private void CreateInputHtmlCollection(SecureNameValueCollection collection, SecureHttpBuffer buffer, Uri redirectUrl, int majorCasVersion)
{
foreach (string text in collection)
{
buffer.CopyAtCurrentPosition("<input type='hidden' name='");
buffer.CopyAtCurrentPosition(text);
buffer.CopyAtCurrentPosition("' value='");
if (text == "password")
{
SecureString securePassword;
collection.TryGetSecureValue(text, out securePassword);
using (SecureArray <char> secureArray = securePassword.TransformToSecureCharArray(new CharTransformDelegate(FbaFormPostProxyRequestHandler.EncodeForSingleQuotedAttribute)))
{
buffer.CopyAtCurrentPosition(secureArray);
goto IL_14B;
}
goto IL_72;
}
goto IL_72;
IL_14B:
buffer.CopyAtCurrentPosition("'>");
continue;
IL_72:
string text2;
if (!(text == "destination"))
{
collection.TryGetUnsecureValue(text, out text2);
buffer.CopyAtCurrentPosition(EncodingUtilities.HtmlEncode(text2));
goto IL_14B;
}
collection.TryGetUnsecureValue(text, out text2);
Uri uri;
if (!Uri.TryCreate(text2, UriKind.Absolute, out uri))
{
throw new HttpException(400, "destination value is not valid");
}
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.Append(redirectUrl.Scheme);
stringBuilder.Append(Uri.SchemeDelimiter);
stringBuilder.Append(redirectUrl.Authority);
if (FbaFormPostProxyRequestHandler.IsOwaUrl(uri, OwaUrl.AuthPost, true))
{
stringBuilder.Append(OwaUrl.ApplicationRoot.ImplicitUrl);
}
else if (string.IsNullOrEmpty(this.explicitLogonUser))
{
stringBuilder.Append(redirectUrl.PathAndQuery);
}
else
{
stringBuilder.Append(uri.PathAndQuery);
}
buffer.CopyAtCurrentPosition(stringBuilder.ToString());
goto IL_14B;
}
}
private void CreateHtmlForSsoFba(SecureHttpBuffer buffer, SecureNameValueCollection collection, Uri redirectUrl, int majorCasVersion)
{
string noScriptHtml = FbaFormPostProxyRequestHandler.GetNoScriptHtml();
buffer.CopyAtCurrentPosition("<html><noscript>");
buffer.CopyAtCurrentPosition(noScriptHtml.ToString());
buffer.CopyAtCurrentPosition("</noscript><head><title>Continue</title><script type='text/javascript'>function OnBack(){}function DoSubmit(){var subt=false;if(!subt){subt=true;document.logonForm.submit();}}</script></head><body onload='javascript:DoSubmit();'>");
this.CreateFormHtmlForSsoFba(buffer, collection, redirectUrl, majorCasVersion);
buffer.CopyAtCurrentPosition("</body></html>");
}
// Token: 0x06000555 RID: 1365 RVA: 0x0001D6FC File Offset: 0x0001B8FC
private static FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause NeedOnSiteLegacyRedirect(BackEndServer backEndServer, Site mailboxSite, Site currentServerSite, OwaServerVersion mailboxVersion, out Uri legacyRedirectUrl, out bool isSameAuthMethod)
{
isSameAuthMethod = false;
legacyRedirectUrl = null;
OwaServerVersion owaServerVersion = OwaServerVersion.CreateFromVersionString(HttpProxyGlobals.ApplicationVersion);
if (mailboxSite == null)
{
mailboxSite = currentServerSite;
}
FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause result = FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause.None;
if (mailboxSite.Equals(currentServerSite) && owaServerVersion.Major > mailboxVersion.Major && mailboxVersion.Major == (int)ExchangeObjectVersion.Exchange2007.ExchangeBuild.Major)
{
