToken2 = new CommonAccessToken(AccessTokenType.CertificateSid);
SecurityIdentifier securityIdentifier = identity.GetSecurityIdentifier();
commonAccessToken2.ExtensionData["UserSid"] = securityIdentifier.ToString();
GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity;
if (genericSidIdentity != null)
{
commonAccessToken2.ExtensionData["Partition"] = genericSidIdentity.PartitionId;
}
return(new UserToken(AuthenticationType.Certificate, null, null, identity.Name, securityIdentifier, null, null, null, false, commonAccessToken2));
}
private string GetExecutingUserOrganization(out string organizatonRoutingHint)
{
organizatonRoutingHint = null;
CommonAccessToken commonAccessToken = base.HttpContext.Items["Item-CommonAccessToken"] as CommonAccessToken;
if (commonAccessToken == null)
{
if (base.AuthBehavior.AuthState != AuthState.FrontEndFullAuth)
{
string executingUserOrganization = base.AuthBehavior.GetExecutingUserOrganization();
if (!string.IsNullOrEmpty(executingUserOrganization))
{
organizatonRoutingHint = "LiveIdBasic-UserOrg";
return(executingUserOrganization);
}
}
return(null);
}
switch ((AccessTokenType)Enum.Parse(typeof(AccessTokenType), commonAccessToken.TokenType, true))
{
case AccessTokenType.LiveIdBasic:
{
LiveIdBasicTokenAccessor liveIdBasicTokenAccessor = LiveIdBasicTokenAccessor.Attach(commonAccessToken);
SmtpAddress smtpAddress = new SmtpAddress(liveIdBasicTokenAccessor.LiveIdMemberName);
organizatonRoutingHint = "LiveIdBasic-UserOrg";
return(smtpAddress.Domain);
}
case AccessTokenType.LiveIdNego2:
{
string result;
commonAccessToken.ExtensionData.TryGetValue("OrganizationName", out result);
organizatonRoutingHint = "LiveIdNego2-UserOrg";
return(result);
}
default:
return(null);
}
}
// Token: 0x060000BF RID: 191 RVA: 0x000056A0 File Offset: 0x000038A0
private string GetUserName(CommonAccessToken commonAccessToken, IIdentity identity, AccessTokenType accessTokenType)
{
string windowsLiveId = this.GetWindowsLiveId(commonAccessToken, accessTokenType);
if (!string.IsNullOrWhiteSpace(windowsLiveId))
{
ExTraceGlobals.UserTokenTracer.TraceDebug <string>((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserName] From windows Live Id {0}", windowsLiveId);
return(windowsLiveId);
}
if (commonAccessToken != null && commonAccessToken.WindowsAccessToken != null)
{
ExTraceGlobals.UserTokenTracer.TraceDebug((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserName] From windows access token");
return(commonAccessToken.WindowsAccessToken.LogonName ?? commonAccessToken.WindowsAccessToken.UserSid);
}
DelegatedPrincipal delegatedPrincipal = HttpContext.Current.User as DelegatedPrincipal;
if (delegatedPrincipal != null)
{
ExTraceGlobals.UserTokenTracer.TraceDebug <string>((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserName] From delegated principal {0}", delegatedPrincipal.ToString());
return(delegatedPrincipal.GetUserName());
}
try
{
return(identity.GetSafeName(true));
}
catch (Exception ex)
{
ExTraceGlobals.UserTokenTracer.TraceError <Exception>((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserName] GetSafeName throws exception {0}", ex);
HttpLogger.SafeAppendGenericError("BuildUserTokenModule.GetUserName", ex.ToString(), false);
}
SecurityIdentifier userSid = this.GetUserSid(commonAccessToken, identity);
if (userSid != null)
{
ExTraceGlobals.UserTokenTracer.TraceDebug <string>((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserName] From user sid {0}", userSid.ToString());
return(userSid.ToString());
}
return(null);
}
private static ADRawEntry GetCallerAdEntry(HttpContext httpContext)
{
if (!httpContext.Items.Contains(Constants.CallerADRawEntryKeyName))
{
