private System.Web.Security.DirectoryType GetDirectoryType()
{
System.Web.Security.DirectoryType unknown = System.Web.Security.DirectoryType.Unknown;
foreach (string str in this.rootdse.Properties["supportedCapabilities"])
{
if (StringUtil.EqualsIgnoreCase(str, "1.2.840.113556.1.4.1851"))
{
unknown = System.Web.Security.DirectoryType.ADAM;
break;
}
if (StringUtil.EqualsIgnoreCase(str, "1.2.840.113556.1.4.800"))
{
unknown = System.Web.Security.DirectoryType.AD;
break;
}
}
if (unknown == System.Web.Security.DirectoryType.Unknown)
{
throw new ProviderException(System.Web.SR.GetString("ADMembership_Valid_Targets"));
}
return(unknown);
}
internal DirectoryInformation(string adspath, NetworkCredential credentials, string connProtection, int clientSearchTimeout, int serverSearchTimeout, bool enablePasswordReset)
{
System.DirectoryServices.AuthenticationTypes[,] typesArray = new System.DirectoryServices.AuthenticationTypes[3, 2];
typesArray[1, 0] = System.DirectoryServices.AuthenticationTypes.Encryption | System.DirectoryServices.AuthenticationTypes.Secure;
typesArray[1, 1] = System.DirectoryServices.AuthenticationTypes.Encryption;
typesArray[2, 0] = System.DirectoryServices.AuthenticationTypes.Sealing | System.DirectoryServices.AuthenticationTypes.Signing | System.DirectoryServices.AuthenticationTypes.Secure;
typesArray[2, 1] = System.DirectoryServices.AuthenticationTypes.Sealing | System.DirectoryServices.AuthenticationTypes.Signing | System.DirectoryServices.AuthenticationTypes.Secure;
this.authTypes = typesArray;
this.ldapAuthTypes = new AuthType[, ] {
{ AuthType.Negotiate, AuthType.Basic }, { AuthType.Negotiate, AuthType.Basic }, { AuthType.Negotiate, AuthType.Negotiate }
};
this.adspath = adspath;
this.credentials = credentials;
this.clientSearchTimeout = clientSearchTimeout;
this.serverSearchTimeout = serverSearchTimeout;
if (!adspath.StartsWith("LDAP", StringComparison.Ordinal))
{
throw new ProviderException(System.Web.SR.GetString("ADMembership_OnlyLdap_supported"));
}
System.Web.Security.NativeComInterfaces.IAdsPathname pathname = (System.Web.Security.NativeComInterfaces.IAdsPathname) new System.Web.Security.NativeComInterfaces.Pathname();
try
{
pathname.Set(adspath, 1);
}
catch (COMException exception)
{
if (exception.ErrorCode == -2147463168)
{
throw new ProviderException(System.Web.SR.GetString("ADMembership_invalid_path"));
}
throw;
}
try
{
this.serverName = pathname.Retrieve(9);
}
catch (COMException exception2)
{
if (exception2.ErrorCode == -2147463168)
{
throw new ProviderException(System.Web.SR.GetString("ADMembership_ServerlessADsPath_not_supported"));
}
throw;
}
this.creationContainerDN = this.containerDN = pathname.Retrieve(7);
int index = this.serverName.IndexOf(':');
if (index != -1)
{
string serverName = this.serverName;
this.serverName = serverName.Substring(0, index);
this.port = int.Parse(serverName.Substring(index + 1), NumberFormatInfo.InvariantInfo);
this.portSpecified = true;
}
if (string.Compare(connProtection, "Secure", StringComparison.Ordinal) != 0)
{
goto Label_039F;
}
bool flag = false;
bool flag2 = false;
if (!this.IsDefaultCredential())
{
this.authenticationType = this.GetAuthenticationTypes(ActiveDirectoryConnectionProtection.Ssl, CredentialsType.NonWindows);
this.ldapAuthType = this.GetLdapAuthenticationTypes(ActiveDirectoryConnectionProtection.Ssl, CredentialsType.NonWindows);
try
{
this.rootdse = new DirectoryEntry(this.GetADsPath("rootdse"), this.GetUsername(), this.GetPassword(), this.authenticationType);
