// Token: 0x06000286 RID: 646 RVA: 0x000118C4 File Offset: 0x0000FAC4 private static bool CheckClaimSetsForX509CertUser(AuthorizationContext authorizationContext, OperationContext operationContext) { HttpContext.Current.Items["AuthType"] = "X509Cert"; ReadOnlyCollection <ClaimSet> claimSets = authorizationContext.ClaimSets; claimSets.TraceClaimSets(); X509CertUser x509CertUser = null; if (!X509CertUser.TryCreateX509CertUser(claimSets, out x509CertUser)) { ExTraceGlobals.AuthenticationTracer.TraceDebug(0L, "[AutodiscoverAuthorizationManager.CheckClaimSetsForX509CertUser] unable to create the x509certuser"); AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "unable to create the X509CertUser based on the given claim sets."); return(false); } OrganizationId value; WindowsIdentity windowsIdentity; string arg; if (!x509CertUser.TryGetWindowsIdentity(out value, out windowsIdentity, out arg)) { ExTraceGlobals.AuthenticationTracer.TraceDebug <X509CertUser>(0L, "[AutodiscoverAuthorizationManager.CheckClaimSetsForX509CertUser] unable to find the windows identity for cert user: {0}", x509CertUser); string reason = string.Format("unable to find the windows identity for the given cert {0}, reason: {1}", x509CertUser, arg); AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, reason); return(false); } ExTraceGlobals.AuthenticationTracer.TraceDebug <string, string>(0L, "[AutodiscoverAuthorizationManager.CheckClaimSetsForX509CertUser] ws-security header contains the x509 cert user identity: {0}, upn: {1}", Common.GetIdentityNameForTrace(windowsIdentity), x509CertUser.UserPrincipalName); AutodiscoverAuthorizationManager.PushUserAndOrgInfoToContext(x509CertUser.UserPrincipalName, null); HttpContext.Current.User = new WindowsPrincipal(windowsIdentity); HttpContext.Current.Items["UserOrganizationId"] = value; return(true); }
// Token: 0x0600027C RID: 636 RVA: 0x00010BB8 File Offset: 0x0000EDB8 private static AutodiscoverAuthorizationManager.ConsentLevel?ProcessConsentLevelClaim(Claim claim) { string text; if (!AutodiscoverAuthorizationManager.DoesClaimHaveProperResource <string>(claim, out text)) { return(null); } AutodiscoverAuthorizationManager.ConsentLevel value; if (string.Equals(text, "NONE")) { value = AutodiscoverAuthorizationManager.ConsentLevel.None; } else if (string.Equals(text, "PARTIAL")) { value = AutodiscoverAuthorizationManager.ConsentLevel.Partial; } else { if (!string.Equals(text, "FULL")) { ExTraceGlobals.AuthenticationTracer.TraceDebug <string, string, string>(0L, "{0}/{1} claim resource was not a known value: {2}", claim.ClaimType, claim.Right, text); return(null); } value = AutodiscoverAuthorizationManager.ConsentLevel.Full; } return(new AutodiscoverAuthorizationManager.ConsentLevel?(value)); }
// Token: 0x06000285 RID: 645 RVA: 0x000117FC File Offset: 0x0000F9FC private static bool CheckClaimSetsForPartnerUser(AuthorizationContext authorizationContext, OperationContext operationContext) { HttpContext.Current.Items["AuthType"] = "Partner"; PerformanceCounters.UpdateRequestsReceivedWithPartnerToken(); ReadOnlyCollection <ClaimSet> claimSets = authorizationContext.ClaimSets; claimSets.TraceClaimSets(); DelegatedPrincipal delegatedPrincipal = null; OrganizationId delegatedOrganizationId = null; string text = null; if (!PartnerToken.TryGetDelegatedPrincipalAndOrganizationId(claimSets, out delegatedPrincipal, out delegatedOrganizationId, out text)) { ExTraceGlobals.AuthenticationTracer.TraceError <string>(0L, "[AutodiscoverAuthorizationManager.CheckClaimSetsForPartnerUser] unable to create partner identity, error message: {0}", text); PerformanceCounters.UpdateUnauthorizedRequestsReceivedWithPartnerToken(); AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, text); return(false); } ExTraceGlobals.AuthenticationTracer.TraceDebug <DelegatedPrincipal>(0L, "[AutodiscoverAuthorizationManager.CheckClaimSetsForPartnerUser] ws-security header contains the partner identity: {0}", delegatedPrincipal); string text2 = delegatedPrincipal.ToString(); if (!string.IsNullOrEmpty(text2)) { AutodiscoverAuthorizationManager.PushUserAndOrgInfoToContext(text2, text2.Split(new char[] { '\\' })[0]); } HttpContext.Current.User = new WindowsPrincipal(PartnerIdentity.Create(delegatedPrincipal, delegatedOrganizationId)); return(true); }
