Example #1
0
        public static void WriteHeadersToResponse(HttpContext httpContext, string headers, bool useConsumerRps)
        {
            HttpResponse response = httpContext.Response;

            if (!"no-cache".Equals(response.CacheControl, StringComparison.OrdinalIgnoreCase) && !"no-store".Equals(response.CacheControl, StringComparison.OrdinalIgnoreCase) && !"private".Equals(response.CacheControl, StringComparison.OrdinalIgnoreCase))
            {
                response.Cache.SetCacheability(HttpCacheability.NoCache, "set-cookie");
            }
            try
            {
                using (RPSHttpAuth rpshttpAuth = new RPSHttpAuth(LiveIdAuthentication.rpsOrgIdSession))
                {
                    if (AuthCommon.IsFrontEnd || CafeHelper.IsFromNativeProxy(httpContext.Request))
                    {
                        rpshttpAuth.WriteHeaders(response, headers);
                    }
                    else
                    {
                        response.SetCookie(new HttpCookie("CopyLiveIdAuthCookieFromBE", HttpUtility.UrlEncode(headers)));
                    }
                }
            }
            catch (COMException e)
            {
                LiveIdErrorHandler.ThrowRPSException(e);
            }
        }
Example #2
0
        public static bool ValidateWithSlidingWindow(RPSTicket rpsTicket, TimeSpan slidingWindow)
        {
            RPSPropBag rpspropBag = null;

            try
            {
                rpspropBag = new RPSPropBag(LiveIdAuthentication.rpsOrgIdSession);
                rpspropBag["SlidingWindow"] = slidingWindow.TotalSeconds;
                if (!rpsTicket.Validate(rpspropBag))
                {
                    int num = (int)rpspropBag["ReasonHR"];
                    if (num == -2147184087)
                    {
                        return(false);
                    }
                }
            }
            catch (COMException e)
            {
                LiveIdErrorHandler.ThrowRPSException(e);
            }
            finally
            {
                if (rpspropBag != null)
                {
                    rpspropBag.Dispose();
                }
            }
            return(true);
        }
Example #3
0
 private static void ValidateRpsCallAndThrowOnFailure(int?rpsErrorCode, string rpsErrorString)
 {
     try
     {
         if (rpsErrorCode != null)
         {
             rpsErrorString = (string.IsNullOrWhiteSpace(rpsErrorString) ? "An error occurred calling RPS" : rpsErrorString);
             ExTraceGlobals.LiveIdAuthenticationModuleTracer.TraceDebug <int, string>(0L, "RPSHttpAuthClient failed with error code {0} and message {1}.", rpsErrorCode.Value, rpsErrorString);
             throw new COMException(rpsErrorString, rpsErrorCode.Value);
         }
     }
     catch (COMException e)
     {
         LiveIdErrorHandler.ThrowRPSException(e);
     }
 }
Example #4
0
 public static void Initialize(string virtualDirectoryNameParam, bool sslOffloadedParam)
 {
     if (!string.IsNullOrEmpty(virtualDirectoryNameParam) && (virtualDirectoryNameParam.StartsWith("/", StringComparison.OrdinalIgnoreCase) || virtualDirectoryNameParam.EndsWith("/", StringComparison.OrdinalIgnoreCase)))
     {
         throw new ArgumentException("virtualDirectoryNameParam should not contain leading or trailing slashes", "virtualDirectoryNameParam");
     }
     if (!string.IsNullOrEmpty(virtualDirectoryNameParam))
     {
         LiveIdAuthentication.virtualDirectoryNameWithLeadingSlash = "/" + virtualDirectoryNameParam;
     }
     try
     {
         RPS rps = new RPS();
         rps.Initialize(null);
         LiveIdAuthentication.rpsOrgIdSession = rps;
     }
     catch (COMException e)
     {
         LiveIdAuthentication.rpsOrgIdSession = null;
         LiveIdErrorHandler.ThrowRPSException(e);
     }
     LiveIdAuthentication.sslOffloaded = sslOffloadedParam;
 }
Example #5
0
        public static bool Authenticate(HttpContext httpContext, string siteName, string authPolicyOverrideValue, string[] memberNameIgnorePrefixes, bool useConsumerRps, out string puid, out string orgIdPuid, out string cid, out string membername, out uint issueTime, out uint loginAttributes, out string responseHeaders, out uint rpsTicketType, out RPSTicket deprecatedRpsTicketObject, out bool hasAcceptedAccrual, out uint rpsAuthState, out bool isOrgIdFederatedMsaIdentity)
        {
            if (!LiveIdAuthentication.IsInitialized)
            {
                throw new InvalidOperationException(Strings.ComponentNotInitialized);
            }
            if (siteName == null)
            {
                throw new ArgumentNullException("siteName");
            }
            hasAcceptedAccrual = false;
            puid                        = null;
            orgIdPuid                   = null;
            cid                         = null;
            membername                  = null;
            issueTime                   = 0U;
            loginAttributes             = 0U;
            responseHeaders             = null;
            rpsTicketType               = 0U;
            deprecatedRpsTicketObject   = null;
            rpsAuthState                = 0U;
            isOrgIdFederatedMsaIdentity = false;
            RPSPropBag rpspropBag = null;
            string     text       = httpContext.Request.QueryString["f"];

