Example #1
0
 private static X509Certificate2 GetSslCertificate(HttpRequest httpRequest)
 {
     if (!FbaModule.loadedSslCert)
     {
         lock (FbaModule.LockObject)
         {
             if (!FbaModule.loadedSslCert)
             {
                 X509Certificate2 x509Certificate = FbaModule.LoadSslCertificate(httpRequest);
                 if (x509Certificate == null)
                 {
                     ExTraceGlobals.VerboseTracer.TraceError(0L, "[FbaModule::GetSslCertificate] LoadSslCertificate returns null.");
                     Diagnostics.Logger.LogEvent(FrontEndHttpProxyEventLogConstants.Tuple_ErrorLoadingSslCert, null, new object[]
                     {
                         HttpProxyGlobals.ProtocolType.ToString()
                     });
                 }
                 FbaModule.sslCert       = x509Certificate;
                 FbaModule.loadedSslCert = true;
             }
         }
     }
     if (FbaModule.sslCert == null)
     {
         throw new MissingSslCertificateException();
     }
     return(FbaModule.sslCert);
 }
 protected override bool ShouldCopyCookieToClientResponse(Cookie cookie)
 {
     if (FbaModule.IsCadataCookie(cookie.Name))
     {
         ExTraceGlobals.VerboseTracer.TraceDebug <int, string>((long)this.GetHashCode(), "[OwaEcpProxyRequestHandler::ShouldCopyCookieToClientResponse]: Context {0}; Unexpected cadata cookie {1} from BE", base.TraceContext, cookie.Name);
         return(false);
     }
     return(true);
 }
 protected override void HandleLogoffRequest()
 {
     if (base.ClientRequest != null && base.ClientResponse != null && base.ClientRequest.Url.AbsolutePath.EndsWith("logoff.aspx", StringComparison.OrdinalIgnoreCase))
     {
         if (!Utilities.IsPartnerHostedOnly && !VariantConfiguration.InvariantNoFlightingSnapshot.Cafe.NoFormBasedAuthentication.Enabled)
         {
             FbaModule.InvalidateKeyCache(base.ClientRequest);
         }
         Utility.DeleteFbaAuthCookies(base.ClientRequest, base.ClientResponse);
     }
 }
 // Token: 0x060005CE RID: 1486 RVA: 0x000204DC File Offset: 0x0001E6DC
 protected override void HandleLogoffRequest()
 {
     if (base.ClientRequest != null && base.ClientResponse != null && base.ClientRequest.Url.AbsolutePath.EndsWith("/logoff.owa", StringComparison.OrdinalIgnoreCase))
     {
         if (!Utilities.IsPartnerHostedOnly && !CafeConfiguration.GetSnapshot(MachineSettingsContext.Local, null, null).NoFormBasedAuthentication.Enabled)
         {
             FbaModule.InvalidateKeyCache(base.ClientRequest);
         }
         Utility.DeleteFbaAuthCookies(base.ClientRequest, base.ClientResponse, false);
     }
 }
Example #5
0
 private static void SetCadataTtlCookie(AesCryptoServiceProvider aes, int flags, HttpRequest httpRequest, HttpResponse httpResponse)
 {
     using (ICryptoTransform cryptoTransform = aes.CreateEncryptor())
     {
         FbaModule.DetermineKeyIntervalsIfNecessary();
         bool       flag       = (flags & 4) == 4;
         bool       flag2      = FbaModule.IsMowa(httpRequest, flag);
         ExDateTime exDateTime = ExDateTime.UtcNow.AddTicks(flag2 ? FbaModule.fbaMowaKeyTTL.Ticks : (flag ? FbaModule.fbaPrivateKeyTTL.Ticks : FbaModule.fbaPublicKeyTTL.Ticks));
         byte[]     array      = new byte[9];
         ExBitConverter.Write(exDateTime.UtcTicks, array, 0);
         array[8] = (byte)flags;
         byte[] inArray = cryptoTransform.TransformFinalBlock(array, 0, array.Length);
         FbaModule.CreateAndAddCookieToResponse(httpRequest, httpResponse, "cadataTTL", Convert.ToBase64String(inArray));
     }
 }
Example #6
0
 // Token: 0x0600050B RID: 1291 RVA: 0x0001BCEC File Offset: 0x00019EEC
 protected override void HandleLogoffRequest()
 {
     if (base.ClientRequest != null && base.ClientResponse != null && base.ClientRequest.Url.AbsolutePath.EndsWith("logoff.aspx", StringComparison.OrdinalIgnoreCase))
     {
         if (!Utilities.IsPartnerHostedOnly && !CafeConfiguration.GetSnapshot(MachineSettingsContext.Local, null, null).NoFormBasedAuthentication.Enabled)
         {
             FbaModule.InvalidateKeyCache(base.ClientRequest);
         }
         bool flag = false;
         if (!string.IsNullOrEmpty(base.ClientRequest.UserAgent) && new UserAgent(base.ClientRequest.UserAgent, base.ClientRequest.Cookies).DoesSupportSameSiteNone())
         {
             flag = true;
         }
         Utility.DeleteFbaAuthCookies(base.ClientRequest, base.ClientResponse, flag);
     }
 }
Example #7
0
 internal static void InvalidateKeyCache(HttpRequest httpRequest)
 {
     if (httpRequest == null)
     {
         throw new ArgumentNullException("httpRequest");
     }
     foreach (string text in FbaModule.KeyCacheCookieKeys)
     {
         string text2 = (httpRequest.Cookies[text] != null) ? httpRequest.Cookies[text].Value : null;
         if (!string.IsNullOrEmpty(text2))
         {
             ExTraceGlobals.VerboseTracer.TraceDebug <string, string>(0L, "[FbaModule::InvalidateKeyCache] Removing key cache entry {0}: {1}", text, text2);
             FbaModule.KeyCache.Remove(text2);
         }
     }
     FbaModule.UpdateCacheSizeCounter();
 }
 protected override void CopySupplementalCookiesToClientResponse()
 {
     if (this.proxyLogonResponseCookies != null)
     {
         foreach (object obj in this.proxyLogonResponseCookies)
         {
             Cookie cookie = (Cookie)obj;
             if (FbaModule.IsCadataCookie(cookie.Name))
             {
                 ExTraceGlobals.VerboseTracer.TraceDebug <int, string>((long)this.GetHashCode(), "[OwaEcpProxyRequestHandler::CopySupplementalCookiesToClientResponse]: Context {0}; Unexpected cadata cookie {1} in proxy logon response from BE", base.TraceContext, cookie.Name);
             }
             else
             {
                 base.CopyServerCookieToClientResponse(cookie);
             }
         }
     }
     base.CopySupplementalCookiesToClientResponse();
 }
Example #9
0
        internal static void SetCadataCookies(HttpApplication httpApplication)
        {
            HttpContext  context  = httpApplication.Context;
            HttpRequest  request  = context.Request;
            HttpResponse response = context.Response;

