// Token: 0x06000285 RID: 645 RVA: 0x000117FC File Offset: 0x0000F9FC
private static bool CheckClaimSetsForPartnerUser(AuthorizationContext authorizationContext, OperationContext operationContext)
{
HttpContext.Current.Items["AuthType"] = "Partner";
PerformanceCounters.UpdateRequestsReceivedWithPartnerToken();
ReadOnlyCollection <ClaimSet> claimSets = authorizationContext.ClaimSets;
claimSets.TraceClaimSets();
DelegatedPrincipal delegatedPrincipal = null;
OrganizationId delegatedOrganizationId = null;
string text = null;
if (!PartnerToken.TryGetDelegatedPrincipalAndOrganizationId(claimSets, out delegatedPrincipal, out delegatedOrganizationId, out text))
{
ExTraceGlobals.AuthenticationTracer.TraceError <string>(0L, "[AutodiscoverAuthorizationManager.CheckClaimSetsForPartnerUser] unable to create partner identity, error message: {0}", text);
PerformanceCounters.UpdateUnauthorizedRequestsReceivedWithPartnerToken();
AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, text);
return(false);
}
ExTraceGlobals.AuthenticationTracer.TraceDebug <DelegatedPrincipal>(0L, "[AutodiscoverAuthorizationManager.CheckClaimSetsForPartnerUser] ws-security header contains the partner identity: {0}", delegatedPrincipal);
string text2 = delegatedPrincipal.ToString();
if (!string.IsNullOrEmpty(text2))
{
AutodiscoverAuthorizationManager.PushUserAndOrgInfoToContext(text2, text2.Split(new char[]
{
'\\'
})[0]);
}
HttpContext.Current.User = new WindowsPrincipal(PartnerIdentity.Create(delegatedPrincipal, delegatedOrganizationId));
return(true);
}
public static AnchorRunspaceProxy CreateRunspaceForDelegatedPartner(AnchorContext context, DelegatedPrincipal delegatedPartnerAdmin, string tenantOrganization)
{
AnchorUtil.ThrowOnNullArgument(delegatedPartnerAdmin, "delegatedTenantAdmin");
AnchorUtil.ThrowOnNullOrEmptyArgument(tenantOrganization, "tenantOrganization");
context.Logger.Log(MigrationEventType.Verbose, "AnchorRunspaceProxy. Creating delegated partner runspace proxy for user {0}", new object[]
{
delegatedPartnerAdmin
});
ExchangeRunspaceConfigurationSettings configSettings = new ExchangeRunspaceConfigurationSettings(ExchangeRunspaceConfigurationSettings.ExchangeApplication.SimpleDataMigration, tenantOrganization, ExchangeRunspaceConfigurationSettings.GetDefaultInstance().CurrentSerializationLevel);
return(new AnchorRunspaceProxy(context, AnchorRunspaceProxy.RunspaceFactoryWithDCAffinity.CreateRbacFactory(context, delegatedPartnerAdmin.ToString(), delegatedPartnerAdmin.Identity, configSettings)));
}
public static AnchorRunspaceProxy CreateRunspaceForDelegatedTenantAdmin(AnchorContext context, DelegatedPrincipal delegatedTenantAdmin)
{
AnchorUtil.ThrowOnNullArgument(delegatedTenantAdmin, "delegatedTenantAdmin");
context.Logger.Log(MigrationEventType.Verbose, "AnchorRunspaceProxy. Creating delegated runspace proxy for user {0}", new object[]
{
delegatedTenantAdmin
});
ExchangeRunspaceConfigurationSettings configSettings = new ExchangeRunspaceConfigurationSettings(ExchangeRunspaceConfigurationSettings.ExchangeApplication.SimpleDataMigration, null, ExchangeRunspaceConfigurationSettings.SerializationLevel.None);
return(new AnchorRunspaceProxy(context, AnchorRunspaceProxy.RunspaceFactoryWithDCAffinity.CreateRbacFactory(context, delegatedTenantAdmin.ToString(), delegatedTenantAdmin.Identity, configSettings)));
}
internal static ClientSecurityContext GetSecurityContextForUser(ISecurityAccessToken executingUser, DelegatedPrincipal delegatedPrincipal, ADUser trackedUser)
{
bool enabled = VariantConfiguration.InvariantNoFlightingSnapshot.Global.MultiTenancy.Enabled;
ExTraceGlobals.TaskTracer.TraceDebug <string, string, bool>(0L, "executing-user={0}, tracked-user={1}, ismultitenancyenabled={2}", (executingUser != null) ? executingUser.UserSid.ToString() : delegatedPrincipal.ToString(), trackedUser.Sid.Value, enabled);
