// Token: 0x060000C1 RID: 193 RVA: 0x000059B8 File Offset: 0x00003BB8
        private PartitionId GetPartitionId(CommonAccessToken commonAccessToken, IIdentity identity)
        {
            string text = null;

            if (commonAccessToken != null && commonAccessToken.ExtensionData.ContainsKey("Partition"))
            {
                ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[BuildUserTokenModule::GetPartitionId] From CAT.");
                text = commonAccessToken.ExtensionData["Partition"];
            }
            else
            {
                GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity;
                if (genericSidIdentity != null)
                {
                    ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[BuildUserTokenModule::GetPartitionId] From Generic Sid Identity.");
                    text = genericSidIdentity.PartitionId;
                }
            }
            if (text != null)
            {
                PartitionId result;
                if (PartitionId.TryParse(text, out result))
                {
                    return(result);
                }
                ExTraceGlobals.HttpModuleTracer.TraceError <string>((long)this.GetHashCode(), "[BuildUserTokenModule::GetPartitionId] Invalid partition id {0}.", text);
                HttpLogger.SafeAppendGenericError("BuildUserTokenModule.GetPartition", "Invalid partition id " + text, false);
            }
            return(null);
        }
Esempio n. 2
0
        internal static UserToken CreateDefaultUserTokenInERC(IIdentity identity, DelegatedPrincipal delegatedPrincipal, bool impersonated)
        {
            if (!impersonated && delegatedPrincipal != null)
            {
                CommonAccessToken commonAccessToken = new CommonAccessToken(AccessTokenType.RemotePowerShellDelegated);
                commonAccessToken.ExtensionData["DelegatedData"] = delegatedPrincipal.Identity.Name;
                return(new UserToken(AuthenticationType.RemotePowerShellDelegated, delegatedPrincipal, null, delegatedPrincipal.Identity.Name, null, null, null, delegatedPrincipal.DelegatedOrganization, false, commonAccessToken));
            }
            SidOAuthIdentity sidOAuthIdentity = identity as SidOAuthIdentity;

            if (sidOAuthIdentity != null)
            {
                PartitionId partitionId;
                PartitionId.TryParse(sidOAuthIdentity.PartitionId, out partitionId);
                return(new UserToken(AuthenticationType.OAuth, null, null, sidOAuthIdentity.Name, sidOAuthIdentity.Sid, partitionId, sidOAuthIdentity.OAuthIdentity.OrganizationId, sidOAuthIdentity.ManagedTenantName, false, sidOAuthIdentity.OAuthIdentity.ToCommonAccessTokenVersion1()));
            }
            WindowsIdentity windowsIdentity = identity as WindowsIdentity;

            if (windowsIdentity != null)
            {
                return(new UserToken(AuthenticationType.Kerberos, null, null, windowsIdentity.Name, windowsIdentity.User, null, null, null, false, new CommonAccessToken(windowsIdentity)));
            }
            WindowsTokenIdentity windowsTokenIdentity = identity as WindowsTokenIdentity;

            if (windowsTokenIdentity != null && windowsTokenIdentity.AccessToken != null && windowsTokenIdentity.AccessToken.CommonAccessToken != null)
            {
                PartitionId partitionId2;
                PartitionId.TryParse(windowsTokenIdentity.PartitionId, out partitionId2);
                return(new UserToken(AuthenticationType.Kerberos, null, null, windowsTokenIdentity.Name, windowsTokenIdentity.Sid, partitionId2, null, null, false, windowsTokenIdentity.AccessToken.CommonAccessToken));
            }
            CommonAccessToken  commonAccessToken2 = new CommonAccessToken(AccessTokenType.CertificateSid);
            SecurityIdentifier securityIdentifier = identity.GetSecurityIdentifier();

            commonAccessToken2.ExtensionData["UserSid"] = securityIdentifier.ToString();
            GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity;

            if (genericSidIdentity != null)
            {
                commonAccessToken2.ExtensionData["Partition"] = genericSidIdentity.PartitionId;
            }
            return(new UserToken(AuthenticationType.Certificate, null, null, identity.Name, securityIdentifier, null, null, null, false, commonAccessToken2));
        }
Esempio n. 3
0
        public ExchangeRunspaceConfiguration CreateExchangeRunspaceConfiguration()
        {
            IIdentity identity  = this.GetExecutingUserIdentity();
            IIdentity identity2 = null;

