internal SecurityIdentifier GetUpnSid()
{
if (!this.hasUpnSidBeenComputed)
{
lock (this.thisLock)
{
string resource = (string)base.IdentityClaim.Resource;
if (!this.hasUpnSidBeenComputed)
{
try
{
NTAccount account = new NTAccount(resource);
this.upnSid = account.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
}
catch (Exception exception)
{
if (Fx.IsFatal(exception))
{
throw;
}
if (exception is NullReferenceException)
{
throw;
}
SecurityTraceRecordHelper.TraceSpnToSidMappingFailure(resource, exception);
}
finally
{
this.hasUpnSidBeenComputed = true;
}
}
}
}
return(this.upnSid);
}
internal SecurityIdentifier GetUpnSid()
{
Fx.Assert(ClaimTypes.Upn.Equals(this.IdentityClaim.ClaimType), "");
if (!hasUpnSidBeenComputed)
{
lock (thisLock)
{
string upn = (string)this.IdentityClaim.Resource;
if (!hasUpnSidBeenComputed)
{
try
{
NTAccount userAccount = new NTAccount(upn);
this.upnSid = userAccount.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
}
#pragma warning suppress 56500 // covered by FxCOP
catch (Exception e)
{
// Always immediately rethrow fatal exceptions.
if (Fx.IsFatal(e))
{
throw;
}
if (e is NullReferenceException)
{
throw;
}
SecurityTraceRecordHelper.TraceSpnToSidMappingFailure(upn, e);
}
finally
{
hasUpnSidBeenComputed = true;
}
}
}
}
return(this.upnSid);
}
internal SecurityIdentifier GetSpnSid()
{
Fx.Assert(ClaimTypes.Spn.Equals(this.IdentityClaim.ClaimType) || ClaimTypes.Dns.Equals(this.IdentityClaim.ClaimType), "");
if (!hasSpnSidBeenComputed)
{
lock (thisLock)
{
if (!hasSpnSidBeenComputed)
{
string spn = null;
try
{
if (ClaimTypes.Dns.Equals(this.IdentityClaim.ClaimType))
{
spn = "host/" + (string)this.IdentityClaim.Resource;
}
else
{
spn = (string)this.IdentityClaim.Resource;
}
// canonicalize SPN for use in LDAP filter following RFC 1960:
if (spn != null)
{
spn = spn.Replace("*", @"\*").Replace("(", @"\(").Replace(")", @"\)");
}
DirectoryEntry de = GetDirectoryEntry();
using (DirectorySearcher searcher = new DirectorySearcher(de))
{
searcher.CacheResults = true;
searcher.ClientTimeout = SpnLookupTime;
searcher.Filter = "(&(objectCategory=Computer)(objectClass=computer)(servicePrincipalName=" + spn + "))";
searcher.PropertiesToLoad.Add("objectSid");
SearchResult result = searcher.FindOne();
if (result != null)
{
byte[] sidBinaryForm = (byte[])result.Properties["objectSid"][0];
this.spnSid = new SecurityIdentifier(sidBinaryForm, 0);
}
else
{
SecurityTraceRecordHelper.TraceSpnToSidMappingFailure(spn, null);
}
}
}
#pragma warning suppress 56500 // covered by FxCOP
catch (Exception e)
{
// Always immediately rethrow fatal exceptions.
if (Fx.IsFatal(e))
{
throw;
}
if (e is NullReferenceException || e is SEHException)
{
throw;
}
SecurityTraceRecordHelper.TraceSpnToSidMappingFailure(spn, e);
}
finally
{
hasSpnSidBeenComputed = true;
}
}
}
}
return(this.spnSid);
}
internal SecurityIdentifier GetSpnSid()
{
if (!this.hasSpnSidBeenComputed)
{
lock (this.thisLock)
{
if (!this.hasSpnSidBeenComputed)
{
string spn = null;
try
{
if (ClaimTypes.Dns.Equals(base.IdentityClaim.ClaimType))
{
spn = "host/" + ((string)base.IdentityClaim.Resource);
}
else
{
spn = (string)base.IdentityClaim.Resource;
}
if (spn != null)
{
spn = spn.Replace("*", @"\*").Replace("(", @"\(").Replace(")", @"\)");
}
using (DirectorySearcher searcher = new DirectorySearcher(GetDirectoryEntry()))
{
searcher.CacheResults = true;
searcher.ClientTimeout = SpnLookupTime;
searcher.Filter = "(&(objectCategory=Computer)(objectClass=computer)(servicePrincipalName=" + spn + "))";
searcher.PropertiesToLoad.Add("objectSid");
SearchResult result = searcher.FindOne();
if (result != null)
{
byte[] binaryForm = (byte[])result.Properties["objectSid"][0];
this.spnSid = new SecurityIdentifier(binaryForm, 0);
}
else
{
SecurityTraceRecordHelper.TraceSpnToSidMappingFailure(spn, null);
}
}
}
catch (Exception exception)
{
if (Fx.IsFatal(exception))
{
throw;
}
if ((exception is NullReferenceException) || (exception is SEHException))
{
throw;
}
SecurityTraceRecordHelper.TraceSpnToSidMappingFailure(spn, exception);
}
finally
{
this.hasSpnSidBeenComputed = true;
}
}
}
}
return(this.spnSid);
}