if (!enabled || (executingUser != null && string.Equals(executingUser.UserSid, trackedUser.Sid.Value, StringComparison.OrdinalIgnoreCase)))
{
ExTraceGlobals.TaskTracer.TraceDebug(0L, "executing-user == tracked-user or we are not running in a Multi Tenant environment.");
return(new ClientSecurityContext(executingUser, AuthzFlags.AuthzSkipTokenGroups));
}
WindowsIdentity identity;
try
{
ExTraceGlobals.TaskTracer.TraceDebug(0L, "executing-user != tracked-user");
if (string.IsNullOrEmpty(trackedUser.UserPrincipalName))
{
ExTraceGlobals.TaskTracer.TraceError <ADObjectId>(0L, "Null/Empty UPN for user {0}", trackedUser.Id);
Strings.TrackingErrorUserObjectCorrupt(trackedUser.Id.ToString(), "UserPrincipalName");
string data = string.Format("Missing UserPrincipalName attribute for user {0}", trackedUser.Id.ToString());
TrackingError trackingError = new TrackingError(ErrorCode.InvalidADData, string.Empty, data, string.Empty);
throw new TrackingFatalException(trackingError, null, false);
}
identity = new WindowsIdentity(trackedUser.UserPrincipalName);
}
catch (UnauthorizedAccessException ex)
{
ExTraceGlobals.TaskTracer.TraceError <string, UnauthorizedAccessException>(0L, "Not authorized to get WindowsIdentity for {0}, Exception: {1}", trackedUser.UserPrincipalName, ex);
TrackingError trackingError2 = new TrackingError(ErrorCode.UnexpectedErrorPermanent, string.Empty, string.Format("Cannot logon as {0}", trackedUser.Id.ToString()), ex.ToString());
throw new TrackingFatalException(trackingError2, ex, false);
}
catch (SecurityException arg)
{
ExTraceGlobals.TaskTracer.TraceError <string, SecurityException>(0L, "Not authorized to get WindowsIdentity for {0}, falling back to ExecutingUser, Exception: {1}", trackedUser.UserPrincipalName, arg);
return(new ClientSecurityContext(executingUser, AuthzFlags.AuthzSkipTokenGroups));
}
return(new ClientSecurityContext(identity));
}
// Token: 0x060000BF RID: 191 RVA: 0x000056A0 File Offset: 0x000038A0
private string GetUserName(CommonAccessToken commonAccessToken, IIdentity identity, AccessTokenType accessTokenType)
{
string windowsLiveId = this.GetWindowsLiveId(commonAccessToken, accessTokenType);
if (!string.IsNullOrWhiteSpace(windowsLiveId))
{
ExTraceGlobals.UserTokenTracer.TraceDebug <string>((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserName] From windows Live Id {0}", windowsLiveId);
return(windowsLiveId);
}
if (commonAccessToken != null && commonAccessToken.WindowsAccessToken != null)
{
ExTraceGlobals.UserTokenTracer.TraceDebug((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserName] From windows access token");
return(commonAccessToken.WindowsAccessToken.LogonName ?? commonAccessToken.WindowsAccessToken.UserSid);
}
DelegatedPrincipal delegatedPrincipal = HttpContext.Current.User as DelegatedPrincipal;
if (delegatedPrincipal != null)
{
ExTraceGlobals.UserTokenTracer.TraceDebug <string>((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserName] From delegated principal {0}", delegatedPrincipal.ToString());
return(delegatedPrincipal.GetUserName());
}
try
{
return(identity.GetSafeName(true));
}
catch (Exception ex)
{
ExTraceGlobals.UserTokenTracer.TraceError <Exception>((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserName] GetSafeName throws exception {0}", ex);
HttpLogger.SafeAppendGenericError("BuildUserTokenModule.GetUserName", ex.ToString(), false);
}
SecurityIdentifier userSid = this.GetUserSid(commonAccessToken, identity);
if (userSid != null)
{
ExTraceGlobals.UserTokenTracer.TraceDebug <string>((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserName] From user sid {0}", userSid.ToString());
return(userSid.ToString());
}
return(null);
}
