// Token: 0x060000C1 RID: 193 RVA: 0x000059B8 File Offset: 0x00003BB8
private PartitionId GetPartitionId(CommonAccessToken commonAccessToken, IIdentity identity)
{
string text = null;
if (commonAccessToken != null && commonAccessToken.ExtensionData.ContainsKey("Partition"))
{
ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[BuildUserTokenModule::GetPartitionId] From CAT.");
text = commonAccessToken.ExtensionData["Partition"];
}
else
{
GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity;
if (genericSidIdentity != null)
{
ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[BuildUserTokenModule::GetPartitionId] From Generic Sid Identity.");
text = genericSidIdentity.PartitionId;
}
}
if (text != null)
{
PartitionId result;
if (PartitionId.TryParse(text, out result))
{
return(result);
}
ExTraceGlobals.HttpModuleTracer.TraceError <string>((long)this.GetHashCode(), "[BuildUserTokenModule::GetPartitionId] Invalid partition id {0}.", text);
HttpLogger.SafeAppendGenericError("BuildUserTokenModule.GetPartition", "Invalid partition id " + text, false);
}
return(null);
}
internal static UserToken CreateDefaultUserTokenInERC(IIdentity identity, DelegatedPrincipal delegatedPrincipal, bool impersonated)
{
if (!impersonated && delegatedPrincipal != null)
{
CommonAccessToken commonAccessToken = new CommonAccessToken(AccessTokenType.RemotePowerShellDelegated);
commonAccessToken.ExtensionData["DelegatedData"] = delegatedPrincipal.Identity.Name;
return(new UserToken(AuthenticationType.RemotePowerShellDelegated, delegatedPrincipal, null, delegatedPrincipal.Identity.Name, null, null, null, delegatedPrincipal.DelegatedOrganization, false, commonAccessToken));
}
SidOAuthIdentity sidOAuthIdentity = identity as SidOAuthIdentity;
if (sidOAuthIdentity != null)
{
PartitionId partitionId;
PartitionId.TryParse(sidOAuthIdentity.PartitionId, out partitionId);
return(new UserToken(AuthenticationType.OAuth, null, null, sidOAuthIdentity.Name, sidOAuthIdentity.Sid, partitionId, sidOAuthIdentity.OAuthIdentity.OrganizationId, sidOAuthIdentity.ManagedTenantName, false, sidOAuthIdentity.OAuthIdentity.ToCommonAccessTokenVersion1()));
}
WindowsIdentity windowsIdentity = identity as WindowsIdentity;
if (windowsIdentity != null)
{
return(new UserToken(AuthenticationType.Kerberos, null, null, windowsIdentity.Name, windowsIdentity.User, null, null, null, false, new CommonAccessToken(windowsIdentity)));
}
WindowsTokenIdentity windowsTokenIdentity = identity as WindowsTokenIdentity;
if (windowsTokenIdentity != null && windowsTokenIdentity.AccessToken != null && windowsTokenIdentity.AccessToken.CommonAccessToken != null)
{
PartitionId partitionId2;
PartitionId.TryParse(windowsTokenIdentity.PartitionId, out partitionId2);
return(new UserToken(AuthenticationType.Kerberos, null, null, windowsTokenIdentity.Name, windowsTokenIdentity.Sid, partitionId2, null, null, false, windowsTokenIdentity.AccessToken.CommonAccessToken));
}
CommonAccessToken commonAccessToken2 = new CommonAccessToken(AccessTokenType.CertificateSid);
SecurityIdentifier securityIdentifier = identity.GetSecurityIdentifier();
commonAccessToken2.ExtensionData["UserSid"] = securityIdentifier.ToString();
GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity;
if (genericSidIdentity != null)
{
commonAccessToken2.ExtensionData["Partition"] = genericSidIdentity.PartitionId;
}
return(new UserToken(AuthenticationType.Certificate, null, null, identity.Name, securityIdentifier, null, null, null, false, commonAccessToken2));