            byte[] rgb  = null;
            byte[] rgb2 = null;
            string s    = context.Items["Authorization"] as string;
            int    num  = (int)context.Items["flags"];
            HttpCookieCollection cookies = request.Cookies;

            using (AesCryptoServiceProvider aesCryptoServiceProvider = new AesCryptoServiceProvider())
            {
                aesCryptoServiceProvider.GenerateKey();
                aesCryptoServiceProvider.GenerateIV();
                rgb  = aesCryptoServiceProvider.Key;
                rgb2 = aesCryptoServiceProvider.IV;
                using (ICryptoTransform cryptoTransform = aesCryptoServiceProvider.CreateEncryptor())
                {
                    byte[] bytes   = Encoding.Unicode.GetBytes(s);
                    byte[] inArray = cryptoTransform.TransformFinalBlock(bytes, 0, bytes.Length);
                    FbaModule.CreateAndAddCookieToResponse(request, response, "cadata", Convert.ToBase64String(inArray));
                }
                FbaModule.SetCadataTtlCookie(aesCryptoServiceProvider, num, request, response);
            }
            X509Certificate2         sslCertificate           = FbaModule.GetSslCertificate(request);
            RSACryptoServiceProvider rsacryptoServiceProvider = sslCertificate.PublicKey.Key as RSACryptoServiceProvider;

