private static void InternalOnAuthenticate(HttpContext context)
{
Logger.EnterFunction(ExTraceGlobals.CertAuthTracer, "InternalOnAuthenticate");
HttpRequest request = context.Request;
Logger.LogVerbose("Request of Authentication for certificate {0}.", new object[]
{
request.ClientCertificate.Subject
});
int i = 0;
ADUser aduser = null;
NameValueCollection urlProperties = RedirectionHelper.GetUrlProperties(request.Url);
string orgName = urlProperties[CertificateAuthenticationModule.OrganizationDomain];
while (i < CertificateAuthenticationModule.maxRetryForADTransient)
{
try
{
aduser = CertificateAuthenticationModule.ResolveCertificateFromCacheOrAD(request.ClientCertificate, orgName);
if (aduser != null && !string.IsNullOrEmpty(aduser.UserPrincipalName))
{
CertificateAuthenticationFaultInjection.FaultInjectionTracer.TraceTest <string>(3745918269U, aduser.UserPrincipalName);
}
break;
}
catch (ADTransientException ex)
{
if (i == 0)
{
Logger.LogEvent(CertificateAuthenticationModule.eventLogger, TaskEventLogConstants.Tuple_CertAuth_TransientError, null, new object[]
{
ex,
request.ClientCertificate.Subject
});
HttpLogger.SafeAppendGenericInfo("ResolveCertificateFromCacheOrAD-TransientException", ex.Message);
}
if (i == CertificateAuthenticationModule.maxRetryForADTransient - 1)
{
HttpLogger.SafeAppendGenericError("ResolveCertificateFromCacheOrAD", ex, new Func <Exception, bool>(KnownException.IsUnhandledException));
}
Logger.LogError(string.Format("AD Transient Error when processing certificate authentication {0}.", request.ClientCertificate.Subject), ex);
}
catch (Exception ex2)
{
HttpLogger.SafeAppendGenericError("CertAuthNModule.InternalOnAuthenticate", ex2, new Func <Exception, bool>(KnownException.IsUnhandledException));
Logger.LogEvent(CertificateAuthenticationModule.eventLogger, TaskEventLogConstants.Tuple_CertAuth_ServerError, null, new object[]
{
ex2,
request.ClientCertificate.Subject
});
Logger.LogError(string.Format("Unknown error when processing certificate authentication {0}.", request.ClientCertificate.Subject), ex2);
if (GrayException.IsGrayException(ex2))
{
ExWatson.SendReport(ex2, ReportOptions.DoNotCollectDumps, null);
}
CertificateAuthenticationModule.ReportCustomError(context.Response, HttpStatusCode.InternalServerError, 200, Strings.UnknownInternalError(request.ClientCertificate.Subject));
}
i++;
}
if (i > 0)
{
HttpLogger.SafeAppendGenericInfo("ResolveCertificateFromCacheOrAD-Retry", i.ToString());
}
if (i >= CertificateAuthenticationModule.maxRetryForADTransient)
{
CertificateAuthenticationModule.ReportCustomError(context.Response, HttpStatusCode.InternalServerError, 201, Strings.ADTransientError(request.ClientCertificate.Subject));
}
else if (aduser == null)
{
HttpLogger.SafeAppendGenericError("ResolveCertificateFromCacheOrAD-ResolvedUser", "null", false);
if (request.Headers["Authorization"] == "http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/https/mutual")
{
CertificateAuthenticationModule.ReportCustomError(context.Response, HttpStatusCode.BadRequest, 102, Strings.UserNotFound(request.ClientCertificate.Subject));
}
}
else
{
Logger.LogVerbose("User correctly authenticated and linked to Certificate {0}.", new object[]
{
request.ClientCertificate.Subject
});
if (i > 0)
{
Logger.LogEvent(CertificateAuthenticationModule.eventLogger, TaskEventLogConstants.Tuple_CertAuth_TransientRecovery, null, new object[]
{
request.ClientCertificate.Subject,
i
});
}
X509Identifier certId = CertificateAuthenticationModule.CreateCertificateIdentity(request.ClientCertificate);
CertificateAuthenticationModule.SetAuthenticatedInfo(context, aduser, certId);
}
Logger.ExitFunction(ExTraceGlobals.CertAuthTracer, "InternalOnAuthenticate");
}