// Token: 0x0600027B RID: 635 RVA: 0x00010B44 File Offset: 0x0000ED44 private static bool?ProcessTrueFalseClaim(Claim claim) { string text; if (!AutodiscoverAuthorizationManager.DoesClaimHaveProperResource <string>(claim, out text)) { return(null); } bool value; if (string.Equals(text, "TRUE")) { value = true; } else { if (!string.Equals(text, "FALSE")) { ExTraceGlobals.AuthenticationTracer.TraceDebug <string, string, string>(0L, "{0}/{1} claim resource was not a known value: {2}", claim.ClaimType, claim.Right, text); return(null); } value = false; } return(new bool?(value)); }
// Token: 0x0600027F RID: 639 RVA: 0x0001122C File Offset: 0x0000F42C private static bool CheckClaimSetsForTOUClaims(OperationContext operationContext, ReadOnlyCollection <ClaimSet> claimSets, bool checkConsumerClaims) { string claimTypeToTest = checkConsumerClaims ? "http://schemas.xmlsoap.org/claims/ConsumerChild" : "http://schemas.xmlsoap.org/claims/Child"; string claimTypeToTest2 = checkConsumerClaims ? "http://schemas.xmlsoap.org/claims/ConsumerTOUAccepted" : "http://schemas.xmlsoap.org/claims/TOUAccepted"; string claimTypeToTest3 = checkConsumerClaims ? "http://schemas.xmlsoap.org/claims/ConsumerConsentLevel" : "http://schemas.xmlsoap.org/claims/ConsentLevel"; AutodiscoverAuthorizationManager.ConsentLevel?consentLevel = null; bool?flag = null; bool?flag2 = null; foreach (ClaimSet claimSet in claimSets) { foreach (Claim claim in claimSet) { if (AutodiscoverAuthorizationManager.DoesClaimMatch(claim, claimTypeToTest, Rights.PossessProperty)) { flag = AutodiscoverAuthorizationManager.ProcessTrueFalseClaim(claim); } else if (AutodiscoverAuthorizationManager.DoesClaimMatch(claim, claimTypeToTest2, Rights.PossessProperty)) { flag2 = AutodiscoverAuthorizationManager.ProcessTrueFalseClaim(claim); } else if (AutodiscoverAuthorizationManager.DoesClaimMatch(claim, claimTypeToTest3, Rights.PossessProperty)) { consentLevel = AutodiscoverAuthorizationManager.ProcessConsentLevelClaim(claim); } if (flag != null && flag2 != null && (!flag.Value || consentLevel != null)) { break; } } if (flag != null && flag2 != null && (!flag.Value || consentLevel != null)) { break; } } if (checkConsumerClaims && flag == null && flag2 == null && consentLevel == null) { return(false); } if (flag == null) { return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Didn't find child claim")); } if (flag2 == null) { return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Didn't find TOU claim")); } if (flag.Value && consentLevel == null) { return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Didn't find consent level claim for child")); } if (!flag2.Value) { return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "TOU was not accepted")); } return(!flag.Value || consentLevel.Value != AutodiscoverAuthorizationManager.ConsentLevel.None || AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Child with no consent")); }
// Token: 0x06000276 RID: 630 RVA: 0x00010964 File Offset: 0x0000EB64 private static bool Return403UnauthorizedResponse(OperationContext operationContext, string reason) { ExTraceGlobals.AuthenticationTracer.TraceDebug <string>(0L, "Returning a 403 Unauthorized response for reason: {0}", reason); RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendAuthError("AuthFailureReason", reason); HttpResponseMessageProperty httpResponseMessageProperty = AutodiscoverAuthorizationManager.GetHttpResponseMessageProperty(operationContext); httpResponseMessageProperty.StatusCode = HttpStatusCode.Forbidden; httpResponseMessageProperty.SuppressEntityBody = true; return(false); }
