public static void CheckCanaryForPostBack(this HttpContext context, string canaryName) { if (context.ShouldCheckCanary15()) { context.CheckCanary15(false, canaryName); return; } CanaryStatus canaryStatus = CanaryStatus.None; bool flag = true; canaryStatus |= CanaryStatus.IsCanaryNeeded; string canaryVersion; if (!context.HasValidCanaryInForm(HttpContext.Current.Request.Form[canaryName], out canaryVersion, ref canaryStatus)) { flag = false; } if (flag) { canaryStatus |= CanaryStatus.IsCanaryValid; } CanaryExtensions.LogEvent(context, canaryVersion, canaryStatus); if (!flag) { throw new BadRequestException(new Exception(Strings.InvalidCanary)); } }
public static void SendCanary(this HttpContext context, ref CanaryStatus canaryStatus, ref bool shouldAddLog) { if (context.Request.IsAuthenticated && !context.IsLogoffRequest()) { bool flag = false; string cachedUserUniqueKey = context.GetCachedUserUniqueKey(); string canaryName = context.GetCanaryName(); HttpCookie httpCookie = context.Request.Cookies[canaryName]; if (httpCookie != null && Canary.RestoreCanary(httpCookie.Value, cachedUserUniqueKey) != null) { flag = true; } if (!flag) { if (httpCookie != null) { EcpEventLogConstants.Tuple_ResetCanaryInCookie.LogEvent(new object[] { EcpEventLogExtensions.GetUserNameToLog(), cachedUserUniqueKey, canaryName, context.GetRequestUrlForLog(), (httpCookie != null) ? httpCookie.Value : string.Empty }); } Canary canary = new Canary(Guid.NewGuid(), cachedUserUniqueKey); HttpCookie httpCookie2 = new HttpCookie(canaryName, canary.ToString()); httpCookie2.HttpOnly = false; httpCookie2.Path = EcpUrl.GetEcpVDirForCanary(); context.Response.Cookies.Add(httpCookie2); canaryStatus |= CanaryStatus.IsCanaryRenewed; } } shouldAddLog = true; }
public static void LogEvent(HttpContext context, string canaryVersion, CanaryStatus canaryStatus) { string canaryName = context.GetCanaryName(); string ecpVDirForCanary = EcpUrl.GetEcpVDirForCanary(); string logonUniqueKey; if (context.User is RbacSession) { logonUniqueKey = context.GetCachedUserUniqueKey(); } else { logonUniqueKey = string.Empty; } ActivityContextLogger.Instance.LogEvent(new CanaryLogEvent(canaryVersion, ActivityContext.ActivityId.FormatForLog(), canaryName, ecpVDirForCanary, logonUniqueKey, canaryStatus, DateTime.MinValue, null)); }
public static void CheckCanary15(this HttpContext context, bool shouldRenew, string canaryName = null) { if (context.Request.IsAuthenticated && !context.IsLogoffRequest()) { canaryName = (canaryName ?? context.GetCanaryName()); string ecpVDirForCanary = EcpUrl.GetEcpVDirForCanary(); string cachedUserUniqueKey = context.GetCachedUserUniqueKey(); CanaryStatus canaryStatus = CanaryStatus.None; Canary15Profile profile = new Canary15Profile(canaryName, ecpVDirForCanary); bool flag = true; if (context.IsWebServiceRequest() || context.IsUploadRequest()) { Canary15Cookie.CanaryValidationResult canaryValidationResult; flag = Canary15Cookie.ValidateCanaryInHeaders(context, cachedUserUniqueKey, profile, out canaryValidationResult); canaryStatus |= (CanaryStatus)canaryValidationResult; canaryStatus |= CanaryStatus.IsCanaryNeeded; canaryStatus |= (flag ? CanaryStatus.IsCanaryValid : CanaryStatus.None); } Canary15Cookie canary15Cookie = null; if (shouldRenew) { canary15Cookie = Canary15Cookie.TryCreateFromHttpContext(context, cachedUserUniqueKey, profile); bool isAboutToExpire = canary15Cookie.IsAboutToExpire; canaryStatus |= (canary15Cookie.IsAboutToExpire ? CanaryStatus.IsCanaryAboutToExpire : CanaryStatus.None); if (isAboutToExpire) { canary15Cookie = new Canary15Cookie(cachedUserUniqueKey, profile); } canaryStatus |= (canary15Cookie.IsRenewed ? CanaryStatus.IsCanaryRenewed : CanaryStatus.None); if (canary15Cookie.IsRenewed) { context.Response.SetCookie(canary15Cookie.HttpCookie); } } ActivityContextLogger.Instance.LogEvent(new CanaryLogEvent("15.1", ActivityContext.ActivityId.FormatForLog(), canaryName, ecpVDirForCanary, cachedUserUniqueKey, canaryStatus, (canary15Cookie == null) ? DateTime.MinValue : canary15Cookie.CreationTime, (canary15Cookie == null) ? null : canary15Cookie.ToLoggerString())); if (!flag) { throw new FaultException(Strings.InvalidCanary); } } }