            byte[] inArray2 = rsacryptoServiceProvider.Encrypt(rgb, true);
            byte[] inArray3 = rsacryptoServiceProvider.Encrypt(rgb2, true);
            FbaModule.CreateAndAddCookieToResponse(request, response, "cadataKey", Convert.ToBase64String(inArray2));
            FbaModule.CreateAndAddCookieToResponse(request, response, "cadataIV", Convert.ToBase64String(inArray3));
            byte[] bytes2   = Encoding.Unicode.GetBytes("Fba Rocks!");
            byte[] inArray4 = rsacryptoServiceProvider.Encrypt(bytes2, true);
            FbaModule.CreateAndAddCookieToResponse(request, response, "cadataSig", Convert.ToBase64String(inArray4));
        }
Example #10
0
 protected override void OnPostAuthorizeInternal(HttpApplication httpApplication)
 {
     if (this.basicAuthString != null)
     {
         HttpContext context = httpApplication.Context;
         HttpRequest request = context.Request;
         context.Items.Add("destination", this.destinationUrl);
         context.Items.Add("flags", this.flags);
         context.Items.Add("Authorization", this.basicAuthString);
         context.Items.Add("username", this.userName);
         context.Items.Add("password", this.password);
         ProxyRequestHandler proxyRequestHandler = new FbaFormPostProxyRequestHandler();
         PerfCounters.HttpProxyCountersInstance.TotalRequests.Increment();
         proxyRequestHandler.Run(context);
         return;
     }
     if (this.cadataKeyString != null && this.cadataIVString != null && this.symKey != null && this.symIV != null)
     {
         FbaModule.KeyCache.TryInsertSliding(this.cadataKeyString, this.symKey, TimeSpan.FromMinutes((double)FbaModule.DefaultPrivateKeyTimeToLiveInMinutes));
         FbaModule.KeyCache.TryInsertSliding(this.cadataIVString, this.symIV, TimeSpan.FromMinutes((double)FbaModule.DefaultPrivateKeyTimeToLiveInMinutes));
         FbaModule.UpdateCacheSizeCounter();
     }
     base.OnPostAuthorizeInternal(httpApplication);
 }
        private void HandleFbaFormPost(BackEndServer backEndServer)
        {
            HttpContext      httpContext            = base.HttpContext;
            HttpResponse     response               = httpContext.Response;
            Uri              uri                    = null;
            string           text                   = httpContext.Items["destination"] as string;
            bool             flag                   = false;
            bool             flag2                  = false;
            bool             flag3                  = true;
            string           fqdn                   = backEndServer.Fqdn;
            int              version                = backEndServer.Version;
            OwaServerVersion owaServerVersion       = null;
            bool             flag4                  = false;
            ServiceTopology  currentServiceTopology = ServiceTopology.GetCurrentServiceTopology("f:\\15.00.1497\\sources\\dev\\cafe\\src\\HttpProxy\\RequestHandlers\\FbaFormPostProxyRequestHandler.cs", "HandleFbaFormPost", 780);
            Site             site                   = currentServiceTopology.GetSite(fqdn, "f:\\15.00.1497\\sources\\dev\\cafe\\src\\HttpProxy\\RequestHandlers\\FbaFormPostProxyRequestHandler.cs", "HandleFbaFormPost", 781);