}
public ExchangeRunspaceConfiguration CreateExchangeRunspaceConfiguration()
{
IIdentity identity = this.GetExecutingUserIdentity();
IIdentity identity2 = null;
if (!string.IsNullOrEmpty(this.impersonatedUserSddl))
{
identity2 = new GenericSidIdentity(this.impersonatedUserSddl, this.impersonatedAuthenticationType, new SecurityIdentifier(this.impersonatedUserSddl));
}
ExchangeRunspaceConfiguration result;
if (identity2 == null)
{
result = new ExchangeRunspaceConfiguration(identity);
}
else
{
result = new ExchangeRunspaceConfiguration(identity, identity2, ExchangeRunspaceConfigurationSettings.GetDefaultInstance(), this.roleTypeFilter, this.sortedRoleEntryFilter, this.logonUserRequiredRoleTypes, this.callerCheckedAccess);
}
return(result);
}
private static void SetAuthenticatedInfo(HttpContext context, ADUser authenticatedUser, X509Identifier certId)
{
Logger.EnterFunction(ExTraceGlobals.CertAuthTracer, "SetAuthenticatedInfo");
IIdentity identity;
if (CertificateAuthenticationModule.cafeProxy)
{
CertificateSidTokenAccessor certificateSidTokenAccessor = CertificateSidTokenAccessor.Create(authenticatedUser, certId);
context.Items["Item-CommonAccessToken"] = certificateSidTokenAccessor.GetToken();
identity = new GenericSidIdentity(authenticatedUser.Sid.ToString(), "Certificate", authenticatedUser.Sid, certificateSidTokenAccessor.PartitionId);
}
else
{
context.Items["AuthType"] = AccessTokenType.CertificateSid;
if (authenticatedUser.RecipientTypeDetails == RecipientTypeDetails.LinkedUser)
{
identity = new GenericIdentity(authenticatedUser.Sid.ToString());
}
else
{
string sUserPrincipalName = string.Format("{0}@{1}", authenticatedUser.SamAccountName, authenticatedUser.Id.GetPartitionId().ForestFQDN);
identity = new WindowsIdentity(sUserPrincipalName);
}
}
string name = authenticatedUser.Name;
if (!string.IsNullOrEmpty(name))
{
context.Items["AuthenticatedUser"] = name;
}
AuthCommon.SetHttpContextADRawEntry(context, authenticatedUser);
if (!OrganizationId.ForestWideOrgId.Equals(authenticatedUser.OrganizationId))
{
context.Items[CertificateAuthenticationModule.TenantCertificateOrganizaitonItemName] = authenticatedUser.OrganizationId.OrganizationalUnit.Name;
}
context.User = new GenericPrincipal(identity, new string[0]);
Logger.ExitFunction(ExTraceGlobals.CertAuthTracer, "SetAuthenticatedInfo");
}
// Token: 0x060000EB RID: 235 RVA: 0x00005DD4 File Offset: 0x00003FD4
private static AnchorMailbox CreateFromLogonIdentity(IRequestContext requestContext)
{
HttpContext httpContext = requestContext.HttpContext;
IPrincipal user = httpContext.User;
IIdentity identity = httpContext.User.Identity;
string text;
HttpContextItemParser.TryGetLiveIdMemberName(httpContext.Items, ref text);
OAuthIdentity oauthIdentity = identity as OAuthIdentity;
if (oauthIdentity != null)
{
string externalDirectoryObjectId;
if (RequestHeaderParser.TryGetExternalDirectoryObjectId(httpContext.Request.Headers, ref externalDirectoryObjectId))
{
requestContext.Logger.SafeSet(3, "OAuthIdentity-ExternalDirectoryObjectId");
return(new ExternalDirectoryObjectIdAnchorMailbox(externalDirectoryObjectId, oauthIdentity.OrganizationId, requestContext));
}
if (oauthIdentity.ActAsUser != null)
{
requestContext.Logger.SafeSet(3, "OAuthIdentity-ActAsUser");
return(new OAuthActAsUserAnchorMailbox(oauthIdentity.ActAsUser, requestContext));
}
requestContext.Logger.SafeSet(3, "OAuthIdentity-AppOrganization");
