private static HashSet <string> GetCertificatesThumbprint() { IEnumerable <FederationTrust> federationTrusts = FederationTrustCache.GetFederationTrusts(); HashSet <string> hashSet = new HashSet <string>(); foreach (FederationTrust federationTrust in federationTrusts) { if (federationTrust.OrgPrivCertificate != null) { hashSet.Add(federationTrust.OrgPrivCertificate); } if (federationTrust.OrgPrevPrivCertificate != null) { hashSet.Add(federationTrust.OrgPrevPrivCertificate); } if (federationTrust.TokenIssuerCertificate != null) { hashSet.Add(federationTrust.TokenIssuerCertificate.Thumbprint); } if (federationTrust.TokenIssuerPrevCertificate != null) { hashSet.Add(federationTrust.TokenIssuerPrevCertificate.Thumbprint); } } return(hashSet); }
internal static void AddEndpointEnabledHeaders(HttpResponse response) { if (AutodiscoverEwsWebConfiguration.SoapEndpointEnabled) { response.AddHeader("X-SOAP-Enabled", bool.TrueString); } response.AddHeader("X-WSSecurity-Enabled", AutodiscoverEwsWebConfiguration.WsSecurityEndpointEnabled ? bool.TrueString : bool.FalseString); string value; if ((HttpProxyGlobals.IsPartnerHostedOnly || VariantConfiguration.InvariantNoFlightingSnapshot.Autodiscover.WsSecurityEndpoint.Enabled) && AutodiscoverEwsWebConfiguration.WsSecurityEndpointEnabled) { value = "Logon"; } else { value = "None"; } response.AddHeader("X-WSSecurity-For", value); FederationTrust federationTrust = FederationTrustCache.GetFederationTrust("MicrosoftOnline"); if (federationTrust != null) { response.AddHeader("X-FederationTrustTokenIssuerUri", federationTrust.TokenIssuerUri.ToString()); } if (AutodiscoverEwsWebConfiguration.WsSecuritySymmetricKeyEndpointEnabled) { response.AddHeader("X-WSSecurity-SymmetricKey-Enabled", bool.TrueString); } if (AutodiscoverEwsWebConfiguration.WsSecurityX509CertEndpointEnabled) { response.AddHeader("X-WSSecurity-X509Cert-Enabled", bool.TrueString); } HttpApplication applicationInstance = HttpContext.Current.ApplicationInstance; IHttpModule httpModule = applicationInstance.Modules["OAuthAuthModule"]; response.AddHeader("X-OAuth-Enabled", (httpModule != null) ? bool.TrueString : bool.FalseString); }
protected void AddEndpointEnabledHeaders(HttpResponse response) { if (AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.SoapEndpointEnabled) { response.AddHeader("X-SOAP-Enabled", bool.TrueString); } response.AddHeader("X-WSSecurity-Enabled", AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.WsSecurityEndpointEnabled ? bool.TrueString : bool.FalseString); response.AddHeader("X-WSSecurity-For", (VariantConfiguration.InvariantNoFlightingSnapshot.Autodiscover.WsSecurityEndpoint.Enabled && AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.WsSecurityEndpointEnabled) ? "Logon" : "None"); FederationTrust federationTrust = FederationTrustCache.GetFederationTrust("MicrosoftOnline"); if (federationTrust != null) { response.AddHeader("X-FederationTrustTokenIssuerUri", federationTrust.TokenIssuerUri.ToString()); } if (AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.WsSecuritySymmetricKeyEndpointEnabled) { response.AddHeader("X-WSSecurity-SymmetricKey-Enabled", bool.TrueString); } if (AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.WsSecurityX509CertEndpointEnabled) { response.AddHeader("X-WSSecurity-X509Cert-Enabled", bool.TrueString); } response.AddHeader("X-OAuth-Enabled", AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.OAuthEndpointEnabled ? bool.TrueString : bool.FalseString); }