            if (site != null && !site.Equals(HttpProxyGlobals.LocalSite.Member))
            {
                flag3 = false;
            }
            if (!FbaFormPostProxyRequestHandler.DisableSSORedirects)
            {
                owaServerVersion = OwaServerVersion.CreateFromVersionNumber(version);
                if (UrlUtilities.IsEcpUrl(text) && owaServerVersion.Major < (int)ExchangeObjectVersion.Exchange2010.ExchangeBuild.Major)
                {
                    flag  = false;
                    flag2 = false;
                }
                else if (!flag3 && !UserAgentParser.IsMonitoringRequest(base.ClientRequest.UserAgent))
                {
                    if (owaServerVersion.Major >= (int)ExchangeObjectVersion.Exchange2007.ExchangeBuild.Major)
                    {
                        FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause legacyRedirectFailureCause = FbaFormPostProxyRequestHandler.NeedCrossSiteRedirect(backEndServer, site, HttpProxyGlobals.LocalSite.Member, owaServerVersion, UrlUtilities.IsEcpUrl(text), out uri, out flag4);
                        string authority = base.ClientRequest.Url.Authority;
                        string b         = (uri == null) ? string.Empty : uri.Authority;
                        flag2 = (legacyRedirectFailureCause != FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause.NoCasFound && !string.Equals(authority, b, StringComparison.OrdinalIgnoreCase) && (legacyRedirectFailureCause != FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause.None || uri != null));
                        if (uri == null && owaServerVersion.Major == (int)ExchangeObjectVersion.Exchange2007.ExchangeBuild.Major)
                        {
                            flag = (FbaFormPostProxyRequestHandler.NeedOnSiteLegacyRedirect(backEndServer, null, HttpProxyGlobals.LocalSite.Member, owaServerVersion, out uri, out flag4) != FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause.None || uri != null);
                        }
                    }
                }
                else
                {
                    flag = (FbaFormPostProxyRequestHandler.NeedOnSiteLegacyRedirect(backEndServer, site, HttpProxyGlobals.LocalSite.Member, owaServerVersion, out uri, out flag4) != FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause.None || uri != null);
                }
            }
            if (flag2 || flag)
            {
                if (uri != null)
                {
                    string authority2 = base.ClientRequest.Url.Authority;
                    string authority3 = uri.Authority;
                    if (string.Compare(authority2, authority3, StringComparison.OrdinalIgnoreCase) == 0)
                    {
                        throw new HttpException(403, "Redirect loop detected");
                    }
                }
                using (SecureNameValueCollection secureNameValueCollection = new SecureNameValueCollection())
                {
                    int num = (int)base.HttpContext.Items["flags"];
                    secureNameValueCollection.AddUnsecureNameValue("destination", base.HttpContext.Items["destination"] as string);
                    secureNameValueCollection.AddUnsecureNameValue("username", base.HttpContext.Items["username"] as string);
                    secureNameValueCollection.AddUnsecureNameValue("flags", num.ToString(CultureInfo.InvariantCulture));
                    using (SecureString secureString = base.HttpContext.Items["password"] as SecureString)
                    {
                        secureNameValueCollection.AddSecureNameValue("password", secureString);
                        if (flag)
                        {
                            if (uri == null)
                            {
                                AspNetHelper.TransferToErrorPage(httpContext, ErrorFE.FEErrorCodes.NoLegacyCAS);
                            }
                            else if (flag4)
                            {
                                if (uri.Scheme == Uri.UriSchemeHttps)
                                {
                                    ExTraceGlobals.VerboseTracer.TraceDebug <string>((long)this.GetHashCode(), "FbaFormPostProxyRequestHandler - SSO redirecting to {0}", uri.ToString());
                                    this.RedirectUsingSSOFBA(secureNameValueCollection, uri, response, owaServerVersion.Major);
                                    response.End();
                                }
                                else
                                {
                                    AspNetHelper.TransferToErrorPage(httpContext, ErrorFE.FEErrorCodes.NoFbaSSL);
                                }
                            }
                            else
                            {
                                ExTraceGlobals.VerboseTracer.TraceDebug <string>((long)this.GetHashCode(), "FbaFormPostProxyRequestHandler - redirecting to {0}", uri.ToString());
                                base.PfdTracer.TraceRedirect("FbaAuth", uri.ToString());
                                response.Redirect(FbaFormPostProxyRequestHandler.CheckRedirectUrlForNewline(uri.ToString()));
                            }
                        }
                        else if (flag2)
                        {
                            if (uri == null)
                            {
                                AspNetHelper.TransferToErrorPage(httpContext, ErrorFE.FEErrorCodes.NoLegacyCAS);
                            }
                            else
                            {
                                Uri uri2 = uri;
                                if (this.explicitLogonUser != null)
                                {
                                    uri2 = FbaFormPostProxyRequestHandler.AppendSmtpAddressToUrl(uri, this.explicitLogonUser);
                                }
                                if (flag4)
                                {
                                    if (uri.Scheme == Uri.UriSchemeHttps)
                                    {
                                        ExTraceGlobals.VerboseTracer.TraceDebug <string>((long)this.GetHashCode(), "FbaFormPostProxyRequestHandler - SSO redirecting to {0}", uri.ToString());
                                        this.RedirectUsingSSOFBA(secureNameValueCollection, uri, response, owaServerVersion.Major);
                                        response.End();
                                    }
                                    else
                                    {
                                        AspNetHelper.TransferToErrorPage(httpContext, ErrorFE.FEErrorCodes.NoFbaSSL);
                                    }
                                }
                                else
                                {
                                    ExTraceGlobals.VerboseTracer.TraceDebug <string>((long)this.GetHashCode(), "FbaFormPostProxyRequestHandler - redirecting to {0}", uri2.ToString());
                                    base.PfdTracer.TraceRedirect("FbaAuth", uri2.ToString());
                                    response.Redirect(FbaFormPostProxyRequestHandler.CheckRedirectUrlForNewline(uri2.ToString()));
                                }
                            }
                        }
                    }
                    return;
                }
            }
            try
            {
                FbaModule.SetCadataCookies(base.HttpApplication);
            }
            catch (MissingSslCertificateException)
            {
                AspNetHelper.TransferToErrorPage(httpContext, ErrorFE.FEErrorCodes.NoFbaSSL);
            }
            ExTraceGlobals.VerboseTracer.TraceDebug <string>((long)this.GetHashCode(), "FbaFormPostProxyRequestHandler - redirecting to {0}", text);
            base.PfdTracer.TraceRedirect("FbaAuth", text);
            response.Redirect(FbaFormPostProxyRequestHandler.CheckRedirectUrlForNewline(text), false);
        }
Example #12
0
        private void ParseCadataCookies(HttpApplication httpApplication)
        {
            HttpContext          context  = httpApplication.Context;
            HttpRequest          request  = context.Request;
            HttpResponse         response = context.Response;
            RequestDetailsLogger current  = RequestDetailsLoggerBase <RequestDetailsLogger> .GetCurrent(context);