return(new OrganizationAnchorMailbox(oauthIdentity.OrganizationId, requestContext));
}
else
{
GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity;
if (genericSidIdentity != null)
{
requestContext.Logger.SafeSet(3, "GenericSidIdentity");
return(new SidAnchorMailbox(genericSidIdentity.Sid, requestContext)
{
PartitionId = genericSidIdentity.PartitionId,
SmtpOrLiveId = text
});
}
DelegatedPrincipal delegatedPrincipal = user as DelegatedPrincipal;
if (delegatedPrincipal != null && delegatedPrincipal.DelegatedOrganization != null && string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(3, "DelegatedPrincipal-DelegatedOrganization");
return(new DomainAnchorMailbox(delegatedPrincipal.DelegatedOrganization, requestContext));
}
WindowsIdentity windowsIdentity = identity as WindowsIdentity;
if (windowsIdentity != null)
{
if (string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(3, "WindowsIdentity");
}
else
{
requestContext.Logger.SafeSet(3, "WindowsIdentity-LiveIdMemberName");
}
return(new SidAnchorMailbox(windowsIdentity.User, requestContext)
{
SmtpOrLiveId = text
});
}
SecurityIdentifier securityIdentifier = null;
if (IIdentityExtensions.TryGetSecurityIdentifier(identity, ref securityIdentifier) && !securityIdentifier.Equals(AuthCommon.MemberNameNullSid))
{
if (string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(3, "SID");
}
else
{
requestContext.Logger.SafeSet(3, "SID-LiveIdMemberName");
}
return(new SidAnchorMailbox(securityIdentifier, requestContext)
{
SmtpOrLiveId = text
});
}
if (!HttpProxySettings.IdentityIndependentAuthBehaviorEnabled.Value && requestContext.AuthBehavior.AuthState != AuthState.FrontEndFullAuth)
{
AnchorMailbox anchorMailbox = requestContext.AuthBehavior.CreateAuthModuleSpecificAnchorMailbox(requestContext);
if (anchorMailbox != null)
{
return(anchorMailbox);
}
}
if (!string.IsNullOrEmpty(text) && SmtpAddress.IsValidSmtpAddress(text))
{
requestContext.Logger.SafeSet(3, "Smtp-LiveIdMemberName");
return(new SmtpAnchorMailbox(text, requestContext));
}
throw new InvalidOperationException(string.Format("Unknown idenity {0} with type {1}.", IIdentityExtensions.GetSafeName(identity, true), identity.ToString()));
}
}
// Token: 0x06000013 RID: 19 RVA: 0x00002980 File Offset: 0x00000B80
internal static bool TryResolveCurrentUserInLocalForest(IPrincipal user, TraceSource traceSrc, out string tenantName)
{
tenantName = null;
ADRawEntry adrawEntry = null;
if (user != null)
{
SecurityIdentifier securityIdentifier = null;
PartitionId partitionId = null;
GenericSidIdentity genericSidIdentity = user.Identity as GenericSidIdentity;
if (genericSidIdentity != null)
{
securityIdentifier = genericSidIdentity.Sid;
if (!string.IsNullOrEmpty(genericSidIdentity.PartitionId))
{
PartitionId.TryParse(genericSidIdentity.PartitionId, out partitionId);
}
}
else
{
WindowsIdentity windowsIdentity = user.Identity as WindowsIdentity;
if (windowsIdentity != null)
{
securityIdentifier = windowsIdentity.User;
}
}
if (securityIdentifier != null)
{
Logger.LogVerbose(traceSrc, "User sid is {0}.", new object[]
{
securityIdentifier.ToString()
});
try
{
adrawEntry = UserTokenStaticHelper.GetADRawEntry(partitionId, null, securityIdentifier);
goto IL_11E;
}
catch (TransientException exception)
{
Logger.LogError(LiveIdRedirectionModule.eventLogger, traceSrc, "Failed to map user sid to an AD-Account with the following transient error {0}.", exception, new ExEventLog.EventTuple?(TaskEventLogConstants.Tuple_LiveIdRedirection_FailedWindowsIdMapping), securityIdentifier.ToString());