            if (!string.IsNullOrEmpty(text))
            {
                ExTraceGlobals.LiveIdAuthenticationModuleTracer.TraceError <string>(0L, "Querystring contains F-code: {0}.", text);
                return(false);
            }
            try
            {
                if (!useConsumerRps)
                {
                    rpspropBag = new RPSPropBag(LiveIdAuthentication.rpsOrgIdSession);
                }
                RPSProfile rpsprofile = null;
                using (RPSHttpAuthClient rpshttpAuthClient = LiveIdAuthentication.CreateRPSClient(useConsumerRps))
                {
                    int?   rpsErrorCode;
                    string rpsErrorString;
                    rpsprofile = rpshttpAuthClient.Authenticate(siteName, authPolicyOverrideValue, LiveIdAuthentication.sslOffloaded, httpContext.Request, rpspropBag, out rpsErrorCode, out rpsErrorString, out deprecatedRpsTicketObject);
                    LiveIdAuthentication.ValidateRpsCallAndThrowOnFailure(rpsErrorCode, rpsErrorString);
                }
                if (rpsprofile == null)
                {
                    return(false);
                }
                if (!useConsumerRps && deprecatedRpsTicketObject != null)
                {
                    try
                    {
                        using (RPSPropBag rpspropBag2 = new RPSPropBag(LiveIdAuthentication.rpsOrgIdSession))
                        {
                            rpspropBag2["SlidingWindow"] = 0;
                            if (!string.IsNullOrEmpty(authPolicyOverrideValue))
                            {
                                rpspropBag2["AuthPolicy"] = authPolicyOverrideValue;
                            }
                            if (!deprecatedRpsTicketObject.Validate(rpspropBag2))
                            {
                                return(false);
                            }
                        }
                    }
                    catch (COMException ex)
                    {
                        ExTraceGlobals.LiveIdAuthenticationModuleTracer.TraceError <COMException>(0L, "Failed to validate ticket: {0}.", ex);
                        LiveIdErrorHandler.ThrowRPSException(ex);
                    }
                }
                rpsAuthState  = rpsprofile.RPSAuthState;
                rpsTicketType = rpsprofile.TicketType;
                if (LiveIdAuthenticationModule.AppPasswordCheckEnabled && !httpContext.Request.Url.AbsolutePath.StartsWith("/owa/", StringComparison.OrdinalIgnoreCase) && rpsprofile.AppPassword)
                {
                    AppPasswordAccessException exception = new AppPasswordAccessException();
                    httpContext.Response.AppendToLog("&AppPasswordBlocked");
                    Utilities.HandleException(httpContext, exception, false);
                }
                hasAcceptedAccrual = LiveIdAuthentication.HasAcceptedAccruals(rpsprofile);
                orgIdPuid          = rpsprofile.HexPuid;
                cid        = (string.IsNullOrWhiteSpace(rpsprofile.ConsumerCID) ? rpsprofile.HexCID : rpsprofile.ConsumerCID);
                puid       = (string.IsNullOrWhiteSpace(rpsprofile.ConsumerPuid) ? orgIdPuid : rpsprofile.ConsumerPuid);
                membername = rpsprofile.MemberName;
                string text2;
                if (LiveIdAuthentication.TryRemoveMemberNamePrefixes(membername, memberNameIgnorePrefixes, out text2))
                {
                    membername = text2;
                    isOrgIdFederatedMsaIdentity = true;
                }
                issueTime       = rpsprofile.IssueInstant;
                loginAttributes = rpsprofile.LoginAttributes;
                string text3 = loginAttributes.ToString();
                httpContext.Response.AppendToLog("&loginAttributes=" + text3);
                if (!string.IsNullOrWhiteSpace(text3))
                {
                    httpContext.Response.AppendToLog(string.Format("loginAttributes={0}", text3));
                    httpContext.Request.Headers.Add("X-LoginAttributes", text3);
                }
                responseHeaders = rpsprofile.ResponseHeader;
            }
            finally
            {
                if (rpspropBag != null)
                {
                    rpspropBag.Dispose();
                }
            }
            return(true);
        }