            string text = null;

            if (request.Cookies["cadata"] != null && request.Cookies["cadata"].Value != null)
            {
                text = request.Cookies["cadata"].Value;
            }
            string text2 = null;

            if (request.Cookies["cadataKey"] != null && request.Cookies["cadataKey"].Value != null)
            {
                text2 = request.Cookies["cadataKey"].Value;
            }
            string text3 = null;

            if (request.Cookies["cadataIV"] != null && request.Cookies["cadataIV"].Value != null)
            {
                text3 = request.Cookies["cadataIV"].Value;
            }
            string text4 = null;

            if (request.Cookies["cadataSig"] != null && request.Cookies["cadataSig"].Value != null)
            {
                text4 = request.Cookies["cadataSig"].Value;
            }
            string text5 = null;

            if (request.Cookies["cadataTTL"] != null && request.Cookies["cadataTTL"].Value != null)
            {
                text5 = request.Cookies["cadataTTL"].Value;
            }
            if (text == null || text2 == null || text3 == null || text4 == null || text5 == null)
            {
                return;
            }
            byte[] array  = null;
            byte[] array2 = null;
            PerfCounters.HttpProxyCacheCountersInstance.FbaModuleKeyCacheHitsRateBase.Increment();
            FbaModule.KeyCache.TryGetValue(text2, out array);
            FbaModule.KeyCache.TryGetValue(text3, out array2);
            if (array != null && array2 != null)
            {
                PerfCounters.HttpProxyCacheCountersInstance.FbaModuleKeyCacheHitsRate.Increment();
                goto IL_362;
            }
            string text6 = null;
            RSACryptoServiceProvider rsacryptoServiceProvider;