CommonAccessToken commonAccessToken = httpContext.Items["Item-CommonAccessToken"] as CommonAccessToken;
if (commonAccessToken == null)
{
throw new InvalidOperationException("CAT token not present - cannot lookup LiveIdBasic user's AD entry.");
}
ADRawEntry value = null;
LatencyTracker latencyTracker = (LatencyTracker)httpContext.Items[Constants.LatencyTrackerContextKeyName];
LiveIdBasicTokenAccessor accessor = LiveIdBasicTokenAccessor.Attach(commonAccessToken);
if (accessor.TokenType == AccessTokenType.LiveIdBasic)
{
ExTraceGlobals.VerboseTracer.TraceDebug <string, string>(0L, "[Extensions::GetFullCallerIdentity] Calling AD to convert PUID {0} for LiveIdMemberName {1} to SID to construct GenericSidIdentity.", accessor.Puid, accessor.LiveIdMemberName);
ITenantRecipientSession session = DirectoryHelper.GetTenantRecipientSessionFromSmtpOrLiveId(latencyTracker, accessor.LiveIdMemberName, false);
value = DirectoryHelper.InvokeAccountForest(latencyTracker, () => session.FindUniqueEntryByNetID(accessor.Puid, null, UserBasedAnchorMailbox.ADRawEntryPropertySet));
}
httpContext.Items[Constants.CallerADRawEntryKeyName] = value;
}
return((ADRawEntry)httpContext.Items[Constants.CallerADRawEntryKeyName]);
}
// Token: 0x060000E5 RID: 229 RVA: 0x000055DC File Offset: 0x000037DC
public static AnchorMailbox CreateFromCaller(IRequestContext requestContext)
{
if (requestContext == null)
{
throw new ArgumentNullException("requestContext");
}
CommonAccessToken commonAccessToken = requestContext.HttpContext.Items["Item-CommonAccessToken"] as CommonAccessToken;
if (commonAccessToken != null)
{
AnchorMailbox anchorMailbox = AnchorMailboxFactory.TryCreateFromCommonAccessToken(commonAccessToken, requestContext);
if (anchorMailbox != null)
{
return(anchorMailbox);
}
}
if (requestContext.HttpContext.User == null || requestContext.HttpContext.User.Identity == null)
{
requestContext.Logger.SafeSet(3, "UnauthenticatedRequest-RandomBackEnd");
return(new AnonymousAnchorMailbox(requestContext));
}
if (HttpProxySettings.IdentityIndependentAuthBehaviorEnabled.Value && requestContext.AuthBehavior.AuthState != AuthState.FrontEndFullAuth)
{
AnchorMailbox anchorMailbox2 = requestContext.AuthBehavior.CreateAuthModuleSpecificAnchorMailbox(requestContext);
if (anchorMailbox2 != null)
{
return(anchorMailbox2);
}
}
WindowsIdentity windowsIdentity = requestContext.HttpContext.User.Identity as WindowsIdentity;
if (windowsIdentity != null && windowsIdentity.User == null)
{
requestContext.Logger.SafeSet(3, "AnonymousRequest-RandomBackEnd");
return(new AnonymousAnchorMailbox(requestContext));
}
return(AnchorMailboxFactory.CreateFromLogonIdentity(requestContext));
}
internal static void UniformCommonAccessToken(this UserToken userToken)
{
CommonAccessToken commonAccessToken = userToken.CommonAccessToken;
if (commonAccessToken == null)
{
return;
}
CommonAccessToken commonAccessToken2 = CommonAccessToken.Deserialize(commonAccessToken.Serialize());
commonAccessToken2.Version = 0;
commonAccessToken2.ExtensionData.Clear();
foreach (string key in UserTokenHelper.WinRMCATExtensionDataKeys)
{
if (commonAccessToken.ExtensionData.ContainsKey(key))
{
commonAccessToken2.ExtensionData[key] = commonAccessToken.ExtensionData[key];
}
}
if (!commonAccessToken2.ExtensionData.ContainsKey("UserSid") && userToken.UserSid != null)
{
commonAccessToken2.ExtensionData["UserSid"] = userToken.UserSid.ToString();
}
}
private static AnchorMailbox TryCreateFromCommonAccessToken(CommonAccessToken cat, IRequestContext requestContext)
{
AccessTokenType accessTokenType = (AccessTokenType)Enum.Parse(typeof(AccessTokenType), cat.TokenType, true);
if (accessTokenType == AccessTokenType.CompositeIdentity)