            if (!string.IsNullOrEmpty(this.impersonatedUserSddl))
            {
                identity2 = new GenericSidIdentity(this.impersonatedUserSddl, this.impersonatedAuthenticationType, new SecurityIdentifier(this.impersonatedUserSddl));
            }
            ExchangeRunspaceConfiguration result;

            if (identity2 == null)
            {
                result = new ExchangeRunspaceConfiguration(identity);
            }
            else
            {
                result = new ExchangeRunspaceConfiguration(identity, identity2, ExchangeRunspaceConfigurationSettings.GetDefaultInstance(), this.roleTypeFilter, this.sortedRoleEntryFilter, this.logonUserRequiredRoleTypes, this.callerCheckedAccess);
            }
            return(result);
        }
Esempio n. 4
0
        private static void SetAuthenticatedInfo(HttpContext context, ADUser authenticatedUser, X509Identifier certId)
        {
            Logger.EnterFunction(ExTraceGlobals.CertAuthTracer, "SetAuthenticatedInfo");
            IIdentity identity;

            if (CertificateAuthenticationModule.cafeProxy)
            {
                CertificateSidTokenAccessor certificateSidTokenAccessor = CertificateSidTokenAccessor.Create(authenticatedUser, certId);
                context.Items["Item-CommonAccessToken"] = certificateSidTokenAccessor.GetToken();
                identity = new GenericSidIdentity(authenticatedUser.Sid.ToString(), "Certificate", authenticatedUser.Sid, certificateSidTokenAccessor.PartitionId);
            }
            else
            {
                context.Items["AuthType"] = AccessTokenType.CertificateSid;
                if (authenticatedUser.RecipientTypeDetails == RecipientTypeDetails.LinkedUser)
                {
                    identity = new GenericIdentity(authenticatedUser.Sid.ToString());
                }
                else
                {
                    string sUserPrincipalName = string.Format("{0}@{1}", authenticatedUser.SamAccountName, authenticatedUser.Id.GetPartitionId().ForestFQDN);
                    identity = new WindowsIdentity(sUserPrincipalName);
                }
            }
            string name = authenticatedUser.Name;

            if (!string.IsNullOrEmpty(name))
            {
                context.Items["AuthenticatedUser"] = name;
            }
            AuthCommon.SetHttpContextADRawEntry(context, authenticatedUser);
            if (!OrganizationId.ForestWideOrgId.Equals(authenticatedUser.OrganizationId))
            {
                context.Items[CertificateAuthenticationModule.TenantCertificateOrganizaitonItemName] = authenticatedUser.OrganizationId.OrganizationalUnit.Name;
            }
            context.User = new GenericPrincipal(identity, new string[0]);
            Logger.ExitFunction(ExTraceGlobals.CertAuthTracer, "SetAuthenticatedInfo");
        }
Esempio n. 5
0
        // Token: 0x060000EB RID: 235 RVA: 0x00005DD4 File Offset: 0x00003FD4
        private static AnchorMailbox CreateFromLogonIdentity(IRequestContext requestContext)
        {
            HttpContext httpContext = requestContext.HttpContext;
            IPrincipal  user        = httpContext.User;
            IIdentity   identity    = httpContext.User.Identity;
            string      text;

            HttpContextItemParser.TryGetLiveIdMemberName(httpContext.Items, ref text);
            OAuthIdentity oauthIdentity = identity as OAuthIdentity;