// Token: 0x06000277 RID: 631 RVA: 0x000109B0 File Offset: 0x0000EBB0 private static bool Return302RedirectionResponse(OperationContext operationContext, string redirectUrl) { ExTraceGlobals.AuthenticationTracer.TraceDebug <string>(0L, "Returning a 302 Redirection response to Location: {0}", redirectUrl); RequestDetailsLoggerBase <RequestDetailsLogger> .Current.SetRedirectionType(RedirectionType.HttpRedirect); HttpResponseMessageProperty httpResponseMessageProperty = AutodiscoverAuthorizationManager.GetHttpResponseMessageProperty(operationContext); httpResponseMessageProperty.StatusCode = HttpStatusCode.Found; httpResponseMessageProperty.SuppressEntityBody = true; httpResponseMessageProperty.Headers.Add(HttpResponseHeader.Location, redirectUrl); return(false); }
// Token: 0x06000280 RID: 640 RVA: 0x0001142C File Offset: 0x0000F62C private static bool RedirectCaller(OperationContext operationContext, string smtpAddress) { string redirectServer = MServe.GetRedirectServer(smtpAddress); if (!string.IsNullOrEmpty(redirectServer)) { return(AutodiscoverAuthorizationManager.BuildRedirectUrlAndRedirectCaller(operationContext, redirectServer)); } string reason = string.Format("No redirection server for Identity: {0}; ", smtpAddress.ToString()); return(AutodiscoverAuthorizationManager.Return403UnauthorizedResponse(operationContext, reason)); }
// Token: 0x06000281 RID: 641 RVA: 0x00011468 File Offset: 0x0000F668 internal static bool BuildRedirectUrlAndRedirectCaller(OperationContext operationContext, string redirectServer) { UriBuilder uriBuilder = new UriBuilder(HttpContext.Current.Request.Headers[WellKnownHeader.MsExchProxyUri]); uriBuilder.Host = redirectServer; string redirectUrl = string.Empty; try { redirectUrl = uriBuilder.Uri.ToString(); } catch (UriFormatException ex) { Common.EventLog.LogEvent(AutodiscoverEventLogConstants.Tuple_ErrCoreInvalidRedirectionUrl, Common.PeriodicKey, new object[0]); ex.Data["FilterExceptionFromWatson"] = true; throw ex; } return(AutodiscoverAuthorizationManager.Return302RedirectionResponse(operationContext, redirectUrl)); }
// Token: 0x06000287 RID: 647 RVA: 0x000119AC File Offset: 0x0000FBAC private bool InternalCheckAccessCore(OperationContext operationContext) { string text = operationContext.RequestContext.RequestMessage.Headers.Action; if (!string.IsNullOrEmpty(text)) { text = text.Substring(text.LastIndexOf('/') + 1); RequestDetailsLoggerBase <RequestDetailsLogger> .Current.ActivityScope.Action = text; } if (AutodiscoverAuthorizationManager.IsAnonymousMethod(operationContext)) { ExTraceGlobals.AuthenticationTracer.TraceDebug <string>(0L, "Allowing request to go anonymous: {0}", operationContext.IncomingMessageHeaders.Action); return(true); } HttpContext httpContext = HttpContext.Current; HttpApplication applicationInstance = httpContext.ApplicationInstance; if (!httpContext.Request.IsAuthenticated) { if (ServiceSecurityContext.Current == null) { return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "ServiceSecurityContext.Current was null")); } AuthorizationContext authorizationContext = ServiceSecurityContext.Current.AuthorizationContext; if (authorizationContext == null) { return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "authContext was null")); } if (authorizationContext.ClaimSets == null) { return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "authContext.ClaimSets was null")); } if (authorizationContext.ClaimSets.Count == 0) { return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "authContext.ClaimSets.Count was 0")); } if (AutodiscoverAuthorizationManager.IsDelegationToken(authorizationContext.ClaimSets)) { if (!AutodiscoverAuthorizationManager.CheckClaimSetsForExternalUser(authorizationContext, operationContext)) { return(false); } } else { if (!VariantConfiguration.InvariantNoFlightingSnapshot.Autodiscover.LogonViaStandardTokens.Enabled) { return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "No login via standard token on-premises")); } Uri uri = operationContext.Channel.LocalAddress.Uri; if (Common.IsWsSecuritySymmetricKeyAddress(uri)) { if (!AutodiscoverAuthorizationManager.CheckClaimSetsForPartnerUser(authorizationContext, operationContext)) { return(false); } } else if (Common.IsWsSecurityX509CertAddress(uri)) { if (!AutodiscoverAuthorizationManager.CheckClaimSetsForX509CertUser(authorizationContext, operationContext)) { return(false); } } else { if (!Common.IsWsSecurityAddress(uri)) { return(false); } if (!AutodiscoverAuthorizationManager.CheckClaimSets(operationContext, authorizationContext.ClaimSets)) { return(false); } } } } Common.ResolveCaller(); return(base.CheckAccessCore(operationContext)); }