            try
            {
                X509Certificate2 sslCertificate = FbaModule.GetSslCertificate(request);
                rsacryptoServiceProvider = (sslCertificate.PrivateKey as RSACryptoServiceProvider);
                if (rsacryptoServiceProvider != null)
                {
                    byte[] rgb     = Convert.FromBase64String(text4);
                    byte[] bytes   = rsacryptoServiceProvider.Decrypt(rgb, true);
                    string @string = Encoding.Unicode.GetString(bytes);
                    if (string.Compare(@string, "Fba Rocks!", StringComparison.Ordinal) != 0)
                    {
                        text6 = "does not match the SSL certificate on the Cafe web-site on another server in this Cafe array";
                    }
                }
                else
                {
                    text6 = "does not contain RSACryptoServiceProvider";
                    if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(TraceType.DebugTrace))
                    {
                        ExTraceGlobals.VerboseTracer.TraceDebug((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Certificate:{0},Name:{1},Thumbprint:{2},PrivateKeyKey.(Exchange/Signature)Algorighm:{3} has no RSACryptoServiceProvider", new object[]
                        {
                            sslCertificate.Subject,
                            sslCertificate.FriendlyName,
                            sslCertificate.Thumbprint,
                            (sslCertificate.PrivateKey == null) ? "NULL" : (sslCertificate.PrivateKey.KeyExchangeAlgorithm + "/" + sslCertificate.PrivateKey.SignatureAlgorithm)
                        });
                    }
                }
            }
            catch (CryptographicException arg)
            {
                ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} decrypting cadataSig", arg);
                return;
            }
            if (text6 == null)
            {
                byte[] rgb2 = Convert.FromBase64String(text2);
                byte[] rgb3 = Convert.FromBase64String(text3);
                try
                {
                    array  = rsacryptoServiceProvider.Decrypt(rgb2, true);
                    array2 = rsacryptoServiceProvider.Decrypt(rgb3, true);
                }
                catch (CryptographicException arg2)
                {
                    ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} decrypting symKey/symIV", arg2);
                    return;
                }
                this.cadataKeyString = text2;
                this.cadataIVString  = text3;
                this.symKey          = array;
                this.symIV           = array2;
                goto IL_362;
            }
            ExTraceGlobals.VerboseTracer.TraceError <string, string>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] {0} {1}", "Error in validating Cadata signature. This most likely indicates that the SSL certifcate on the Cafe web-site on this server ", text6);
            return;

IL_362:
            using (AesCryptoServiceProvider aesCryptoServiceProvider = new AesCryptoServiceProvider())
            {
                aesCryptoServiceProvider.Key = array;
                aesCryptoServiceProvider.IV  = array2;
                using (ICryptoTransform cryptoTransform = aesCryptoServiceProvider.CreateDecryptor())
                {
                    byte[] array3 = Convert.FromBase64String(text5);
                    byte[] array4 = null;
                    try
                    {
                        array4 = cryptoTransform.TransformFinalBlock(array3, 0, array3.Length);
                    }
                    catch (CryptographicException arg3)
                    {
                        ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} transforming TTL", arg3);
                        return;
                    }
                    if (array4.Length < 1)
                    {
                        ExTraceGlobals.VerboseTracer.TraceDebug((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] TTL length was less than 1.");
                        return;
                    }
                    long ticks = BitConverter.ToInt64(array4, 0);
                    int  num   = (int)array4[8];
                    bool flag  = (num & 4) == 4;
                    context.Items["Flags"] = num;
                    ExDateTime t      = new ExDateTime(ExTimeZone.UtcTimeZone, ticks);
                    ExDateTime utcNow = ExDateTime.UtcNow;
                    if (t < utcNow)
                    {
                        if (request.HttpMethod.Equals("GET", StringComparison.OrdinalIgnoreCase))
                        {
                            if (request.QueryString.ToString().StartsWith("oeh=1&", StringComparison.OrdinalIgnoreCase))
                            {
                                RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "440 - GET/OEH");