legacyRedirectUrl = FbaFormPostProxyRequestHandler.FindRedirectOwaUrlOnSiteForMismatchVersion(mailboxSite, mailboxVersion.Major, OwaVdirConfiguration.Instance.InternalAuthenticationMethod, OwaVdirConfiguration.Instance.ExternalAuthenticationMethod, backEndServer, out isSameAuthMethod, out result);
}
return(result);
}
protected override AnchorMailbox ResolveAnchorMailbox()
{
string text = base.HttpContext.Items["destination"] as string;
Uri uri;
if (!Uri.TryCreate(text, UriKind.Absolute, out uri))
{
throw new HttpException(400, "destination value is not valid");
}
string text2 = null;
bool flag2;
string text3;
bool flag = FbaFormPostProxyRequestHandler.IsExplicitLogon(HttpRuntime.AppDomainAppVirtualPath, uri.PathAndQuery, uri.OriginalString, out flag2, out text2, out text3);
if (flag)
{
this.explicitLogonUser = text2;
}
AnchorMailbox anchorMailbox;
if (!string.IsNullOrEmpty(this.explicitLogonUser))
{
anchorMailbox = new SmtpAnchorMailbox(this.explicitLogonUser, this);
}
else
{
anchorMailbox = AnchorMailboxFactory.CreateFromCaller(this);
}
UserBasedAnchorMailbox userBasedAnchorMailbox = anchorMailbox as UserBasedAnchorMailbox;
if (userBasedAnchorMailbox != null)
{
if (UrlUtilities.IsEacUrl(text))
{
userBasedAnchorMailbox.CacheKeyPostfix = "_EAC";
}
else
{
userBasedAnchorMailbox.MissingDatabaseHandler = new Func <ADRawEntry, ADObjectId>(base.ResolveMailboxDatabase);
}
}
return(anchorMailbox);
}
private static FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause NeedCrossSiteRedirect(BackEndServer backEndServer, Site mailboxSite, Site currentServerSite, OwaServerVersion mailboxVersion, bool isEcpUrl, out Uri crossSiteRedirectUrl, out bool isSameAuthMethod)
{
isSameAuthMethod = false;
crossSiteRedirectUrl = null;
OwaServerVersion.CreateFromVersionString(HttpProxyGlobals.ApplicationVersion);
FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause result = FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause.None;
if (mailboxSite == null)
{
return(result);
}
if (!mailboxSite.Equals(currentServerSite))
{
crossSiteRedirectUrl = FbaFormPostProxyRequestHandler.FindRedirectOwaUrlCrossSite(mailboxSite, mailboxVersion.Major, OwaVdirConfiguration.Instance.InternalAuthenticationMethod, OwaVdirConfiguration.Instance.ExternalAuthenticationMethod, backEndServer, out isSameAuthMethod, out result);
if (isEcpUrl && crossSiteRedirectUrl != null)
{
crossSiteRedirectUrl = FbaFormPostProxyRequestHandler.FindRedirectEcpUrlCrossSite(mailboxSite, mailboxVersion.Major, out result);
}
}
return(result);
}
protected override void OnPostAuthorizeInternal(HttpApplication httpApplication)
{
if (this.basicAuthString != null)
{
HttpContext context = httpApplication.Context;
HttpRequest request = context.Request;
context.Items.Add("destination", this.destinationUrl);
context.Items.Add("flags", this.flags);
context.Items.Add("Authorization", this.basicAuthString);
context.Items.Add("username", this.userName);
context.Items.Add("password", this.password);
ProxyRequestHandler proxyRequestHandler = new FbaFormPostProxyRequestHandler();
PerfCounters.HttpProxyCountersInstance.TotalRequests.Increment();
proxyRequestHandler.Run(context);
return;
}
