// Token: 0x06000286 RID: 646 RVA: 0x000118C4 File Offset: 0x0000FAC4 private static bool CheckClaimSetsForX509CertUser(AuthorizationContext authorizationContext, OperationContext operationContext) { HttpContext.Current.Items["AuthType"] = "X509Cert"; ReadOnlyCollection <ClaimSet> claimSets = authorizationContext.ClaimSets; claimSets.TraceClaimSets(); X509CertUser x509CertUser = null; if (!X509CertUser.TryCreateX509CertUser(claimSets, out x509CertUser)) { ExTraceGlobals.AuthenticationTracer.TraceDebug(0L, "[AutodiscoverAuthorizationManager.CheckClaimSetsForX509CertUser] unable to create the x509certuser"); AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "unable to create the X509CertUser based on the given claim sets."); return(false); } OrganizationId value; WindowsIdentity windowsIdentity; string arg; if (!x509CertUser.TryGetWindowsIdentity(out value, out windowsIdentity, out arg)) { ExTraceGlobals.AuthenticationTracer.TraceDebug <X509CertUser>(0L, "[AutodiscoverAuthorizationManager.CheckClaimSetsForX509CertUser] unable to find the windows identity for cert user: {0}", x509CertUser); string reason = string.Format("unable to find the windows identity for the given cert {0}, reason: {1}", x509CertUser, arg); AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, reason); return(false); } ExTraceGlobals.AuthenticationTracer.TraceDebug <string, string>(0L, "[AutodiscoverAuthorizationManager.CheckClaimSetsForX509CertUser] ws-security header contains the x509 cert user identity: {0}, upn: {1}", Common.GetIdentityNameForTrace(windowsIdentity), x509CertUser.UserPrincipalName); AutodiscoverAuthorizationManager.PushUserAndOrgInfoToContext(x509CertUser.UserPrincipalName, null); HttpContext.Current.User = new WindowsPrincipal(windowsIdentity); HttpContext.Current.Items["UserOrganizationId"] = value; return(true); }
// Token: 0x060003D2 RID: 978 RVA: 0x000159C4 File Offset: 0x00013BC4 internal string FindAddressFromWsSecurity(Stream stream, WsSecurityHeaderType headerType, out bool isDelegationToken) { isDelegationToken = false; long position = stream.Position; try { XmlReader xmlReader = XmlReader.Create(stream); if (xmlReader.Settings != null && xmlReader.Settings.DtdProcessing != DtdProcessing.Prohibit) { xmlReader.Settings.DtdProcessing = DtdProcessing.Prohibit; } XmlElement xmlElement = null; XmlElement xmlElement2 = null; XmlElement xmlElement3 = null; xmlReader.MoveToContent(); bool flag = true; while (flag && xmlReader.Read()) { if (xmlReader.NodeType == XmlNodeType.Element && xmlReader.LocalName == "Header") { if (!(xmlReader.NamespaceURI == "http://schemas.xmlsoap.org/soap/envelope/")) { if (!(xmlReader.NamespaceURI == "http://www.w3.org/2003/05/soap-envelope")) { continue; } } while (flag && xmlReader.Read()) { if (stream.Position > 73628L) { throw new QuotaExceededException(); } if (xmlReader.NodeType == XmlNodeType.EndElement && xmlReader.LocalName == "Header" && (xmlReader.NamespaceURI == "http://schemas.xmlsoap.org/soap/envelope/" || xmlReader.NamespaceURI == "http://www.w3.org/2003/05/soap-envelope")) { if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1)) { ExTraceGlobals.VerboseTracer.TraceDebug <int>((long)this.GetHashCode(), "[WsSecurityParser::FindAddressFromWsSecurity]: Context {0}; Hit the end of the SOAP header unexpectedly", this.TraceContext); } flag = false; break; } if (headerType != WsSecurityHeaderType.PartnerAuth) { if (xmlReader.NodeType == XmlNodeType.Element && xmlReader.LocalName == "Security" && xmlReader.NamespaceURI == "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd") { while (flag) { if (!xmlReader.Read()) { break; } if (stream.Position > 73628L) { throw new QuotaExceededException(); } if (xmlReader.NodeType == XmlNodeType.EndElement && xmlReader.LocalName == "Security" && xmlReader.NamespaceURI == "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd") { if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1)) { ExTraceGlobals.VerboseTracer.TraceDebug <int>((long)this.GetHashCode(), "[WsSecurityParser::FindAddressFromWsSecurity]: Context {0}; Hit the end of the WS-Security header unexpectedly", this.TraceContext); } flag = false; break; } if (xmlReader.NodeType == XmlNodeType.Element && ((headerType == WsSecurityHeaderType.WSSecurityAuth && xmlReader.LocalName == "EncryptedData" && xmlReader.NamespaceURI == "http://www.w3.org/2001/04/xmlenc#") || (headerType == WsSecurityHeaderType.X509CertAuth && xmlReader.LocalName == "BinarySecurityToken" && xmlReader.NamespaceURI == "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"))) { using (XmlReader xmlReader2 = xmlReader.ReadSubtree()) { XmlDocument xmlDocument = new XmlDocument(); xmlDocument.Load(xmlReader2); xmlElement = xmlDocument.DocumentElement; } flag = false; break; } } } } else { if (xmlReader.NodeType == XmlNodeType.Element && xmlReader.LocalName == "ExchangeImpersonation" && xmlReader.NamespaceURI == "http://schemas.microsoft.com/exchange/services/2006/types") { using (XmlReader xmlReader3 = xmlReader.ReadSubtree()) { XmlDocument xmlDocument2 = new XmlDocument(); xmlDocument2.Load(xmlReader3); xmlElement2 = xmlDocument2.DocumentElement; } flag = false; break; } if (xmlReader.NodeType == XmlNodeType.Element && xmlReader.LocalName == "Attribute" && xmlReader.NamespaceURI == "urn:oasis:names:tc:SAML:1.0:assertion" && xmlReader.HasAttributes && xmlReader.GetAttribute("AttributeName") == "targettenant") { using (XmlReader xmlReader4 = xmlReader.ReadSubtree()) { XmlDocument xmlDocument3 = new XmlDocument(); xmlDocument3.Load(xmlReader4); xmlElement3 = xmlDocument3.DocumentElement; } flag = false; break; } } } } } if (headerType == WsSecurityHeaderType.PartnerAuth) { if (xmlElement2 != null) { if (xmlElement2.NodeType == XmlNodeType.Element && xmlElement2.FirstChild.NodeType == XmlNodeType.Element && xmlElement2.FirstChild.LocalName == "ConnectingSID") { XmlNode firstChild = xmlElement2.FirstChild.FirstChild; if (firstChild.LocalName == "PrincipalName" || firstChild.LocalName == "PrimarySmtpAddress" || firstChild.LocalName == "SmtpAddress" || firstChild.LocalName == "SID") { return(firstChild.InnerXml); } if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1)) { ExTraceGlobals.VerboseTracer.TraceDebug <int, string>((long)this.GetHashCode(), "[WsSecurityParser::FindAddressFromWsSecurity]: Context {0}; Unexpected type {1} in ConnectingSID in impersonation header", this.TraceContext, firstChild.Name); } return(null); } } else if (xmlElement3 != null && xmlElement3.NodeType == XmlNodeType.Element && xmlElement3.FirstChild.LocalName == "AttributeValue") { return(xmlElement3.FirstChild.InnerText); } } else if (xmlElement != null) { ExternalAuthentication current = ExternalAuthentication.GetCurrent(); if (!current.Enabled) { if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1)) { ExTraceGlobals.VerboseTracer.TraceDebug((long)this.GetHashCode(), "[WsSecurityParser::FindAddressFromWsSecurity]: ExternalAuthentication is not enabled"); } return(null); } if (headerType == WsSecurityHeaderType.X509CertAuth) { AuthorizationContext authorizationContext; if (current.TokenValidator.AuthorizationContextFromToken(xmlElement, ref authorizationContext).Result == null) { ReadOnlyCollection <ClaimSet> claimSets = authorizationContext.ClaimSets; X509CertUser x509CertUser = null; if (!X509CertUser.TryCreateX509CertUser(claimSets, ref x509CertUser)) { if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1)) { ExTraceGlobals.VerboseTracer.TraceDebug <int>((long)this.GetHashCode(), "[WsSecurityParser::FindAddressFromWsSecurity]: Context {0}; Unable to create the x509certuser", this.TraceContext); } return(null); } OrganizationId organizationId; WindowsIdentity windowsIdentity; string text; if (!x509CertUser.TryGetWindowsIdentity(ref organizationId, ref windowsIdentity, ref text)) { if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1)) { ExTraceGlobals.VerboseTracer.TraceDebug <int, X509CertUser, string>((long)this.GetHashCode(), "[WsSecurityParser::FindAddressFromWsSecurity]: Context {0}; unable to find the windows identity for cert user: {1}, reason: {2}", this.TraceContext, x509CertUser, text); } return(null); } return(x509CertUser.UserPrincipalName); } } else { TokenValidationResults tokenValidationResults = current.TokenValidator.FindEmailAddress(xmlElement, ref isDelegationToken); if (!string.IsNullOrEmpty(tokenValidationResults.EmailAddress)) { return(tokenValidationResults.EmailAddress); } } } } catch (XmlException ex) { if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1)) { ExTraceGlobals.VerboseTracer.TraceDebug <int, XmlException>((long)this.GetHashCode(), "[WsSecurityParser::FindAddressFromWsSecurity]: Context {0}; XmlException {1}", this.TraceContext, ex); } } if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1)) { ExTraceGlobals.VerboseTracer.TraceDebug <int>((long)this.GetHashCode(), "[WsSecurityParser::FindAddressFromWsSecurity]: Context {0}; No email address found in Ws-Trust token", this.TraceContext); } return(null); }