                                this.Send440Response(httpApplication, false);
                            }
                            else
                            {
                                RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "302 - GET/Timeout");

                                this.RedirectToFbaLogon(httpApplication, FbaModule.LogonReason.Timeout);
                            }
                        }
                        else if (request.HttpMethod.Equals("POST", StringComparison.OrdinalIgnoreCase))
                        {
                            RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "440 - POST");

                            this.Send440Response(httpApplication, true);
                        }
                        else
                        {
                            RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericInfo(current, "LoginTimeout", "440 - " + request.HttpMethod);

                            this.Send440Response(httpApplication, false);
                        }
                        return;
                    }
                    FbaModule.DetermineKeyIntervalsIfNecessary();
                    ExDateTime t2 = t.AddTicks(-2L * (flag ? FbaModule.fbaPrivateKeyReissueInterval.Ticks : FbaModule.fbaPublicKeyReissueInterval.Ticks));
                    if (t2 < utcNow && OwaAuthenticationHelper.IsOwaUserActivityRequest(request))
                    {
                        FbaModule.SetCadataTtlCookie(aesCryptoServiceProvider, num, request, response);
                    }
                }
                using (ICryptoTransform cryptoTransform2 = aesCryptoServiceProvider.CreateDecryptor())
                {
                    byte[] array5 = Convert.FromBase64String(text);
                    byte[] bytes2 = null;
                    try
                    {
                        bytes2 = cryptoTransform2.TransformFinalBlock(array5, 0, array5.Length);
                    }
                    catch (CryptographicException arg4)
                    {
                        ExTraceGlobals.VerboseTracer.TraceDebug <CryptographicException>((long)this.GetHashCode(), "[FbaModule::ParseCadataCookies] Received CryptographicException {0} transforming auth", arg4);
                        return;
                    }
                    string string2 = Encoding.Unicode.GetString(bytes2);
                    request.Headers["Authorization"] = string2;
                }
            }
        }
Example #13
0
        private bool RedirectToFbaLogon(HttpApplication httpApplication, FbaModule.LogonReason reason)
        {
            HttpContext  context  = httpApplication.Context;
            HttpRequest  request  = context.Request;
            HttpResponse response = context.Response;

            Utility.DeleteFbaAuthCookies(request, response);
            UriBuilder uriBuilder = new UriBuilder();

            uriBuilder.Host = request.Url.Host;
            int port = uriBuilder.Port;

            uriBuilder.Scheme = FbaModule.GetExternalUrlScheme(ref port);
            uriBuilder.Port   = port;
            uriBuilder.Path   = "/owa/auth/logon.aspx";
            StringBuilder stringBuilder = new StringBuilder();