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-CompositeIdentity");
cat = CommonAccessToken.Deserialize(cat.ExtensionData["PrimaryIdentityToken"]);
accessTokenType = (AccessTokenType)Enum.Parse(typeof(AccessTokenType), cat.TokenType, true);
}
switch (accessTokenType)
{
case AccessTokenType.Windows:
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-Windows");
return(new SidAnchorMailbox(cat.WindowsAccessToken.UserSid, requestContext));
case AccessTokenType.LiveId:
{
LiveIdFbaTokenAccessor liveIdFbaTokenAccessor = LiveIdFbaTokenAccessor.Attach(cat);
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-LiveId");
return(new SidAnchorMailbox(liveIdFbaTokenAccessor.UserSid, requestContext)
{
OrganizationId = liveIdFbaTokenAccessor.OrganizationId,
SmtpOrLiveId = liveIdFbaTokenAccessor.LiveIdMemberName
});
}
case AccessTokenType.LiveIdBasic:
{
LiveIdBasicTokenAccessor liveIdBasicTokenAccessor = LiveIdBasicTokenAccessor.Attach(cat);
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-LiveIdBasic");
if (liveIdBasicTokenAccessor.UserSid != null)
{
return(new SidAnchorMailbox(liveIdBasicTokenAccessor.UserSid, requestContext)
{
OrganizationId = liveIdBasicTokenAccessor.OrganizationId,
SmtpOrLiveId = liveIdBasicTokenAccessor.LiveIdMemberName
});
}
return(new PuidAnchorMailbox(liveIdBasicTokenAccessor.Puid, liveIdBasicTokenAccessor.LiveIdMemberName, requestContext));
}
case AccessTokenType.LiveIdNego2:
{
string sid = cat.ExtensionData["UserSid"];
string value;
cat.ExtensionData.TryGetValue("OrganizationName", out value);
string smtpOrLiveId;
cat.ExtensionData.TryGetValue("MemberName", out smtpOrLiveId);
if (!string.IsNullOrEmpty(value) && requestContext.Logger != null)
{
requestContext.Logger.ActivityScope.SetProperty(ActivityStandardMetadata.TenantId, value);
}
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-LiveIdNego2");
return(new SidAnchorMailbox(sid, requestContext)
{
SmtpOrLiveId = smtpOrLiveId
});
}
case AccessTokenType.OAuth:
return(null);
case AccessTokenType.Adfs:
return(null);
case AccessTokenType.CertificateSid:
{
ADRawEntry httpContextADRawEntry = AuthCommon.GetHttpContextADRawEntry(requestContext.HttpContext);
if (httpContextADRawEntry != null)
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-CertificateSid");
return(new UserADRawEntryAnchorMailbox(httpContextADRawEntry, requestContext));
}
CertificateSidTokenAccessor certificateSidTokenAccessor = CertificateSidTokenAccessor.Attach(cat);
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-CertificateSid");
return(new SidAnchorMailbox(certificateSidTokenAccessor.UserSid, requestContext)
{
PartitionId = certificateSidTokenAccessor.PartitionId
});
}
case AccessTokenType.RemotePowerShellDelegated:
return(null);
}
return(null);
}
private IAuthenticationInfo GetPrincipal(OperationContext operationContext)
{
MRSProxyAuthorizationManager.AuthenticationData authenticationData = this.GetAuthenticationData(operationContext);
if (authenticationData.AuthenticationInfo != null)
{
return(authenticationData.AuthenticationInfo);
}
IAuthenticationInfo authenticationInfo = base.Authenticate(operationContext);
if (authenticationInfo == null)
{
return(null);
}
if (operationContext.Channel.LocalAddress.Uri.Scheme == "net.tcp" || this.TestIntegration.UseHttpsForLocalMoves)
{
return(authenticationInfo);
}
WindowsPrincipal windowsPrincipal = authenticationInfo.WindowsPrincipal;
WindowsIdentity windowsIdentity = windowsPrincipal.Identity as WindowsIdentity;
using (ClientSecurityContext clientSecurityContext = new ClientSecurityContext(windowsIdentity))
{
if (!LocalServer.AllowsTokenSerializationBy(clientSecurityContext))
{