            if (oauthIdentity != null)
            {
                string externalDirectoryObjectId;
                if (RequestHeaderParser.TryGetExternalDirectoryObjectId(httpContext.Request.Headers, ref externalDirectoryObjectId))
                {
                    requestContext.Logger.SafeSet(3, "OAuthIdentity-ExternalDirectoryObjectId");
                    return(new ExternalDirectoryObjectIdAnchorMailbox(externalDirectoryObjectId, oauthIdentity.OrganizationId, requestContext));
                }
                if (oauthIdentity.ActAsUser != null)
                {
                    requestContext.Logger.SafeSet(3, "OAuthIdentity-ActAsUser");
                    return(new OAuthActAsUserAnchorMailbox(oauthIdentity.ActAsUser, requestContext));
                }
                requestContext.Logger.SafeSet(3, "OAuthIdentity-AppOrganization");
                return(new OrganizationAnchorMailbox(oauthIdentity.OrganizationId, requestContext));
            }
            else
            {
                GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity;
                if (genericSidIdentity != null)
                {
                    requestContext.Logger.SafeSet(3, "GenericSidIdentity");
                    return(new SidAnchorMailbox(genericSidIdentity.Sid, requestContext)
                    {
                        PartitionId = genericSidIdentity.PartitionId,
                        SmtpOrLiveId = text
                    });
                }
                DelegatedPrincipal delegatedPrincipal = user as DelegatedPrincipal;
                if (delegatedPrincipal != null && delegatedPrincipal.DelegatedOrganization != null && string.IsNullOrEmpty(text))
                {
                    requestContext.Logger.SafeSet(3, "DelegatedPrincipal-DelegatedOrganization");
                    return(new DomainAnchorMailbox(delegatedPrincipal.DelegatedOrganization, requestContext));
                }
                WindowsIdentity windowsIdentity = identity as WindowsIdentity;
                if (windowsIdentity != null)
                {
                    if (string.IsNullOrEmpty(text))
                    {
                        requestContext.Logger.SafeSet(3, "WindowsIdentity");
                    }
                    else
                    {
                        requestContext.Logger.SafeSet(3, "WindowsIdentity-LiveIdMemberName");
                    }
                    return(new SidAnchorMailbox(windowsIdentity.User, requestContext)
                    {
                        SmtpOrLiveId = text
                    });
                }
                SecurityIdentifier securityIdentifier = null;
                if (IIdentityExtensions.TryGetSecurityIdentifier(identity, ref securityIdentifier) && !securityIdentifier.Equals(AuthCommon.MemberNameNullSid))
                {
                    if (string.IsNullOrEmpty(text))
                    {
                        requestContext.Logger.SafeSet(3, "SID");
                    }
                    else
                    {
                        requestContext.Logger.SafeSet(3, "SID-LiveIdMemberName");
                    }
                    return(new SidAnchorMailbox(securityIdentifier, requestContext)
                    {
                        SmtpOrLiveId = text
                    });
                }
                if (!HttpProxySettings.IdentityIndependentAuthBehaviorEnabled.Value && requestContext.AuthBehavior.AuthState != AuthState.FrontEndFullAuth)
                {
                    AnchorMailbox anchorMailbox = requestContext.AuthBehavior.CreateAuthModuleSpecificAnchorMailbox(requestContext);
                    if (anchorMailbox != null)
                    {
                        return(anchorMailbox);
                    }
                }
                if (!string.IsNullOrEmpty(text) && SmtpAddress.IsValidSmtpAddress(text))
                {
                    requestContext.Logger.SafeSet(3, "Smtp-LiveIdMemberName");
                    return(new SmtpAnchorMailbox(text, requestContext));
                }
                throw new InvalidOperationException(string.Format("Unknown idenity {0} with type {1}.", IIdentityExtensions.GetSafeName(identity, true), identity.ToString()));
            }
        }
		// Token: 0x06000013 RID: 19 RVA: 0x00002980 File Offset: 0x00000B80
		internal static bool TryResolveCurrentUserInLocalForest(IPrincipal user, TraceSource traceSrc, out string tenantName)
		{
			tenantName = null;
			ADRawEntry adrawEntry = null;
			if (user != null)
			{
				SecurityIdentifier securityIdentifier = null;
				PartitionId partitionId = null;
				GenericSidIdentity genericSidIdentity = user.Identity as GenericSidIdentity;
				if (genericSidIdentity != null)
				{
					securityIdentifier = genericSidIdentity.Sid;
					if (!string.IsNullOrEmpty(genericSidIdentity.PartitionId))
					{
						PartitionId.TryParse(genericSidIdentity.PartitionId, out partitionId);
					}
				}
				else
				{
					WindowsIdentity windowsIdentity = user.Identity as WindowsIdentity;
					if (windowsIdentity != null)
					{
						securityIdentifier = windowsIdentity.User;
					}
				}