// Token: 0x06000284 RID: 644 RVA: 0x000115F4 File Offset: 0x0000F7F4 private static bool CheckClaimSetsForExternalUser(AuthorizationContext authorizationContext, OperationContext operationContext) { HttpContext.Current.Items["AuthType"] = "External"; SamlSecurityToken samlSecurityToken = null; foreach (SupportingTokenSpecification supportingTokenSpecification in operationContext.SupportingTokens) { samlSecurityToken = (supportingTokenSpecification.SecurityToken as SamlSecurityToken); if (samlSecurityToken != null) { break; } } if (samlSecurityToken == null) { ExTraceGlobals.AuthenticationTracer.TraceError(0L, "Found no security token in authorization context"); return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Cannot find security token in authorization context")); } ExternalAuthentication current = ExternalAuthentication.GetCurrent(); if (!current.Enabled) { ExTraceGlobals.AuthenticationTracer.TraceError(0L, "Federation is not enabled"); return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Federation is not enabled")); } TokenValidationResults tokenValidationResults = current.TokenValidator.ValidateToken(samlSecurityToken, Offer.Autodiscover); if (tokenValidationResults.Result != TokenValidationResult.Valid || !SmtpAddress.IsValidSmtpAddress(tokenValidationResults.EmailAddress)) { ExTraceGlobals.AuthenticationTracer.TraceError <TokenValidationResults>(0L, "Validation of security token in WS-Security header failed: {0}", tokenValidationResults); return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Validation of the delegation failed")); } SmtpAddress smtpAddress = SmtpAddress.Empty; int num = -1; try { num = operationContext.IncomingMessageHeaders.FindHeader("SharingSecurity", "http://schemas.microsoft.com/exchange/services/2006/types"); } catch (MessageHeaderException ex) { AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Exception when looking for SharingSecurity header in request: " + ex.ToString()); return(false); } if (num < 0) { ExTraceGlobals.AuthenticationTracer.TraceDebug(0L, "Request has no SharingSecurity header"); } else { XmlElement header = operationContext.IncomingMessageHeaders.GetHeader <XmlElement>(num); smtpAddress = SharingKeyHandler.Decrypt(header, tokenValidationResults.ProofToken); if (smtpAddress == SmtpAddress.Empty) { ExTraceGlobals.AuthenticationTracer.TraceError <string>(0L, "SharingSecurity is present but invalid: {0}", header.OuterXml); AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Validation of the SharingSecurity failed"); return(false); } ExTraceGlobals.AuthenticationTracer.TraceDebug <SmtpAddress>(0L, "SharingSecurity header contains external identity: {0}", smtpAddress); } AutodiscoverAuthorizationManager.PushUserAndOrgInfoToContext(tokenValidationResults.EmailAddress, null); HttpContext.Current.User = new GenericPrincipal(new ExternalIdentity(new SmtpAddress(tokenValidationResults.EmailAddress), smtpAddress), null); return(true); }
// Token: 0x0600027D RID: 637 RVA: 0x00010D88 File Offset: 0x0000EF88 private static bool CheckClaimSets(OperationContext operationContext, ReadOnlyCollection <ClaimSet> claimSets) { HttpContext.Current.Items["AuthType"] = "LiveIdToken"; claimSets.TraceClaimSets(); bool flag = false; bool flag2 = false; bool flag3 = false; string text = null; string text2 = null; foreach (ClaimSet claimSet in claimSets) { foreach (Claim claim in claimSet) { if (AutodiscoverAuthorizationManager.DoesClaimMatch(claim, "http://schemas.xmlsoap.org/claims/PUID", Rights.PossessProperty)) { flag = AutodiscoverAuthorizationManager.DoesClaimHaveProperResource <string>(claim, out text); } else if (AutodiscoverAuthorizationManager.DoesClaimMatch(claim, "http://schemas.xmlsoap.org/claims/ConsumerPUID", Rights.PossessProperty)) { flag2 = AutodiscoverAuthorizationManager.DoesClaimHaveProperResource <string>(claim, out text2); } else if (AutodiscoverAuthorizationManager.DoesClaimMatch(claim, ClaimTypes.Authentication, Rights.PossessProperty)) { flag3 = true; } if (flag && flag2 && flag3) { break; } } if (flag && flag2 && flag3) { break; } } if (!flag3 || (text == null && text2 == null)) { string reason = string.Format("Did not find all necessary claims. PUID: {0}; ConsumerPUID: {1}; Auth/Possess: {2}", flag, flag2, flag3); return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, reason)); } string userId = (text2 == null) ? text : text2; RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericInfo("UserPUID", userId); SmtpAddress smtpAddress; if (!AutodiscoverAuthorizationManager.TryGetEmailAddressInClaimSets(claimSets, out smtpAddress)) { string reason2 = string.Format("Did not find EmailAddress claim for PUID: {0}; ", userId); return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, reason2)); } PropertyDefinition[] propertyDefinitionArrayUPN = new PropertyDefinition[] { ADUserSchema.UserPrincipalName, ADMailboxRecipientSchema.SamAccountName, ADObjectSchema.OrganizationId }; ADRawEntry adRawEntry = null; try { bool isRootOrgLookup = false; RequestDetailsLoggerBase <RequestDetailsLogger> .Current.TrackLatency(ServiceLatencyMetadata.CallerADLatency, delegate() { DateTime utcNow = DateTime.UtcNow; ADSessionSettings adsessionSettings = Common.SessionSettingsFromAddress(smtpAddress.ToString()); RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericInfo("CheckClaimSets_SmtpAddress", smtpAddress.ToString()); RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericInfo("AD_ChkClaim_SessionSettingsFromAddress", (DateTime.UtcNow - utcNow).TotalMilliseconds); utcNow = DateTime.UtcNow; isRootOrgLookup = OrganizationId.ForestWideOrgId.Equals(adsessionSettings.CurrentOrganizationId); if (!isRootOrgLookup) { ITenantRecipientSession tenantRecipientSession = DirectorySessionFactory.Default.CreateTenantRecipientSession(true, ConsistencyMode.IgnoreInvalid, adsessionSettings, 596, "CheckClaimSets", "f:\\15.00.1497\\sources\\dev\\autodisc\\src\\WCF\\AutodiscoverAuthorizationManager.cs"); RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericInfo("AD_TenantRecipientSession", (DateTime.UtcNow - utcNow).TotalMilliseconds); utcNow = DateTime.UtcNow; adRawEntry = tenantRecipientSession.FindUniqueEntryByNetID(userId, propertyDefinitionArrayUPN); RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericInfo("AD_FindUniqueEntryByNetID", (DateTime.UtcNow - utcNow).TotalMilliseconds); } }); if (isRootOrgLookup) { return(AutodiscoverAuthorizationManager.Return403UnauthorizedResponse(operationContext, "NetID lookup for root org user is not allowed")); } } catch (NonUniqueRecipientException arg) { ExTraceGlobals.AuthenticationTracer.TraceDebug <NonUniqueRecipientException>(0L, "FindUniqueEntryByNetId threw exception: {0}", arg); return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Found more than 1 user by NetID in AD")); } if (adRawEntry == null) { RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericError("Redirect as we are unable to find user:.", userId); return(AutodiscoverAuthorizationManager.RedirectCaller(operationContext, smtpAddress.ToString())); } string arg2 = (string)adRawEntry[ADMailboxRecipientSchema.SamAccountName]; string text3 = string.Format("{0}@{1}", arg2, adRawEntry.Id.GetPartitionId().ForestFQDN); string text4 = (string)adRawEntry[ADUserSchema.UserPrincipalName]; OrganizationId organizationId = (OrganizationId)adRawEntry[ADObjectSchema.OrganizationId]; HttpContext.Current.Items["UserOrganizationId"] = organizationId; OrganizationProperties organizationProperties; if (!OrganizationPropertyCache.TryGetOrganizationProperties(organizationId, out organizationProperties)) { ExTraceGlobals.AuthenticationTracer.TraceError <OrganizationId, string>(0L, "[AutodiscoverAuthorizationManager::CheckClaimSets] Logon failed: could not locate org info for organization {0} even though user from this org was found {1}", organizationId, text4); return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Could not find organization info via OrganizationPropertyCache")); } if (!organizationProperties.SkipToUAndParentalControlCheck && !AutodiscoverAuthorizationManager.CheckClaimSetsForTOUClaims(operationContext, claimSets, true) && !AutodiscoverAuthorizationManager.CheckClaimSetsForTOUClaims(operationContext, claimSets, false)) { return(false); } WindowsIdentity windowsIdentity = null; try { windowsIdentity = new WindowsIdentity(text3); } catch (UnauthorizedAccessException ex) { RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendAuthError("WindowsIdentity_UnauthorizedAccessException", ex.ToString()); ExTraceGlobals.AuthenticationTracer.TraceError <string, string, object>(0L, "[AutodiscoverAuthorizationManager::CheckClaimSets] UnauthorizedAccessException encountered. UPN: {0}, Exception message: {1}, Identity: {2}", text3, ex.Message, (windowsIdentity == null) ? "<NULL>" : windowsIdentity.User); return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Creating WindowsIdentity from UPN failed with a UnauthorizedAccessException")); } catch (SecurityException ex2) { RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendAuthError("WindowsIdentity_SecurityException", ex2.ToString()); ExTraceGlobals.AuthenticationTracer.TraceError <string, string, object>(0L, "[AutodiscoverAuthorizationManager::CheckClaimSets] SecurityException encountered. UPN: {0}, Exception message: {1}, Identity: {2}", text3, ex2.Message, (windowsIdentity == null) ? "<NULL>" : windowsIdentity.User); return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Creating WindowsIdentity from UPN failed with a SecurityException")); } string org = null; if (organizationId != null && organizationId.OrganizationalUnit != null) { org = organizationId.OrganizationalUnit.Name; } AutodiscoverAuthorizationManager.PushUserAndOrgInfoToContext(text4, org); HttpContext.Current.User = new WindowsPrincipal(windowsIdentity); return(true); }
internal override AutodiscoverResponseMessage Execute() { GetFederationInformationResponseMessage getFederationInformationResponseMessage = new GetFederationInformationResponseMessage(); GetFederationInformationResponse response = getFederationInformationResponseMessage.Response; if (this.Request == null || this.Request.Domain == null || !SmtpAddress.IsValidDomain(this.Request.Domain)) { response.ErrorCode = ErrorCode.InvalidRequest; response.ErrorMessage = Strings.InvalidRequest; } else { ExternalAuthentication current = ExternalAuthentication.GetCurrent(); if (!current.Enabled) { response.ErrorCode = ErrorCode.NotFederated; response.ErrorMessage = Strings.NotFederated; } else { IEnumerable <string> enumerable = null; OrganizationId organizationId = DomainToOrganizationIdCache.Singleton.Get(new SmtpDomain(this.Request.Domain)); if (organizationId != null) { OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get(organizationId); enumerable = organizationIdCacheValue.FederatedDomains; } else { try { string text = MserveDomainCache.Singleton.Get(this.Request.Domain); if (!string.IsNullOrEmpty(text)) { AutodiscoverAuthorizationManager.BuildRedirectUrlAndRedirectCaller(OperationContext.Current, text); return(null); } } catch (OverBudgetException arg) { ExTraceGlobals.FrameworkTracer.TraceError <OverBudgetException>(0L, "GetFederationInformationRequestMessage.Execute() returning ServerBusy for exception: {0}.", arg); response.ErrorCode = ErrorCode.ServerBusy; response.ErrorMessage = Strings.ServerBusy; return(getFederationInformationResponseMessage); } } if (enumerable == null) { response.ErrorCode = ErrorCode.InvalidDomain; response.ErrorMessage = Strings.InvalidDomain; } else { List <TokenIssuer> list = new List <TokenIssuer>(2); SecurityTokenService securityTokenService = current.GetSecurityTokenService(organizationId); if (securityTokenService != null) { list.Add(new TokenIssuer(securityTokenService.TokenIssuerUri, securityTokenService.TokenIssuerEndpoint)); } response.ErrorCode = ErrorCode.NoError; response.ApplicationUri = current.ApplicationUri; response.Domains = new DomainCollection(enumerable); response.TokenIssuers = new TokenIssuerCollection(list); } } } return(getFederationInformationResponseMessage); }