this.rootdse.RefreshCache();
this.connectionProtection = ActiveDirectoryConnectionProtection.Ssl;
if (!this.portSpecified)
{
this.port = 0x27c;
this.portSpecified = true;
}
goto Label_0282;
}
catch (COMException exception3)
{
if (exception3.ErrorCode != -2147023570)
{
if (exception3.ErrorCode != -2147016646)
{
throw;
}
flag = true;
}
else
{
flag2 = true;
}
goto Label_0282;
}
}
flag2 = true;
Label_0282:
if (flag2)
{
this.authenticationType = this.GetAuthenticationTypes(ActiveDirectoryConnectionProtection.Ssl, CredentialsType.Windows);
this.ldapAuthType = this.GetLdapAuthenticationTypes(ActiveDirectoryConnectionProtection.Ssl, CredentialsType.Windows);
try
{
this.rootdse = new DirectoryEntry(this.GetADsPath("rootdse"), this.GetUsername(), this.GetPassword(), this.authenticationType);
this.rootdse.RefreshCache();
this.connectionProtection = ActiveDirectoryConnectionProtection.Ssl;
if (!this.portSpecified)
{
this.port = 0x27c;
this.portSpecified = true;
}
}
catch (COMException exception4)
{
if (exception4.ErrorCode != -2147016646)
{
throw;
}
flag = true;
}
}
if (!flag)
{
goto Label_0405;
}
this.authenticationType = this.GetAuthenticationTypes(ActiveDirectoryConnectionProtection.SignAndSeal, CredentialsType.Windows);
this.ldapAuthType = this.GetLdapAuthenticationTypes(ActiveDirectoryConnectionProtection.SignAndSeal, CredentialsType.Windows);
try
{
this.rootdse = new DirectoryEntry(this.GetADsPath("rootdse"), this.GetUsername(), this.GetPassword(), this.authenticationType);
this.rootdse.RefreshCache();
this.connectionProtection = ActiveDirectoryConnectionProtection.SignAndSeal;
goto Label_0405;
}
catch (COMException exception5)
{
throw new ProviderException(System.Web.SR.GetString("ADMembership_Secure_connection_not_established", new object[] { exception5.Message }), exception5);
}
Label_039F:
if (this.IsDefaultCredential())
{
throw new NotSupportedException(System.Web.SR.GetString("ADMembership_Default_Creds_not_supported"));
}
this.authenticationType = this.GetAuthenticationTypes(this.connectionProtection, CredentialsType.NonWindows);
this.ldapAuthType = this.GetLdapAuthenticationTypes(this.connectionProtection, CredentialsType.NonWindows);
this.rootdse = new DirectoryEntry(this.GetADsPath("rootdse"), this.GetUsername(), this.GetPassword(), this.authenticationType);
Label_0405:
if (this.rootdse == null)
{
this.rootdse = new DirectoryEntry(this.GetADsPath("RootDSE"), this.GetUsername(), this.GetPassword(), this.authenticationType);
}
this.directoryType = this.GetDirectoryType();
if ((this.directoryType == System.Web.Security.DirectoryType.ADAM) && (this.connectionProtection == ActiveDirectoryConnectionProtection.SignAndSeal))
{
throw new ProviderException(System.Web.SR.GetString("ADMembership_Ssl_connection_not_established"));
}
if ((this.directoryType == System.Web.Security.DirectoryType.AD) && ((this.port == 0xcc4) || (this.port == 0xcc5)))
{
throw new ProviderException(System.Web.SR.GetString("ADMembership_GCPortsNotSupported"));
}
if (string.IsNullOrEmpty(this.containerDN))
{
if (this.directoryType == System.Web.Security.DirectoryType.AD)
{
this.containerDN = (string)this.rootdse.Properties["defaultNamingContext"].Value;
if (this.containerDN == null)
{
throw new ProviderException(System.Web.SR.GetString("ADMembership_DefContainer_not_specified"));
}
DirectoryEntry entry = new DirectoryEntry(this.GetADsPath("<WKGUID=a9d1ca15768811d1aded00c04fd8d5cd," + this.containerDN + ">"), this.GetUsername(), this.GetPassword(), this.authenticationType);
try
{