				if (securityIdentifier != null)
				{
					Logger.LogVerbose(traceSrc, "User sid is {0}.", new object[]
					{
						securityIdentifier.ToString()
					});
					try
					{
						adrawEntry = UserTokenStaticHelper.GetADRawEntry(partitionId, null, securityIdentifier);
						goto IL_11E;
					}
					catch (TransientException exception)
					{
						Logger.LogError(LiveIdRedirectionModule.eventLogger, traceSrc, "Failed to map user sid to an AD-Account with the following transient error {0}.", exception, new ExEventLog.EventTuple?(TaskEventLogConstants.Tuple_LiveIdRedirection_FailedWindowsIdMapping), securityIdentifier.ToString());
						goto IL_11E;
					}
					catch (DataSourceOperationException exception2)
					{
						Logger.LogError(LiveIdRedirectionModule.eventLogger, traceSrc, "Failed to map user sid to an AD-Account with the following error {0}.", exception2, new ExEventLog.EventTuple?(TaskEventLogConstants.Tuple_LiveIdRedirection_FailedWindowsIdMapping), securityIdentifier.ToString());
						goto IL_11E;
					}
					catch (DataValidationException exception3)
					{
						Logger.LogError(LiveIdRedirectionModule.eventLogger, traceSrc, "Failed to map user sid to an AD-Account with the following error {0}.", exception3, new ExEventLog.EventTuple?(TaskEventLogConstants.Tuple_LiveIdRedirection_FailedWindowsIdMapping), securityIdentifier.ToString());
						goto IL_11E;
					}
				}
				Logger.LogWarning(traceSrc, "Identity in the context is not valid. It should be either GenericSidIdentity or WindowsIdentity.");
			}
			else
			{
				Logger.LogWarning(traceSrc, "Context.User is null.");
			}
			IL_11E:
			if (adrawEntry != null)
			{
				Logger.LogVerbose(traceSrc, "User SMTP address resolved from AD {0}.", new object[]
				{
					(SmtpAddress)adrawEntry[ADRecipientSchema.WindowsLiveID]
				});
				ADObjectId adobjectId = (ADObjectId)adrawEntry[ADObjectSchema.OrganizationalUnitRoot];
				if (adobjectId != null)
				{
					tenantName = adobjectId.Name;
					Logger.LogVerbose(traceSrc, "User Tenant Name resolved from AD {0}.", new object[]
					{
						tenantName
					});
				}
			}
			return adrawEntry != null;
		}
        // Token: 0x060006EE RID: 1774 RVA: 0x00028810 File Offset: 0x00026A10
        protected override void AddProtocolSpecificHeadersToServerRequest(WebHeaderCollection headers)
        {
            if (base.ClientRequest.IsAuthenticated && base.ProxyToDownLevel)
            {
                IIdentity          callerIdentity     = this.GetCallerIdentity();
                WindowsIdentity    windowsIdentity    = callerIdentity as WindowsIdentity;
                GenericSidIdentity genericSidIdentity = callerIdentity as GenericSidIdentity;
                IPrincipal         user = base.HttpContext.User;
                if (windowsIdentity != null)
                {
                    string text;
                    if (HttpContextItemParser.TryGetLiveIdMemberName(base.HttpContext.Items, ref text))
                    {
                        headers["X-RemotePS-GenericIdentity"] = windowsIdentity.User.ToString();
                    }
                    else
                    {
                        headers["X-RemotePS-WindowsIdentity"] = this.GetSerializedAccessTokenString();
                    }
                }
                else if (genericSidIdentity != null)
                {
                    headers["X-RemotePS-GenericIdentity"] = genericSidIdentity.Sid.ToString();
                }
                else
                {
                    headers["X-RemotePS-GenericIdentity"] = IIdentityExtensions.GetSafeName(base.HttpContext.User.Identity, true);
                }
            }
            if (this.isSyndicatedAdminManageDownLevelTarget)
            {
                headers["msExchCafeForceRouteToLogonAccount"] = "1";
            }
            if (LoggerHelper.IsProbePingRequest(base.ClientRequest))
            {
                RequestDetailsLoggerBase <RequestDetailsLogger> .SafeSetLogger(base.Logger, 21, "ProbePingBackend");
            }
            else if (WinRMHelper.WinRMParserEnabled.Value)
            {
                try
                {
                    this.winRMInfo = base.ParseClientRequest <WinRMInfo>(new Func <Stream, WinRMInfo>(this.ParseWinRMInfo), 10000);
                }
                catch (InvalidOperationException ex)
                {
                    if (ExTraceGlobals.ExceptionTracer.IsTraceEnabled(3))
                    {
                        ExTraceGlobals.ExceptionTracer.TraceError <InvalidOperationException>((long)this.GetHashCode(), "[RemotePowerShellProxyRequestHandler::AddProtocolSpecificHeadersToServerRequest] ParseClientRequest throws exception {0}", ex);
                    }
                    RequestDetailsLoggerBase <RequestDetailsLogger> .SafeAppendGenericError(base.Logger, "ParseClientRequestException", ex.ToString());
                }
                if (this.winRMInfo != null)
                {
                    WinRMInfo.StampToHttpHeaders(this.winRMInfo, headers);
                }
            }
            DatabaseBasedAnchorMailbox databaseBasedAnchorMailbox = base.AnchoredRoutingTarget.AnchorMailbox as DatabaseBasedAnchorMailbox;

