Esempio n. 1
0
        private void SimulateBasicAuthenticationHeader(HttpContext httpContext)
        {
            HttpRequest          request              = httpContext.Request;
            HttpResponse         response             = httpContext.Response;
            SecureHtmlFormReader secureHtmlFormReader = new SecureHtmlFormReader(request);

            secureHtmlFormReader.AddSensitiveInputName("password");
            SecureNameValueCollection secureNameValueCollection;

            if (!secureHtmlFormReader.TryReadSecureFormData(out secureNameValueCollection))
            {
                if (secureNameValueCollection != null)
                {
                    secureNameValueCollection.Dispose();
                }
                response.Redirect(OwaUrl.ApplicationRoot.ImplicitUrl);
            }
            OwaContext.Current.FormNameValueCollection = secureNameValueCollection;
            bool   flag = true;
            string text;

            if (!secureNameValueCollection.TryGetUnsecureValue("username", out text))
            {
                flag = false;
            }
            SecureString secureString;

            if (!secureNameValueCollection.TryGetSecureValue("password", out secureString))
            {
                flag = false;
            }
            if (!flag)
            {
                Utilities.EndResponse(httpContext, HttpStatusCode.BadRequest);
            }
            string value;

            if (secureNameValueCollection.TryGetUnsecureValue("destination", out value))
            {
                response.AppendHeader("X-OWA-Destination", value);
            }
            HttpCookie httpCookie = request.Cookies["PBack"];

            if (httpCookie == null || httpCookie.Value != "0")
            {
                Utilities.EndResponse(httpContext, HttpStatusCode.Unauthorized);
            }
            text += ":";
            Encoding @default     = Encoding.Default;
            int      maxByteCount = @default.GetMaxByteCount(text.Length + secureString.Length);

            using (SecureArray <byte> secureArray = new SecureArray <byte>(maxByteCount))
            {
                int num = @default.GetBytes(text, 0, text.Length, secureArray.ArrayValue, 0);
                using (SecureArray <char> secureArray2 = secureString.ConvertToSecureCharArray())
                {
                    num += @default.GetBytes(secureArray2.ArrayValue, 0, secureArray2.Length(), secureArray.ArrayValue, num);
                    request.Headers["Authorization"] = "Basic " + Convert.ToBase64String(secureArray.ArrayValue, 0, num);
                }
            }
        }
Esempio n. 2
0
        private bool HandleFbaAuthFormPost(HttpApplication httpApplication)
        {
            HttpContext  context  = httpApplication.Context;
            HttpRequest  request  = context.Request;
            HttpResponse response = context.Response;

            if (request.GetHttpMethod() != HttpMethod.Post)
            {
                return(false);
            }
            string strB = request.Url.Segments[request.Url.Segments.Length - 1];

            if (string.Compare("auth.owa", strB, StringComparison.OrdinalIgnoreCase) != 0 && string.Compare("owaauth.dll", strB, StringComparison.OrdinalIgnoreCase) != 0)
            {
                return(false);
            }
            if (string.IsNullOrEmpty(request.ContentType))
            {
                request.ContentType = "application/x-www-form-urlencoded";
            }
            SecureHtmlFormReader secureHtmlFormReader = new SecureHtmlFormReader(request);

            secureHtmlFormReader.AddSensitiveInputName("password");
            SecureNameValueCollection secureNameValueCollection = null;

            try
            {
                if (!secureHtmlFormReader.TryReadSecureFormData(out secureNameValueCollection))
                {
                    AspNetHelper.EndResponse(context, HttpStatusCode.BadRequest);
                }
                string       text         = null;
                string       text2        = null;
                SecureString secureString = null;
                string       text3        = null;
                secureNameValueCollection.TryGetUnsecureValue("username", out text2);
                secureNameValueCollection.TryGetSecureValue("password", out secureString);
                secureNameValueCollection.TryGetUnsecureValue("destination", out text);
                secureNameValueCollection.TryGetUnsecureValue("flags", out text3);
                if (text == null || text2 == null || secureString == null || text3 == null || !this.CheckPostDestination(text, context.Request))
                {
                    AspNetHelper.EndResponse(context, HttpStatusCode.BadRequest);
                }
                this.password       = secureString.Copy();
                this.userName       = text2;
                this.destinationUrl = text;
                int num;
                if (int.TryParse(text3, NumberStyles.Integer, CultureInfo.InvariantCulture, out num))
                {
                    this.flags = num;
                }
                else
                {
                    this.flags = 0;
                }
                text2 += ":";
                Encoding @default     = Encoding.Default;
                int      maxByteCount = @default.GetMaxByteCount(text2.Length + secureString.Length);
                using (SecureArray <byte> secureArray = new SecureArray <byte>(maxByteCount))
                {
                    int num2 = @default.GetBytes(text2, 0, text2.Length, secureArray.ArrayValue, 0);
                    using (SecureArray <char> secureArray2 = secureString.ConvertToSecureCharArray())
                    {
                        num2 += @default.GetBytes(secureArray2.ArrayValue, 0, secureArray2.Length(), secureArray.ArrayValue, num2);
                        this.basicAuthString             = "Basic " + Convert.ToBase64String(secureArray.ArrayValue, 0, num2);
                        request.Headers["Authorization"] = this.basicAuthString;
                    }
                }
            }
            finally
            {
                if (secureNameValueCollection != null)
                {
                    secureNameValueCollection.Dispose();
                }
            }
            ExTraceGlobals.VerboseTracer.TraceDebug <Uri>(0L, "HandleFbaAuthFormPost - {0}", request.Url);
            return(true);
        }