Exemple #1
0
        internal string GetADsPath(string dn)
        {
            string str = null;

            str = "LDAP://" + this.serverName;
            if (this.portSpecified)
            {
                str = str + ":" + this.port;
            }
            System.Web.Security.NativeComInterfaces.IAdsPathname pathname = (System.Web.Security.NativeComInterfaces.IAdsPathname) new System.Web.Security.NativeComInterfaces.Pathname();
            pathname.Set(dn, 4);
            pathname.EscapedMode = 2;
            return(str + "/" + pathname.Retrieve(7));
        }
Exemple #2
0
        internal DirectoryInformation(string adspath, NetworkCredential credentials, string connProtection, int clientSearchTimeout, int serverSearchTimeout, bool enablePasswordReset)
        {
            System.DirectoryServices.AuthenticationTypes[,] typesArray = new System.DirectoryServices.AuthenticationTypes[3, 2];
            typesArray[1, 0]   = System.DirectoryServices.AuthenticationTypes.Encryption | System.DirectoryServices.AuthenticationTypes.Secure;
            typesArray[1, 1]   = System.DirectoryServices.AuthenticationTypes.Encryption;
            typesArray[2, 0]   = System.DirectoryServices.AuthenticationTypes.Sealing | System.DirectoryServices.AuthenticationTypes.Signing | System.DirectoryServices.AuthenticationTypes.Secure;
            typesArray[2, 1]   = System.DirectoryServices.AuthenticationTypes.Sealing | System.DirectoryServices.AuthenticationTypes.Signing | System.DirectoryServices.AuthenticationTypes.Secure;
            this.authTypes     = typesArray;
            this.ldapAuthTypes = new AuthType[, ] {
                { AuthType.Negotiate, AuthType.Basic }, { AuthType.Negotiate, AuthType.Basic }, { AuthType.Negotiate, AuthType.Negotiate }
            };
            this.adspath             = adspath;
            this.credentials         = credentials;
            this.clientSearchTimeout = clientSearchTimeout;
            this.serverSearchTimeout = serverSearchTimeout;
            if (!adspath.StartsWith("LDAP", StringComparison.Ordinal))
            {
                throw new ProviderException(System.Web.SR.GetString("ADMembership_OnlyLdap_supported"));
            }
            System.Web.Security.NativeComInterfaces.IAdsPathname pathname = (System.Web.Security.NativeComInterfaces.IAdsPathname) new System.Web.Security.NativeComInterfaces.Pathname();
            try
            {
                pathname.Set(adspath, 1);
            }
            catch (COMException exception)
            {
                if (exception.ErrorCode == -2147463168)
                {
                    throw new ProviderException(System.Web.SR.GetString("ADMembership_invalid_path"));
                }
                throw;
            }
            try
            {
                this.serverName = pathname.Retrieve(9);
            }
            catch (COMException exception2)
            {
                if (exception2.ErrorCode == -2147463168)
                {
                    throw new ProviderException(System.Web.SR.GetString("ADMembership_ServerlessADsPath_not_supported"));
                }
                throw;
            }
            this.creationContainerDN = this.containerDN = pathname.Retrieve(7);
            int index = this.serverName.IndexOf(':');

            if (index != -1)
            {
                string serverName = this.serverName;
                this.serverName    = serverName.Substring(0, index);
                this.port          = int.Parse(serverName.Substring(index + 1), NumberFormatInfo.InvariantInfo);
                this.portSpecified = true;
            }
            if (string.Compare(connProtection, "Secure", StringComparison.Ordinal) != 0)
            {
                goto Label_039F;
            }
            bool flag  = false;
            bool flag2 = false;

            if (!this.IsDefaultCredential())
            {
                this.authenticationType = this.GetAuthenticationTypes(ActiveDirectoryConnectionProtection.Ssl, CredentialsType.NonWindows);
                this.ldapAuthType       = this.GetLdapAuthenticationTypes(ActiveDirectoryConnectionProtection.Ssl, CredentialsType.NonWindows);
                try
                {
                    this.rootdse = new DirectoryEntry(this.GetADsPath("rootdse"), this.GetUsername(), this.GetPassword(), this.authenticationType);
                    this.rootdse.RefreshCache();
                    this.connectionProtection = ActiveDirectoryConnectionProtection.Ssl;
                    if (!this.portSpecified)
                    {
                        this.port          = 0x27c;
                        this.portSpecified = true;
                    }
                    goto Label_0282;
                }
                catch (COMException exception3)
                {
                    if (exception3.ErrorCode != -2147023570)