            stringBuilder.Append("url=");
            if (this.destinationUrl != null)
            {
                stringBuilder.Append(HttpUtility.UrlEncode(new UriBuilder(this.destinationUrl)
                {
                    Scheme = uriBuilder.Scheme,
                    Port   = uriBuilder.Port
                }.Uri.AbsoluteUri.ToString()));
            }
            else
            {
                string text = new UriBuilder(request.GetFullRawUrl())
                {
                    Scheme = uriBuilder.Scheme,
                    Port   = uriBuilder.Port
                }.Uri.AbsoluteUri;
                string strB = request.Url.Segments[request.Url.Segments.Length - 1];
                if (string.Compare("auth.owa", strB, StringComparison.OrdinalIgnoreCase) == 0)
                {
                    int startIndex = text.LastIndexOf("auth.owa") - 1;
                    text = text.Remove(startIndex);
                }
                string text2 = HttpUtility.UrlDecode(request.Headers["X-OWA-ExplicitLogonUser"]);
                if (!string.IsNullOrEmpty(text2) && !text.Contains(text2))
                {
                    string value           = HttpUtility.UrlEncode("/");
                    string applicationPath = request.ApplicationPath;
                    int    num             = text.IndexOf(applicationPath, StringComparison.OrdinalIgnoreCase);
                    if (num == -1)
                    {
                        stringBuilder.Append(HttpUtility.UrlEncode(text));
                        if (text[text.Length - 1] != '/')
                        {
                            stringBuilder.Append(value);
                        }
                        stringBuilder.Append(HttpUtility.UrlEncode(text2));
                        stringBuilder.Append(value);
                    }
                    else
                    {
                        num += applicationPath.Length;
                        if (num < text.Length && text[num] == '/')
                        {
                            num++;
                        }
                        stringBuilder.Append(HttpUtility.UrlEncode(text.Substring(0, num)));
                        if (text[num - 1] != '/')
                        {
                            stringBuilder.Append(value);
                        }
                        stringBuilder.Append(HttpUtility.UrlEncode(text2));
                        stringBuilder.Append(value);
                        stringBuilder.Append(HttpUtility.UrlEncode(text.Substring(num)));
                    }
                }
                else
                {
                    int    num2  = text.IndexOf('?');
                    string text3 = null;
                    if (text.ToLowerInvariant().Contains("logoff.owa"))
                    {
                        if (!LogOnSettings.IsLegacyLogOff)
                        {
                            uriBuilder.Path = "/owa/" + LogOnSettings.SignOutPageUrl;
                        }
                        if (num2 >= 0)
                        {
                            string[] source = text.Substring(num2 + 1).Split(new char[]
                            {
                                '&'
                            });
                            string text4 = source.FirstOrDefault((string x) => x.StartsWith("url=", StringComparison.OrdinalIgnoreCase));
                            if (text4 != null)
                            {
                                text3 = text4.Substring("url=".Length);
                            }
                        }
                    }
                    if (text3 == null)
                    {
                        string str;
                        text3 = ((!UrlUtilities.IsCmdWebPart(request) && UrlUtilities.ShouldRedirectQueryParamsAsHashes(new Uri(text), out str)) ? HttpUtility.UrlEncode(str) : HttpUtility.UrlEncode(text));
                    }
                    stringBuilder.Append(text3);
                }
            }
            stringBuilder.AppendFormat("&reason={0}", (int)reason);
            uriBuilder.Query = stringBuilder.ToString();
            ExTraceGlobals.VerboseTracer.TraceDebug <FbaModule.LogonReason, string>((long)this.GetHashCode(), "RedirectToFbaLogon - Reason: {0}, URL: {1}", reason, uriBuilder.ToString());
            base.PfdTracer.TraceRedirect("FbaAuth", uriBuilder.ToString());
            response.Redirect(uriBuilder.ToString(), false);
            httpApplication.CompleteRequest();
            return(true);
        }
 // Token: 0x060004BB RID: 1211 RVA: 0x0001A054 File Offset: 0x00018254
 protected override bool ShouldCopyCookieToServerRequest(HttpCookie cookie)
 {
     return(!FbaModule.IsCadataCookie(cookie.Name) && (base.AuthBehavior.AuthState == AuthState.BackEndFullAuth || (!string.Equals(cookie.Name, Constants.LiveIdRPSAuth, StringComparison.OrdinalIgnoreCase) && !string.Equals(cookie.Name, Constants.LiveIdRPSSecAuth, StringComparison.OrdinalIgnoreCase) && !string.Equals(cookie.Name, Constants.LiveIdRPSTAuth, StringComparison.OrdinalIgnoreCase))) && !this.BackEndCookieNames.Any((string cookieName) => string.Equals(cookie.Name, cookieName, StringComparison.OrdinalIgnoreCase)) && !string.Equals(cookie.Name, Constants.RPSBackEndServerCookieName, StringComparison.OrdinalIgnoreCase) && base.ShouldCopyCookieToServerRequest(cookie));
 }