public static void CheckCanary(this HttpContext context) { if (context.ShouldCheckCanary15()) { context.CheckCanary15(true, null); return; } string canaryVersion = "14.2"; bool flag = false; CanaryStatus canaryStatus = CanaryStatus.None; context.SendCanary(ref canaryStatus, ref flag); bool flag2 = true; if (context.Request.IsAuthenticated) { bool flag3 = context.IsWebServiceRequest() || context.IsUploadRequest(); if (flag3) { canaryStatus |= CanaryStatus.IsCanaryNeeded; } if ((context.IsWebServiceRequest() && !context.HasValidCanary(out canaryVersion, ref canaryStatus)) || (context.IsUploadRequest() && !context.HasValidUploadCanary(out canaryVersion, ref canaryStatus))) { flag2 = false; flag = true; } if (flag3 && flag2) { canaryStatus |= CanaryStatus.IsCanaryValid; } } if (flag) { CanaryExtensions.LogEvent(context, canaryVersion, canaryStatus); } if (!flag2) { throw new FaultException(Strings.InvalidCanary); } }
public CanaryLogEvent(string version, string activityContextId, string canaryName, string canaryPath, string logonUniqueKey, CanaryStatus canaryStatus, DateTime creationTime, string logData) { if (string.IsNullOrEmpty(canaryName)) { throw new ArgumentNullException("canaryName"); } if (string.IsNullOrEmpty(canaryPath)) { throw new ArgumentNullException("canaryPath"); } this.version = this.TranslateStringValueToLog(version); this.activityContextId = activityContextId; this.canaryName = canaryName; this.canaryPath = canaryPath; this.logonUniqueKey = this.TranslateStringValueToLog(logonUniqueKey); this.canaryStatus = canaryStatus; this.creationTime = creationTime; this.logData = this.TranslateStringValueToLog(logData); }
private static bool HasValidCanary(this HttpContext context, string canaryInHeader, string canaryInForm, string canaryInUrl, out string canaryVersion, ref CanaryStatus canaryStatus) { bool flag = context.User is InboundProxySession; bool flag2 = !flag || !string.IsNullOrEmpty(context.Request.Headers["msExchEcpOutboundProxyVersion"]); canaryVersion = (flag2 ? "14.2" : "14.1"); string canaryName = context.GetCanaryName(); HttpCookie httpCookie = context.Request.Cookies[canaryName]; string text = (httpCookie == null) ? string.Empty : httpCookie.Value; string cachedUserUniqueKey = context.GetCachedUserUniqueKey(); Canary canary = Canary.RestoreCanary(text, cachedUserUniqueKey); bool flag3 = !flag2 || canary != null; bool flag4 = StringComparer.Ordinal.Equals(httpCookie.Value, canaryInForm); bool flag5 = StringComparer.Ordinal.Equals(httpCookie.Value, canaryInHeader); bool flag6 = StringComparer.Ordinal.Equals(httpCookie.Value, canaryInUrl); bool flag7 = false; if (httpCookie != null && !string.IsNullOrEmpty(httpCookie.Value) && flag3) { flag7 = (flag5 || flag4 || flag6); } if (flag7) { if (flag4) { canaryStatus |= (CanaryStatus)3; } if (flag5) { canaryStatus |= (CanaryStatus)1; } if (flag6) { canaryStatus |= (CanaryStatus)2; } } else if (!flag3) { EcpEventLogConstants.Tuple_InvalidCanaryInCookieDetected.LogPeriodicEvent(EcpEventLogExtensions.GetPeriodicKeyPerUser(), new object[] { EcpEventLogExtensions.GetUserNameToLog(), cachedUserUniqueKey, canaryName, context.GetRequestUrlForLog(), text }); } else { EcpEventLogConstants.Tuple_InvalidCanaryDetected.LogPeriodicEvent(EcpEventLogExtensions.GetPeriodicKeyPerUser(), new object[] { EcpEventLogExtensions.GetUserNameToLog(), context.GetRequestUrlForLog(), text, string.Format("{0} in header, {1} in form, in URL {2}", canaryInHeader, canaryInForm, canaryInUrl) }); } return(flag7); }
public static bool HasValidCanaryInForm(this HttpContext context, string canaryInForm, out string canaryVersion, ref CanaryStatus canaryStatus) { return(context.HasValidCanary(null, canaryInForm, null, out canaryVersion, ref canaryStatus)); }
public static bool HasValidUploadCanary(this HttpContext context, out string canaryVersion, ref CanaryStatus canaryStatus) { return(context.HasValidCanary(null, context.Request.Form[context.GetCanaryName()], null, out canaryVersion, ref canaryStatus)); }
public static bool HasValidCanary(this HttpContext context, out string canaryVersion, ref CanaryStatus canaryStatus) { string canaryName = context.GetCanaryName(); string canaryInUrl = context.Request.QueryString[canaryName]; bool flag = context.User is InboundProxySession; string canaryInHeader; if (flag) { canaryInHeader = context.Request.Headers["msExchEcpCanary"]; } else { canaryInHeader = context.Request.Headers[canaryName]; } return(context.HasValidCanary(canaryInHeader, null, canaryInUrl, out canaryVersion, ref canaryStatus)); }