            if (databaseBasedAnchorMailbox != null)
            {
                ADObjectId database = databaseBasedAnchorMailbox.GetDatabase();
                if (database != null)
                {
                    headers["X-DatabaseGuid"] = database.ObjectGuid.ToString();
                }
            }
            if (!base.ShouldRetryOnError)
            {
                headers["X-Cafe-Last-Retry"] = "Y";
            }
            base.AddProtocolSpecificHeadersToServerRequest(headers);
        }
Esempio n. 8
0
        private static AnchorMailbox CreateFromLogonIdentity(IRequestContext requestContext)
        {
            HttpContext   httpContext   = requestContext.HttpContext;
            IPrincipal    user          = httpContext.User;
            IIdentity     identity      = httpContext.User.Identity;
            string        text          = httpContext.Items[Constants.WLIDMemberName] as string;
            OAuthIdentity oauthIdentity = identity as OAuthIdentity;

            if (oauthIdentity != null)
            {
                string text2 = httpContext.Request.Headers[Constants.ExternalDirectoryObjectIdHeaderName];
                if (!string.IsNullOrEmpty(text2))
                {
                    requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-ExternalDirectoryObjectId");
                    return(new ExternalDirectoryObjectIdAnchorMailbox(text2, oauthIdentity.OrganizationId, requestContext));
                }
                if (oauthIdentity.ActAsUser != null)
                {
                    requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-ActAsUser");
                    return(new OAuthActAsUserAnchorMailbox(oauthIdentity.ActAsUser, requestContext));
                }
                requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-AppOrganization");
                return(new OrganizationAnchorMailbox(oauthIdentity.OrganizationId, requestContext));
            }
            else
            {
                GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity;
                if (genericSidIdentity != null)
                {
                    requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "GenericSidIdentity");
                    return(new SidAnchorMailbox(genericSidIdentity.Sid, requestContext)
                    {
                        PartitionId = genericSidIdentity.PartitionId,
                        SmtpOrLiveId = text
                    });
                }
                DelegatedPrincipal delegatedPrincipal = user as DelegatedPrincipal;
                if (delegatedPrincipal != null && delegatedPrincipal.DelegatedOrganization != null && string.IsNullOrEmpty(text))
                {
                    requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "DelegatedPrincipal-DelegatedOrganization");
                    return(new DomainAnchorMailbox(delegatedPrincipal.DelegatedOrganization, requestContext));
                }
                WindowsIdentity windowsIdentity = identity as WindowsIdentity;
                if (windowsIdentity != null)
                {
                    if (string.IsNullOrEmpty(text))
                    {
                        requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "WindowsIdentity");
                    }
                    else
                    {
                        requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "WindowsIdentity-LiveIdMemberName");
                    }
                    return(new SidAnchorMailbox(windowsIdentity.User, requestContext)
                    {
                        SmtpOrLiveId = text
                    });
                }
                try
                {
                    SecurityIdentifier securityIdentifier = identity.GetSecurityIdentifier();
                    if (!securityIdentifier.Equals(AuthCommon.MemberNameNullSid))
                    {
                        if (string.IsNullOrEmpty(text))
                        {
                            requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "SID");
                        }
                        else
                        {
                            requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "SID-LiveIdMemberName");
                        }
                        return(new SidAnchorMailbox(securityIdentifier, requestContext)
                        {
                            SmtpOrLiveId = text
                        });
                    }
                }
                catch (Exception)
                {
                }
                if (requestContext.AuthBehavior.AuthState != AuthState.FrontEndFullAuth)
                {
                    AnchorMailbox anchorMailbox = requestContext.AuthBehavior.CreateAuthModuleSpecificAnchorMailbox(requestContext);
                    if (anchorMailbox != null)
                    {
                        return(anchorMailbox);
                    }
                }
                if (!string.IsNullOrEmpty(text))
                {
                    requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "Smtp-LiveIdMemberName");
                    return(new SmtpAnchorMailbox(text, requestContext));
                }
                throw new InvalidOperationException(string.Format("Unknown idenity {0} with type {1}.", identity.GetSafeName(true), identity.ToString()));
            }
        }