// Token: 0x06000285 RID: 645 RVA: 0x000117FC File Offset: 0x0000F9FC private static bool CheckClaimSetsForPartnerUser(AuthorizationContext authorizationContext, OperationContext operationContext) { HttpContext.Current.Items["AuthType"] = "Partner"; PerformanceCounters.UpdateRequestsReceivedWithPartnerToken(); ReadOnlyCollection <ClaimSet> claimSets = authorizationContext.ClaimSets; claimSets.TraceClaimSets(); DelegatedPrincipal delegatedPrincipal = null; OrganizationId delegatedOrganizationId = null; string text = null; if (!PartnerToken.TryGetDelegatedPrincipalAndOrganizationId(claimSets, out delegatedPrincipal, out delegatedOrganizationId, out text)) { ExTraceGlobals.AuthenticationTracer.TraceError <string>(0L, "[AutodiscoverAuthorizationManager.CheckClaimSetsForPartnerUser] unable to create partner identity, error message: {0}", text); PerformanceCounters.UpdateUnauthorizedRequestsReceivedWithPartnerToken(); AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, text); return(false); } ExTraceGlobals.AuthenticationTracer.TraceDebug <DelegatedPrincipal>(0L, "[AutodiscoverAuthorizationManager.CheckClaimSetsForPartnerUser] ws-security header contains the partner identity: {0}", delegatedPrincipal); string text2 = delegatedPrincipal.ToString(); if (!string.IsNullOrEmpty(text2)) { AutodiscoverAuthorizationManager.PushUserAndOrgInfoToContext(text2, text2.Split(new char[] { '\\' })[0]); } HttpContext.Current.User = new WindowsPrincipal(PartnerIdentity.Create(delegatedPrincipal, delegatedOrganizationId)); return(true); }
public static AnchorRunspaceProxy CreateRunspaceForDelegatedPartner(AnchorContext context, DelegatedPrincipal delegatedPartnerAdmin, string tenantOrganization) { AnchorUtil.ThrowOnNullArgument(delegatedPartnerAdmin, "delegatedTenantAdmin"); AnchorUtil.ThrowOnNullOrEmptyArgument(tenantOrganization, "tenantOrganization"); context.Logger.Log(MigrationEventType.Verbose, "AnchorRunspaceProxy. Creating delegated partner runspace proxy for user {0}", new object[] { delegatedPartnerAdmin }); ExchangeRunspaceConfigurationSettings configSettings = new ExchangeRunspaceConfigurationSettings(ExchangeRunspaceConfigurationSettings.ExchangeApplication.SimpleDataMigration, tenantOrganization, ExchangeRunspaceConfigurationSettings.GetDefaultInstance().CurrentSerializationLevel); return(new AnchorRunspaceProxy(context, AnchorRunspaceProxy.RunspaceFactoryWithDCAffinity.CreateRbacFactory(context, delegatedPartnerAdmin.ToString(), delegatedPartnerAdmin.Identity, configSettings))); }
public static AnchorRunspaceProxy CreateRunspaceForDelegatedTenantAdmin(AnchorContext context, DelegatedPrincipal delegatedTenantAdmin) { AnchorUtil.ThrowOnNullArgument(delegatedTenantAdmin, "delegatedTenantAdmin"); context.Logger.Log(MigrationEventType.Verbose, "AnchorRunspaceProxy. Creating delegated runspace proxy for user {0}", new object[] { delegatedTenantAdmin }); ExchangeRunspaceConfigurationSettings configSettings = new ExchangeRunspaceConfigurationSettings(ExchangeRunspaceConfigurationSettings.ExchangeApplication.SimpleDataMigration, null, ExchangeRunspaceConfigurationSettings.SerializationLevel.None); return(new AnchorRunspaceProxy(context, AnchorRunspaceProxy.RunspaceFactoryWithDCAffinity.CreateRbacFactory(context, delegatedTenantAdmin.ToString(), delegatedTenantAdmin.Identity, configSettings))); }