                    {
                        if (exception3.ErrorCode != -2147016646)
                        {
                            throw;
                        }
                        flag = true;
                    }
                    else
                    {
                        flag2 = true;
                    }
                    goto Label_0282;
                }
            }
            flag2 = true;
Label_0282:
            if (flag2)
            {
                this.authenticationType = this.GetAuthenticationTypes(ActiveDirectoryConnectionProtection.Ssl, CredentialsType.Windows);
                this.ldapAuthType       = this.GetLdapAuthenticationTypes(ActiveDirectoryConnectionProtection.Ssl, CredentialsType.Windows);
                try
                {
                    this.rootdse = new DirectoryEntry(this.GetADsPath("rootdse"), this.GetUsername(), this.GetPassword(), this.authenticationType);
                    this.rootdse.RefreshCache();
                    this.connectionProtection = ActiveDirectoryConnectionProtection.Ssl;
                    if (!this.portSpecified)
                    {
                        this.port          = 0x27c;
                        this.portSpecified = true;
                    }
                }
                catch (COMException exception4)
                {
                    if (exception4.ErrorCode != -2147016646)
                    {
                        throw;
                    }
                    flag = true;
                }
            }
            if (!flag)
            {
                goto Label_0405;
            }
            this.authenticationType = this.GetAuthenticationTypes(ActiveDirectoryConnectionProtection.SignAndSeal, CredentialsType.Windows);
            this.ldapAuthType       = this.GetLdapAuthenticationTypes(ActiveDirectoryConnectionProtection.SignAndSeal, CredentialsType.Windows);
            try
            {
                this.rootdse = new DirectoryEntry(this.GetADsPath("rootdse"), this.GetUsername(), this.GetPassword(), this.authenticationType);
                this.rootdse.RefreshCache();
                this.connectionProtection = ActiveDirectoryConnectionProtection.SignAndSeal;
                goto Label_0405;
            }
            catch (COMException exception5)
            {
                throw new ProviderException(System.Web.SR.GetString("ADMembership_Secure_connection_not_established", new object[] { exception5.Message }), exception5);
            }
Label_039F:
            if (this.IsDefaultCredential())
            {
                throw new NotSupportedException(System.Web.SR.GetString("ADMembership_Default_Creds_not_supported"));
            }
            this.authenticationType = this.GetAuthenticationTypes(this.connectionProtection, CredentialsType.NonWindows);
            this.ldapAuthType       = this.GetLdapAuthenticationTypes(this.connectionProtection, CredentialsType.NonWindows);
            this.rootdse            = new DirectoryEntry(this.GetADsPath("rootdse"), this.GetUsername(), this.GetPassword(), this.authenticationType);
Label_0405:
            if (this.rootdse == null)
            {
                this.rootdse = new DirectoryEntry(this.GetADsPath("RootDSE"), this.GetUsername(), this.GetPassword(), this.authenticationType);
            }
            this.directoryType = this.GetDirectoryType();
            if ((this.directoryType == System.Web.Security.DirectoryType.ADAM) && (this.connectionProtection == ActiveDirectoryConnectionProtection.SignAndSeal))
            {
                throw new ProviderException(System.Web.SR.GetString("ADMembership_Ssl_connection_not_established"));
            }
            if ((this.directoryType == System.Web.Security.DirectoryType.AD) && ((this.port == 0xcc4) || (this.port == 0xcc5)))
            {
                throw new ProviderException(System.Web.SR.GetString("ADMembership_GCPortsNotSupported"));
            }
            if (string.IsNullOrEmpty(this.containerDN))
            {
                if (this.directoryType == System.Web.Security.DirectoryType.AD)
                {
                    this.containerDN = (string)this.rootdse.Properties["defaultNamingContext"].Value;
                    if (this.containerDN == null)
                    {
                        throw new ProviderException(System.Web.SR.GetString("ADMembership_DefContainer_not_specified"));
                    }
                    DirectoryEntry entry = new DirectoryEntry(this.GetADsPath("<WKGUID=a9d1ca15768811d1aded00c04fd8d5cd," + this.containerDN + ">"), this.GetUsername(), this.GetPassword(), this.authenticationType);
                    try
                    {
                        this.creationContainerDN = (string)System.Web.Security.PropertyManager.GetPropertyValue(entry, "distinguishedName");
                        goto Label_05DE;