MrsTracer.ProxyService.Debug("MRSProxyAuthorizationManager: User {0} does not have the permission to serialize security token.", new object[]
{
authenticationInfo.PrincipalName
});
return(null);
}
}
object obj;
if (!OperationContext.Current.IncomingMessageProperties.TryGetValue(HttpRequestMessageProperty.Name, out obj))
{
return(null);
}
HttpRequestMessageProperty httpRequestMessageProperty = obj as HttpRequestMessageProperty;
if (httpRequestMessageProperty == null)
{
return(null);
}
string[] values = httpRequestMessageProperty.Headers.GetValues("X-CommonAccessToken");
if (values == null || values.Length != 1)
{
return(null);
}
string text = values[0];
if (string.IsNullOrEmpty(text))
{
return(null);
}
using (ClientSecurityContext clientSecurityContext2 = new ClientSecurityContext(windowsIdentity))
{
if (!LocalServer.AllowsTokenSerializationBy(clientSecurityContext2))
{
MrsTracer.ProxyService.Debug("MRSProxyAuthorizationManager: User {0} does not have the permission to serialize security token.", new object[]
{
windowsIdentity
});
return(null);
}
}
CommonAccessToken commonAccessToken = CommonAccessToken.Deserialize(text);
SecurityIdentifier securityIdentifier = new SecurityIdentifier(commonAccessToken.WindowsAccessToken.UserSid);
IRootOrganizationRecipientSession rootOrganizationRecipientSession = DirectorySessionFactory.Default.CreateRootOrgRecipientSession(true, ConsistencyMode.PartiallyConsistent, ADSessionSettings.FromRootOrgScopeSet(), 300, "GetPrincipal", "f:\\15.00.1497\\sources\\dev\\mrs\\src\\ProxyService\\MRSProxyAuthorizationManager.cs");
ADRawEntry adrawEntry = rootOrganizationRecipientSession.FindADRawEntryBySid(securityIdentifier, MRSProxyAuthorizationManager.userPrincipalName);
if (adrawEntry == null)
{
authenticationData.AuthenticationInfo = new AuthenticationInfo(securityIdentifier);
}
else
{
string sUserPrincipalName = (string)adrawEntry[ADUserSchema.UserPrincipalName];
windowsIdentity = new WindowsIdentity(sUserPrincipalName);
authenticationData.AuthenticationInfo = new AuthenticationInfo(windowsIdentity, windowsIdentity.Name);
}
return(authenticationData.AuthenticationInfo);
}
// Token: 0x06000058 RID: 88 RVA: 0x00003368 File Offset: 0x00001568
private void Deserialize(Stream stream)
{
using (BinaryReader binaryReader = new BinaryReader(stream))
{
this.ReadAndValidateFieldType(binaryReader, 'V', Strings.MissingVersion);
this.Version = this.BinaryRead <ushort>(new Func <ushort>(binaryReader.ReadUInt16), Strings.MissingVersion);
this.ReadAndValidateFieldType(binaryReader, 'A', Strings.MissingAuthenticationType);
string value = this.BinaryRead <string>(new Func <string>(binaryReader.ReadString), Strings.MissingAuthenticationType);
AuthenticationType authenticationType;
if (!Enum.TryParse <AuthenticationType>(value, out authenticationType))
{
ExTraceGlobals.UserTokenTracer.TraceError <AuthenticationType>(0L, "Invalid authentication type {0}", authenticationType);
throw new UserTokenException(Strings.InvalidDelegatedPrincipal(value));
}
this.AuthenticationType = authenticationType;
this.ReadAndValidateFieldType(binaryReader, 'D', Strings.MissingDelegatedPrincipal);
string text = this.ReadNullableString(binaryReader, Strings.MissingDelegatedPrincipal);
DelegatedPrincipal delegatedPrincipal = null;
if (text != null && !DelegatedPrincipal.TryParseDelegatedString(text, out delegatedPrincipal))
{
ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid delegated principal {0}", text);
throw new UserTokenException(Strings.InvalidDelegatedPrincipal(text));
}
this.DelegatedPrincipal = delegatedPrincipal;
this.ReadAndValidateFieldType(binaryReader, 'L', Strings.MissingWindowsLiveId);
this.WindowsLiveId = this.ReadNullableString(binaryReader, Strings.MissingWindowsLiveId);