private static ExternalAuthentication CreateExternalAuthentication() { ExternalAuthentication.InitializeNotificationsIfNeeded(); ExternalAuthentication.ConfigurationTracer.TraceDebug(0L, "Searching for federation trust configuration in AD"); WebProxy webProxy = null; Server localServer = LocalServerCache.LocalServer; Uri uri = null; if (localServer != null && localServer.InternetWebProxy != null) { ExternalAuthentication.ConfigurationTracer.TraceDebug <Uri>(0L, "Using custom InternetWebProxy {0}.", localServer.InternetWebProxy); uri = localServer.InternetWebProxy; webProxy = new WebProxy(localServer.InternetWebProxy); } ExternalAuthentication.currentWebProxy = uri; IEnumerable <FederationTrust> enumerable = null; try { enumerable = FederationTrustCache.GetFederationTrusts(); } catch (LocalizedException arg) { ExternalAuthentication.ConfigurationTracer.TraceError <LocalizedException>(0L, "Unable to get federation trust. Exception: {0}", arg); return(new ExternalAuthentication(ExternalAuthentication.ExternalAuthenticationFailureType.ErrorReadingFederationTrust, ExternalAuthentication.ExternalAuthenticationSubFailureType.DirectoryReadError)); } Uri uri2 = null; List <X509Certificate2> list = new List <X509Certificate2>(4); List <X509Certificate2> list2 = new List <X509Certificate2>(4); Dictionary <ADObjectId, SecurityTokenService> dictionary = new Dictionary <ADObjectId, SecurityTokenService>(2); ExternalAuthentication.ExternalAuthenticationFailureType externalAuthenticationFailureType = ExternalAuthentication.ExternalAuthenticationFailureType.NoFederationTrust; ExternalAuthentication.ExternalAuthenticationSubFailureType externalAuthenticationSubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.NoFailure; int num = 0; bool flag = false; if (enumerable != null) { foreach (FederationTrust federationTrust in enumerable) { num++; ExternalAuthentication.FederationTrustResults federationTrustResults = ExternalAuthentication.TryCreateSecurityTokenService(federationTrust, webProxy); if (federationTrustResults.FailureType == ExternalAuthentication.ExternalAuthenticationFailureType.NoFailure) { dictionary.Add(federationTrust.Id, federationTrustResults.SecurityTokenService); list.AddRange(federationTrustResults.TokenSignatureCertificates); list2.AddRange(federationTrustResults.TokenDecryptionCertificates); if (uri2 == null) { uri2 = federationTrust.ApplicationUri; ExternalAuthentication.ConfigurationTracer.TraceDebug <Uri>(0L, "Using {0} as applicationUri", uri2); } else if (!federationTrust.ApplicationUri.Equals(uri2)) { ExternalAuthentication.ConfigurationTracer.TraceError <Uri>(0L, "Cannot have multiple FederationTrust with different ApplicationUri values: {0}. Uri will be ignored", federationTrust.ApplicationUri); flag = true; } } else { externalAuthenticationFailureType = federationTrustResults.FailureType; externalAuthenticationSubFailureType = federationTrustResults.SubFailureType; } } } if (dictionary.Count == 0) { return(new ExternalAuthentication(externalAuthenticationFailureType, externalAuthenticationSubFailureType)); } if (dictionary.Count != num) { ExternalAuthentication.ConfigurationTracer.TraceError <string, string>(0L, "Number of Security Token Service clients {0} does not match number of federation trusts {1}", dictionary.Count.ToString(), num.ToString()); } TokenValidator tokenValidator = new TokenValidator(uri2, list, list2); List <X509Certificate2> list3 = new List <X509Certificate2>(list.Count + list2.Count); list3.AddRange(list); list3.AddRange(list2); if (flag) { return(new ExternalAuthentication(dictionary, tokenValidator, list3, uri2, ExternalAuthentication.ExternalAuthenticationFailureType.NoFailure, ExternalAuthentication.ExternalAuthenticationSubFailureType.WarningApplicationUriSkipped)); } return(new ExternalAuthentication(dictionary, tokenValidator, list3, uri2)); }
internal static void Initialize() { LocalServerCache.Initialize(); FederationTrustCache.Initialize(); ExternalAuthentication.instance = null; }