internal static ClientSecurityContext GetSecurityContextForUser(ISecurityAccessToken executingUser, DelegatedPrincipal delegatedPrincipal, ADUser trackedUser) { bool enabled = VariantConfiguration.InvariantNoFlightingSnapshot.Global.MultiTenancy.Enabled; ExTraceGlobals.TaskTracer.TraceDebug <string, string, bool>(0L, "executing-user={0}, tracked-user={1}, ismultitenancyenabled={2}", (executingUser != null) ? executingUser.UserSid.ToString() : delegatedPrincipal.ToString(), trackedUser.Sid.Value, enabled); if (!enabled || (executingUser != null && string.Equals(executingUser.UserSid, trackedUser.Sid.Value, StringComparison.OrdinalIgnoreCase))) { ExTraceGlobals.TaskTracer.TraceDebug(0L, "executing-user == tracked-user or we are not running in a Multi Tenant environment."); return(new ClientSecurityContext(executingUser, AuthzFlags.AuthzSkipTokenGroups)); } WindowsIdentity identity; try { ExTraceGlobals.TaskTracer.TraceDebug(0L, "executing-user != tracked-user"); if (string.IsNullOrEmpty(trackedUser.UserPrincipalName)) { ExTraceGlobals.TaskTracer.TraceError <ADObjectId>(0L, "Null/Empty UPN for user {0}", trackedUser.Id); Strings.TrackingErrorUserObjectCorrupt(trackedUser.Id.ToString(), "UserPrincipalName"); string data = string.Format("Missing UserPrincipalName attribute for user {0}", trackedUser.Id.ToString()); TrackingError trackingError = new TrackingError(ErrorCode.InvalidADData, string.Empty, data, string.Empty); throw new TrackingFatalException(trackingError, null, false); } identity = new WindowsIdentity(trackedUser.UserPrincipalName); } catch (UnauthorizedAccessException ex) { ExTraceGlobals.TaskTracer.TraceError <string, UnauthorizedAccessException>(0L, "Not authorized to get WindowsIdentity for {0}, Exception: {1}", trackedUser.UserPrincipalName, ex); TrackingError trackingError2 = new TrackingError(ErrorCode.UnexpectedErrorPermanent, string.Empty, string.Format("Cannot logon as {0}", trackedUser.Id.ToString()), ex.ToString()); throw new TrackingFatalException(trackingError2, ex, false); } catch (SecurityException arg) { ExTraceGlobals.TaskTracer.TraceError <string, SecurityException>(0L, "Not authorized to get WindowsIdentity for {0}, falling back to ExecutingUser, Exception: {1}", trackedUser.UserPrincipalName, arg); return(new ClientSecurityContext(executingUser, AuthzFlags.AuthzSkipTokenGroups)); } return(new ClientSecurityContext(identity)); }
// Token: 0x060000BF RID: 191 RVA: 0x000056A0 File Offset: 0x000038A0 private string GetUserName(CommonAccessToken commonAccessToken, IIdentity identity, AccessTokenType accessTokenType) { string windowsLiveId = this.GetWindowsLiveId(commonAccessToken, accessTokenType); if (!string.IsNullOrWhiteSpace(windowsLiveId)) { ExTraceGlobals.UserTokenTracer.TraceDebug <string>((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserName] From windows Live Id {0}", windowsLiveId); return(windowsLiveId); } if (commonAccessToken != null && commonAccessToken.WindowsAccessToken != null) { ExTraceGlobals.UserTokenTracer.TraceDebug((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserName] From windows access token"); return(commonAccessToken.WindowsAccessToken.LogonName ?? commonAccessToken.WindowsAccessToken.UserSid); } DelegatedPrincipal delegatedPrincipal = HttpContext.Current.User as DelegatedPrincipal; if (delegatedPrincipal != null) { ExTraceGlobals.UserTokenTracer.TraceDebug <string>((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserName] From delegated principal {0}", delegatedPrincipal.ToString()); return(delegatedPrincipal.GetUserName()); } try { return(identity.GetSafeName(true)); } catch (Exception ex) { ExTraceGlobals.UserTokenTracer.TraceError <Exception>((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserName] GetSafeName throws exception {0}", ex); HttpLogger.SafeAppendGenericError("BuildUserTokenModule.GetUserName", ex.ToString(), false); } SecurityIdentifier userSid = this.GetUserSid(commonAccessToken, identity); if (userSid != null) { ExTraceGlobals.UserTokenTracer.TraceDebug <string>((long)this.GetHashCode(), "[BuildUserTokenModule::GetUserName] From user sid {0}", userSid.ToString()); return(userSid.ToString()); } return(null); }