this.creationContainerDN = (string)System.Web.Security.PropertyManager.GetPropertyValue(entry, "distinguishedName");
goto Label_05DE;
}
catch (COMException exception6)
{
if (exception6.ErrorCode == -2147016656)
{
throw new ProviderException(System.Web.SR.GetString("ADMembership_DefContainer_does_not_exist"));
}
throw;
}
}
throw new ProviderException(System.Web.SR.GetString("ADMembership_Container_must_be_specified"));
}
DirectoryEntry directoryEntry = new DirectoryEntry(this.GetADsPath(this.containerDN), this.GetUsername(), this.GetPassword(), this.authenticationType);
try
{
this.creationContainerDN = this.containerDN = (string)System.Web.Security.PropertyManager.GetPropertyValue(directoryEntry, "distinguishedName");
}
catch (COMException exception7)
{
if (exception7.ErrorCode == -2147016656)
{
throw new ProviderException(System.Web.SR.GetString("ADMembership_Container_does_not_exist"));
}
throw;
}
Label_05DE:
using (LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier(this.serverName + ":" + this.port), GetCredentialsWithDomain(credentials), this.ldapAuthType)
{
SessionOptions = { ProtocolVersion = 3 }
})
{
SearchResponse response;
connection.SessionOptions.ReferralChasing = ReferralChasingOptions.None;
this.SetSessionOptionsForSecureConnection(connection, false);
connection.Bind();
SearchRequest request = new SearchRequest {
DistinguishedName = this.containerDN,
Filter = "(objectClass=*)",
Scope = System.DirectoryServices.Protocols.SearchScope.Base
};
request.Attributes.Add("distinguishedName");
request.Attributes.Add("objectClass");
if (this.ServerSearchTimeout != -1)
{
request.TimeLimit = new TimeSpan(0, this.ServerSearchTimeout, 0);
}
try
{
response = (SearchResponse)connection.SendRequest(request);
if ((response.ResultCode == ResultCode.Referral) || (response.ResultCode == ResultCode.NoSuchObject))
{
throw new ProviderException(System.Web.SR.GetString("ADMembership_Container_does_not_exist"));
}
if (response.ResultCode != ResultCode.Success)
{
throw new ProviderException(response.ErrorMessage);
}
}
catch (DirectoryOperationException exception8)
{
SearchResponse response2 = (SearchResponse)exception8.Response;
if (response2.ResultCode == ResultCode.NoSuchObject)
{
throw new ProviderException(System.Web.SR.GetString("ADMembership_Container_does_not_exist"));
}
throw;
}
DirectoryAttribute objectClass = response.Entries[0].Attributes["objectClass"];
if (!this.ContainerIsSuperiorOfUser(objectClass))
{
throw new ProviderException(System.Web.SR.GetString("ADMembership_Container_not_superior"));
}
if ((this.connectionProtection == ActiveDirectoryConnectionProtection.None) || (this.connectionProtection == ActiveDirectoryConnectionProtection.Ssl))
{
this.concurrentBindSupported = this.IsConcurrentBindSupported(connection);
}
}
if (this.directoryType == System.Web.Security.DirectoryType.ADAM)
{
this.adamPartitionDN = this.GetADAMPartitionFromContainer();
}
else if (enablePasswordReset)
{
DirectoryEntry entry3 = new DirectoryEntry(this.GetADsPath((string)System.Web.Security.PropertyManager.GetPropertyValue(this.rootdse, "defaultNamingContext")), this.GetUsername(), this.GetPassword(), this.AuthenticationTypes);
System.Web.Security.NativeComInterfaces.IAdsLargeInteger propertyValue = (System.Web.Security.NativeComInterfaces.IAdsLargeInteger)System.Web.Security.PropertyManager.GetPropertyValue(entry3, "lockoutDuration");
long num2 = (propertyValue.HighPart * 0x100000000L) + ((uint)propertyValue.LowPart);
this.adLockoutDuration = new TimeSpan(-num2);
}
}