goto IL_11E;
}
catch (DataSourceOperationException exception2)
{
Logger.LogError(LiveIdRedirectionModule.eventLogger, traceSrc, "Failed to map user sid to an AD-Account with the following error {0}.", exception2, new ExEventLog.EventTuple?(TaskEventLogConstants.Tuple_LiveIdRedirection_FailedWindowsIdMapping), securityIdentifier.ToString());
goto IL_11E;
}
catch (DataValidationException exception3)
{
Logger.LogError(LiveIdRedirectionModule.eventLogger, traceSrc, "Failed to map user sid to an AD-Account with the following error {0}.", exception3, new ExEventLog.EventTuple?(TaskEventLogConstants.Tuple_LiveIdRedirection_FailedWindowsIdMapping), securityIdentifier.ToString());
goto IL_11E;
}
}
Logger.LogWarning(traceSrc, "Identity in the context is not valid. It should be either GenericSidIdentity or WindowsIdentity.");
}
else
{
Logger.LogWarning(traceSrc, "Context.User is null.");
}
IL_11E:
if (adrawEntry != null)
{
Logger.LogVerbose(traceSrc, "User SMTP address resolved from AD {0}.", new object[]
{
(SmtpAddress)adrawEntry[ADRecipientSchema.WindowsLiveID]
});
ADObjectId adobjectId = (ADObjectId)adrawEntry[ADObjectSchema.OrganizationalUnitRoot];
if (adobjectId != null)
{
tenantName = adobjectId.Name;
Logger.LogVerbose(traceSrc, "User Tenant Name resolved from AD {0}.", new object[]
{
tenantName
});
}
}
return adrawEntry != null;
}
// Token: 0x060006EE RID: 1774 RVA: 0x00028810 File Offset: 0x00026A10
protected override void AddProtocolSpecificHeadersToServerRequest(WebHeaderCollection headers)
{
if (base.ClientRequest.IsAuthenticated && base.ProxyToDownLevel)
{
IIdentity callerIdentity = this.GetCallerIdentity();
WindowsIdentity windowsIdentity = callerIdentity as WindowsIdentity;
GenericSidIdentity genericSidIdentity = callerIdentity as GenericSidIdentity;
IPrincipal user = base.HttpContext.User;
if (windowsIdentity != null)
{
string text;
if (HttpContextItemParser.TryGetLiveIdMemberName(base.HttpContext.Items, ref text))
{
headers["X-RemotePS-GenericIdentity"] = windowsIdentity.User.ToString();
}
else
{
headers["X-RemotePS-WindowsIdentity"] = this.GetSerializedAccessTokenString();
}
}
else if (genericSidIdentity != null)
{
headers["X-RemotePS-GenericIdentity"] = genericSidIdentity.Sid.ToString();
}
else
{
headers["X-RemotePS-GenericIdentity"] = IIdentityExtensions.GetSafeName(base.HttpContext.User.Identity, true);
}
}
if (this.isSyndicatedAdminManageDownLevelTarget)
{
headers["msExchCafeForceRouteToLogonAccount"] = "1";
}
if (LoggerHelper.IsProbePingRequest(base.ClientRequest))
{
RequestDetailsLoggerBase <RequestDetailsLogger> .SafeSetLogger(base.Logger, 21, "ProbePingBackend");
}
else if (WinRMHelper.WinRMParserEnabled.Value)
{
try
{
this.winRMInfo = base.ParseClientRequest <WinRMInfo>(new Func <Stream, WinRMInfo>(this.ParseWinRMInfo), 10000);
}
catch (InvalidOperationException ex)
{
if (ExTraceGlobals.ExceptionTracer.IsTraceEnabled(3))
{
ExTraceGlobals.ExceptionTracer.TraceError <InvalidOperationException>((long)this.GetHashCode(), "[RemotePowerShellProxyRequestHandler::AddProtocolSpecificHeadersToServerRequest] ParseClientRequest throws exception {0}", ex);
}
RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericError(base.Logger, "ParseClientRequestException", ex.ToString());
}
if (this.winRMInfo != null)
{
WinRMInfo.StampToHttpHeaders(this.winRMInfo, headers);
}
}