this.ReadAndValidateFieldType(binaryReader, 'N', Strings.MissingUserName);
this.UserName = this.ReadNullableString(binaryReader, Strings.MissingUserName);
this.ReadAndValidateFieldType(binaryReader, 'U', Strings.MissingUserSid);
string text2 = this.ReadNullableString(binaryReader, Strings.MissingUserSid);
if (text2 != null)
{
try
{
this.UserSid = new SecurityIdentifier(text2);
}
catch (ArgumentException innerException)
{
ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid user sid {0}", text2);
throw new UserTokenException(Strings.InvalidUserSid(text2), innerException);
}
}
this.ReadAndValidateFieldType(binaryReader, 'P', Strings.MissingPartitionId);
string text3 = this.ReadNullableString(binaryReader, Strings.MissingPartitionId);
PartitionId partitionId = null;
if (text3 != null && !PartitionId.TryParse(text3, out partitionId))
{
ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid partition id {0}", text3);
throw new UserTokenException(Strings.InvalidPartitionId(text3));
}
this.PartitionId = partitionId;
this.ReadAndValidateFieldType(binaryReader, 'O', Strings.MissingOrganization);
string text4 = this.ReadNullableString(binaryReader, Strings.MissingOrganization);
if (text4 != null)
{
byte[] bytes;
try
{
bytes = Convert.FromBase64String(text4);
}
catch (FormatException innerException2)
{
ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid organization id {0}", text4);
throw new UserTokenException(Strings.InvalidOrganization(text4), innerException2);
}
OrganizationId organization;
if (!OrganizationId.TryCreateFromBytes(bytes, Encoding.UTF8, out organization))
{
ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid organization id {0}", text4);
throw new UserTokenException(Strings.InvalidOrganization(text4));
}
this.Organization = organization;
}
this.ReadAndValidateFieldType(binaryReader, 'M', Strings.MissingManagedOrganization);
this.ManagedOrganization = this.ReadNullableString(binaryReader, Strings.MissingManagedOrganization);
this.ReadAndValidateFieldType(binaryReader, 'W', Strings.MissingAppPasswordUsed);
this.AppPasswordUsed = this.BinaryRead <bool>(new Func <bool>(binaryReader.ReadBoolean), Strings.MissingAppPasswordUsed);
int num = (int)(binaryReader.BaseStream.Length - binaryReader.BaseStream.Position);
if (num > 0)
{
byte[] array = binaryReader.ReadBytes(num);
array = this.Decompress(array);
this.CommonAccessToken = CommonAccessToken.Deserialize(Encoding.UTF8.GetString(array));
}
else
{
this.CommonAccessToken = null;
}
}
}
public CallerInfo(bool isOpenAsAdmin, CommonAccessToken commonAccessToken, ClientSecurityContext securityContext, string primarySmtpAddress, OrganizationId orgId, string[] userRoles, string[] applicationRoles) : this(isOpenAsAdmin, commonAccessToken, securityContext, primarySmtpAddress, orgId, string.Empty, Guid.NewGuid(), userRoles, applicationRoles)
{
}
// Token: 0x060000C4 RID: 196 RVA: 0x00005C23 File Offset: 0x00003E23
private bool GetAppPasswordUsed(CommonAccessToken commonAccessToken)
{
return(commonAccessToken != null && commonAccessToken.ExtensionData.ContainsKey("AppPasswordUsed") && commonAccessToken.ExtensionData["AppPasswordUsed"] == "1");
}
// Token: 0x060000EA RID: 234 RVA: 0x00005B50 File Offset: 0x00003D50
private static AnchorMailbox TryCreateFromCommonAccessToken(CommonAccessToken cat, IRequestContext requestContext)
{
AccessTokenType accessTokenType = (AccessTokenType)Enum.Parse(typeof(AccessTokenType), cat.TokenType, true);
if (accessTokenType == 5)
{
requestContext.Logger.SafeSet(3, "CommonAccessToken-CompositeIdentity");
cat = CommonAccessToken.Deserialize(cat.ExtensionData["PrimaryIdentityToken"]);