if (this.cadataKeyString != null && this.cadataIVString != null && this.symKey != null && this.symIV != null)
{
FbaModule.KeyCache.TryInsertSliding(this.cadataKeyString, this.symKey, TimeSpan.FromMinutes((double)FbaModule.DefaultPrivateKeyTimeToLiveInMinutes));
FbaModule.KeyCache.TryInsertSliding(this.cadataIVString, this.symIV, TimeSpan.FromMinutes((double)FbaModule.DefaultPrivateKeyTimeToLiveInMinutes));
FbaModule.UpdateCacheSizeCounter();
}
base.OnPostAuthorizeInternal(httpApplication);
}
private void HandleFbaFormPost(BackEndServer backEndServer)
{
HttpContext httpContext = base.HttpContext;
HttpResponse response = httpContext.Response;
Uri uri = null;
string text = httpContext.Items["destination"] as string;
bool flag = false;
bool flag2 = false;
bool flag3 = true;
string fqdn = backEndServer.Fqdn;
int version = backEndServer.Version;
OwaServerVersion owaServerVersion = null;
bool flag4 = false;
ServiceTopology currentServiceTopology = ServiceTopology.GetCurrentServiceTopology("f:\\15.00.1497\\sources\\dev\\cafe\\src\\HttpProxy\\RequestHandlers\\FbaFormPostProxyRequestHandler.cs", "HandleFbaFormPost", 780);
Site site = currentServiceTopology.GetSite(fqdn, "f:\\15.00.1497\\sources\\dev\\cafe\\src\\HttpProxy\\RequestHandlers\\FbaFormPostProxyRequestHandler.cs", "HandleFbaFormPost", 781);
if (site != null && !site.Equals(HttpProxyGlobals.LocalSite.Member))
{
flag3 = false;
}
if (!FbaFormPostProxyRequestHandler.DisableSSORedirects)
{
owaServerVersion = OwaServerVersion.CreateFromVersionNumber(version);
if (UrlUtilities.IsEcpUrl(text) && owaServerVersion.Major < (int)ExchangeObjectVersion.Exchange2010.ExchangeBuild.Major)
{
flag = false;
flag2 = false;
}
else if (!flag3 && !UserAgentParser.IsMonitoringRequest(base.ClientRequest.UserAgent))
{
if (owaServerVersion.Major >= (int)ExchangeObjectVersion.Exchange2007.ExchangeBuild.Major)
{
FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause legacyRedirectFailureCause = FbaFormPostProxyRequestHandler.NeedCrossSiteRedirect(backEndServer, site, HttpProxyGlobals.LocalSite.Member, owaServerVersion, UrlUtilities.IsEcpUrl(text), out uri, out flag4);
string authority = base.ClientRequest.Url.Authority;
string b = (uri == null) ? string.Empty : uri.Authority;
flag2 = (legacyRedirectFailureCause != FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause.NoCasFound && !string.Equals(authority, b, StringComparison.OrdinalIgnoreCase) && (legacyRedirectFailureCause != FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause.None || uri != null));
if (uri == null && owaServerVersion.Major == (int)ExchangeObjectVersion.Exchange2007.ExchangeBuild.Major)
{
flag = (FbaFormPostProxyRequestHandler.NeedOnSiteLegacyRedirect(backEndServer, null, HttpProxyGlobals.LocalSite.Member, owaServerVersion, out uri, out flag4) != FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause.None || uri != null);
}
}
}
else
{
flag = (FbaFormPostProxyRequestHandler.NeedOnSiteLegacyRedirect(backEndServer, site, HttpProxyGlobals.LocalSite.Member, owaServerVersion, out uri, out flag4) != FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause.None || uri != null);
}
}
if (flag2 || flag)
{
if (uri != null)
{
string authority2 = base.ClientRequest.Url.Authority;
string authority3 = uri.Authority;