DatabaseBasedAnchorMailbox databaseBasedAnchorMailbox = base.AnchoredRoutingTarget.AnchorMailbox as DatabaseBasedAnchorMailbox;
if (databaseBasedAnchorMailbox != null)
{
ADObjectId database = databaseBasedAnchorMailbox.GetDatabase();
if (database != null)
{
headers["X-DatabaseGuid"] = database.ObjectGuid.ToString();
}
}
if (!base.ShouldRetryOnError)
{
headers["X-Cafe-Last-Retry"] = "Y";
}
base.AddProtocolSpecificHeadersToServerRequest(headers);
}
private static AnchorMailbox CreateFromLogonIdentity(IRequestContext requestContext)
{
HttpContext httpContext = requestContext.HttpContext;
IPrincipal user = httpContext.User;
IIdentity identity = httpContext.User.Identity;
string text = httpContext.Items[Constants.WLIDMemberName] as string;
OAuthIdentity oauthIdentity = identity as OAuthIdentity;
if (oauthIdentity != null)
{
string text2 = httpContext.Request.Headers[Constants.ExternalDirectoryObjectIdHeaderName];
if (!string.IsNullOrEmpty(text2))
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-ExternalDirectoryObjectId");
return(new ExternalDirectoryObjectIdAnchorMailbox(text2, oauthIdentity.OrganizationId, requestContext));
}
if (oauthIdentity.ActAsUser != null)
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-ActAsUser");
return(new OAuthActAsUserAnchorMailbox(oauthIdentity.ActAsUser, requestContext));
}
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-AppOrganization");
return(new OrganizationAnchorMailbox(oauthIdentity.OrganizationId, requestContext));
}
else
{
GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity;
if (genericSidIdentity != null)
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "GenericSidIdentity");
return(new SidAnchorMailbox(genericSidIdentity.Sid, requestContext)
{
PartitionId = genericSidIdentity.PartitionId,
SmtpOrLiveId = text
});
}
DelegatedPrincipal delegatedPrincipal = user as DelegatedPrincipal;
if (delegatedPrincipal != null && delegatedPrincipal.DelegatedOrganization != null && string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "DelegatedPrincipal-DelegatedOrganization");
return(new DomainAnchorMailbox(delegatedPrincipal.DelegatedOrganization, requestContext));
}
WindowsIdentity windowsIdentity = identity as WindowsIdentity;
if (windowsIdentity != null)
{
if (string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "WindowsIdentity");
}
else
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "WindowsIdentity-LiveIdMemberName");
}
return(new SidAnchorMailbox(windowsIdentity.User, requestContext)
{
SmtpOrLiveId = text
});
}
try
{
SecurityIdentifier securityIdentifier = identity.GetSecurityIdentifier();
if (!securityIdentifier.Equals(AuthCommon.MemberNameNullSid))
{
if (string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "SID");
}
else
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "SID-LiveIdMemberName");
}
return(new SidAnchorMailbox(securityIdentifier, requestContext)
{
SmtpOrLiveId = text
});
}
}
catch (Exception)
{
}
if (requestContext.AuthBehavior.AuthState != AuthState.FrontEndFullAuth)
{
AnchorMailbox anchorMailbox = requestContext.AuthBehavior.CreateAuthModuleSpecificAnchorMailbox(requestContext);
if (anchorMailbox != null)
{
return(anchorMailbox);
}
}
if (!string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "Smtp-LiveIdMemberName");
return(new SmtpAnchorMailbox(text, requestContext));
}
throw new InvalidOperationException(string.Format("Unknown idenity {0} with type {1}.", identity.GetSafeName(true), identity.ToString()));
}
}