accessTokenType = (AccessTokenType)Enum.Parse(typeof(AccessTokenType), cat.TokenType, true);
}
switch (accessTokenType)
{
case 0:
requestContext.Logger.SafeSet(3, "CommonAccessToken-Windows");
return(new SidAnchorMailbox(cat.WindowsAccessToken.UserSid, requestContext));
case 1:
{
LiveIdFbaTokenAccessor liveIdFbaTokenAccessor = LiveIdFbaTokenAccessor.Attach(cat);
requestContext.Logger.SafeSet(3, "CommonAccessToken-LiveId");
return(new SidAnchorMailbox(liveIdFbaTokenAccessor.UserSid, requestContext)
{
OrganizationId = liveIdFbaTokenAccessor.OrganizationId,
SmtpOrLiveId = liveIdFbaTokenAccessor.LiveIdMemberName
});
}
case 2:
{
LiveIdBasicTokenAccessor liveIdBasicTokenAccessor = LiveIdBasicTokenAccessor.Attach(cat);
requestContext.Logger.SafeSet(3, "CommonAccessToken-LiveIdBasic");
if (liveIdBasicTokenAccessor.UserSid != null)
{
return(new SidAnchorMailbox(liveIdBasicTokenAccessor.UserSid, requestContext)
{
OrganizationId = liveIdBasicTokenAccessor.OrganizationId,
SmtpOrLiveId = liveIdBasicTokenAccessor.LiveIdMemberName
});
}
if (SmtpAddress.IsValidSmtpAddress(liveIdBasicTokenAccessor.LiveIdMemberName))
{
string domain = SmtpAddress.Parse(liveIdBasicTokenAccessor.LiveIdMemberName).Domain;
return(new PuidAnchorMailbox(liveIdBasicTokenAccessor.Puid, domain, requestContext));
}
return(null);
}
case 3:
{
string sid = cat.ExtensionData["UserSid"];
string text;
cat.ExtensionData.TryGetValue("OrganizationName", out text);
string smtpOrLiveId;
cat.ExtensionData.TryGetValue("MemberName", out smtpOrLiveId);
if (!string.IsNullOrEmpty(text) && requestContext.Logger != null)
{
requestContext.Logger.ActivityScope.SetProperty(5, text);
}
requestContext.Logger.SafeSet(3, "CommonAccessToken-LiveIdNego2");
return(new SidAnchorMailbox(sid, requestContext)
{
SmtpOrLiveId = smtpOrLiveId
});
}
case 4:
return(null);
case 6:
return(null);
case 7:
{
ADRawEntry httpContextADRawEntry = AuthCommon.GetHttpContextADRawEntry(requestContext.HttpContext);
if (httpContextADRawEntry != null)
{
requestContext.Logger.SafeSet(3, "CommonAccessToken-CertificateSid");
return(new UserADRawEntryAnchorMailbox(httpContextADRawEntry, requestContext));
}
CertificateSidTokenAccessor certificateSidTokenAccessor = CertificateSidTokenAccessor.Attach(cat);
requestContext.Logger.SafeSet(3, "CommonAccessToken-CertificateSid");
return(new SidAnchorMailbox(certificateSidTokenAccessor.UserSid, requestContext)
{
PartitionId = certificateSidTokenAccessor.PartitionId
});
}
case 8:
return(null);
}
return(null);
}
// Token: 0x06000039 RID: 57 RVA: 0x00002E5C File Offset: 0x0000105C
internal UserToken(AuthenticationType authenticationType, DelegatedPrincipal delegatedPrincipal, string windowsLiveId, string userName, SecurityIdentifier userSid, PartitionId partitionId, OrganizationId organization, string managedOrganization, bool appPasswordUsed, CommonAccessToken commonAccessToken)
{
ExTraceGlobals.UserTokenTracer.TraceDebug(0L, "Version:{0}; AuthenticationType:{1}; DelegatedPrincipal:{2} WindowsLiveId:{3}; UserName:{4}; UserSid:{5}; PartitionId:{6}; Organization:{7}; ManagedOrg:{8};AppPasswordUsed:{9}; CAT:{10}", new object[]
{
0,
authenticationType,
delegatedPrincipal,
windowsLiveId,
userName,
userSid,
partitionId,
organization,
managedOrganization,
appPasswordUsed,
commonAccessToken
});
this.Version = 0;
this.AuthenticationType = authenticationType;
this.DelegatedPrincipal = delegatedPrincipal;
this.WindowsLiveId = windowsLiveId;
this.UserName = userName;
this.UserSid = userSid;
this.PartitionId = partitionId;
this.Organization = organization;
this.ManagedOrganization = managedOrganization;
this.AppPasswordUsed = appPasswordUsed;
this.CommonAccessToken = commonAccessToken;
}