if (string.Compare(authority2, authority3, StringComparison.OrdinalIgnoreCase) == 0)
{
throw new HttpException(403, "Redirect loop detected");
}
}
using (SecureNameValueCollection secureNameValueCollection = new SecureNameValueCollection())
{
int num = (int)base.HttpContext.Items["flags"];
secureNameValueCollection.AddUnsecureNameValue("destination", base.HttpContext.Items["destination"] as string);
secureNameValueCollection.AddUnsecureNameValue("username", base.HttpContext.Items["username"] as string);
secureNameValueCollection.AddUnsecureNameValue("flags", num.ToString(CultureInfo.InvariantCulture));
using (SecureString secureString = base.HttpContext.Items["password"] as SecureString)
{
secureNameValueCollection.AddSecureNameValue("password", secureString);
if (flag)
{
if (uri == null)
{
AspNetHelper.TransferToErrorPage(httpContext, ErrorFE.FEErrorCodes.NoLegacyCAS);
}
else if (flag4)
{
if (uri.Scheme == Uri.UriSchemeHttps)
{
ExTraceGlobals.VerboseTracer.TraceDebug <string>((long)this.GetHashCode(), "FbaFormPostProxyRequestHandler - SSO redirecting to {0}", uri.ToString());
this.RedirectUsingSSOFBA(secureNameValueCollection, uri, response, owaServerVersion.Major);
response.End();
}
else
{
AspNetHelper.TransferToErrorPage(httpContext, ErrorFE.FEErrorCodes.NoFbaSSL);
}
}
else
{
ExTraceGlobals.VerboseTracer.TraceDebug <string>((long)this.GetHashCode(), "FbaFormPostProxyRequestHandler - redirecting to {0}", uri.ToString());
base.PfdTracer.TraceRedirect("FbaAuth", uri.ToString());
response.Redirect(FbaFormPostProxyRequestHandler.CheckRedirectUrlForNewline(uri.ToString()));
}
}
else if (flag2)
{
if (uri == null)
{
AspNetHelper.TransferToErrorPage(httpContext, ErrorFE.FEErrorCodes.NoLegacyCAS);
}
else
{
Uri uri2 = uri;
if (this.explicitLogonUser != null)
{
uri2 = FbaFormPostProxyRequestHandler.AppendSmtpAddressToUrl(uri, this.explicitLogonUser);
}
if (flag4)
{
if (uri.Scheme == Uri.UriSchemeHttps)
{
ExTraceGlobals.VerboseTracer.TraceDebug <string>((long)this.GetHashCode(), "FbaFormPostProxyRequestHandler - SSO redirecting to {0}", uri.ToString());
this.RedirectUsingSSOFBA(secureNameValueCollection, uri, response, owaServerVersion.Major);
response.End();
}
else
{
AspNetHelper.TransferToErrorPage(httpContext, ErrorFE.FEErrorCodes.NoFbaSSL);
}
}
else
{
ExTraceGlobals.VerboseTracer.TraceDebug <string>((long)this.GetHashCode(), "FbaFormPostProxyRequestHandler - redirecting to {0}", uri2.ToString());
base.PfdTracer.TraceRedirect("FbaAuth", uri2.ToString());
response.Redirect(FbaFormPostProxyRequestHandler.CheckRedirectUrlForNewline(uri2.ToString()));
}
}
}
}
return;
}
}
try
{
FbaModule.SetCadataCookies(base.HttpApplication);
}
catch (MissingSslCertificateException)
{
AspNetHelper.TransferToErrorPage(httpContext, ErrorFE.FEErrorCodes.NoFbaSSL);
}
ExTraceGlobals.VerboseTracer.TraceDebug <string>((long)this.GetHashCode(), "FbaFormPostProxyRequestHandler - redirecting to {0}", text);
base.PfdTracer.TraceRedirect("FbaAuth", text);
response.Redirect(FbaFormPostProxyRequestHandler.CheckRedirectUrlForNewline(text), false);
}
private static bool IsOwaUrl(Uri requestUrl, OwaUrl owaUrl, bool exactMatch)
{
return(FbaFormPostProxyRequestHandler.IsOwaUrl(requestUrl, owaUrl, exactMatch, true));
}