                    }
                    catch (COMException exception6)
                    {
                        if (exception6.ErrorCode == -2147016656)
                        {
                            throw new ProviderException(System.Web.SR.GetString("ADMembership_DefContainer_does_not_exist"));
                        }
                        throw;
                    }
                }
                throw new ProviderException(System.Web.SR.GetString("ADMembership_Container_must_be_specified"));
            }
            DirectoryEntry directoryEntry = new DirectoryEntry(this.GetADsPath(this.containerDN), this.GetUsername(), this.GetPassword(), this.authenticationType);

            try
            {
                this.creationContainerDN = this.containerDN = (string)System.Web.Security.PropertyManager.GetPropertyValue(directoryEntry, "distinguishedName");
            }
            catch (COMException exception7)
            {
                if (exception7.ErrorCode == -2147016656)
                {
                    throw new ProviderException(System.Web.SR.GetString("ADMembership_Container_does_not_exist"));
                }
                throw;
            }
Label_05DE:
            using (LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier(this.serverName + ":" + this.port), GetCredentialsWithDomain(credentials), this.ldapAuthType)
            {
                SessionOptions = { ProtocolVersion = 3 }
            })
            {
                SearchResponse response;
                connection.SessionOptions.ReferralChasing = ReferralChasingOptions.None;
                this.SetSessionOptionsForSecureConnection(connection, false);
                connection.Bind();
                SearchRequest request = new SearchRequest {
                    DistinguishedName = this.containerDN,
                    Filter            = "(objectClass=*)",
                    Scope             = System.DirectoryServices.Protocols.SearchScope.Base
                };
                request.Attributes.Add("distinguishedName");
                request.Attributes.Add("objectClass");
                if (this.ServerSearchTimeout != -1)
                {
                    request.TimeLimit = new TimeSpan(0, this.ServerSearchTimeout, 0);
                }
                try
                {
                    response = (SearchResponse)connection.SendRequest(request);
                    if ((response.ResultCode == ResultCode.Referral) || (response.ResultCode == ResultCode.NoSuchObject))
                    {
                        throw new ProviderException(System.Web.SR.GetString("ADMembership_Container_does_not_exist"));
                    }
                    if (response.ResultCode != ResultCode.Success)
                    {
                        throw new ProviderException(response.ErrorMessage);
                    }
                }
                catch (DirectoryOperationException exception8)
                {
                    SearchResponse response2 = (SearchResponse)exception8.Response;
                    if (response2.ResultCode == ResultCode.NoSuchObject)
                    {
                        throw new ProviderException(System.Web.SR.GetString("ADMembership_Container_does_not_exist"));
                    }
                    throw;
                }
                DirectoryAttribute objectClass = response.Entries[0].Attributes["objectClass"];
                if (!this.ContainerIsSuperiorOfUser(objectClass))
                {
                    throw new ProviderException(System.Web.SR.GetString("ADMembership_Container_not_superior"));
                }
                if ((this.connectionProtection == ActiveDirectoryConnectionProtection.None) || (this.connectionProtection == ActiveDirectoryConnectionProtection.Ssl))
                {
                    this.concurrentBindSupported = this.IsConcurrentBindSupported(connection);
                }
            }
            if (this.directoryType == System.Web.Security.DirectoryType.ADAM)
            {
                this.adamPartitionDN = this.GetADAMPartitionFromContainer();
            }
            else if (enablePasswordReset)
            {
                DirectoryEntry entry3 = new DirectoryEntry(this.GetADsPath((string)System.Web.Security.PropertyManager.GetPropertyValue(this.rootdse, "defaultNamingContext")), this.GetUsername(), this.GetPassword(), this.AuthenticationTypes);
                System.Web.Security.NativeComInterfaces.IAdsLargeInteger propertyValue = (System.Web.Security.NativeComInterfaces.IAdsLargeInteger)System.Web.Security.PropertyManager.GetPropertyValue(entry3, "lockoutDuration");
                long num2 = (propertyValue.HighPart * 0x100000000L) + ((uint)propertyValue.LowPart);
                this.adLockoutDuration = new TimeSpan(-num2);
            }
        }