public EcpIdentity(EcpLogonInformation identity, string cacheKeySuffix) : this(identity.LogonUser, cacheKeySuffix, identity.Impersonated)
{
this.logonUserSid = identity.LogonMailboxSid;
if (identity.Impersonated)
{
this.accessedUserIdentity = identity.ImpersonatedUser;
this.accessedUserSid = identity.ImpersonatedUser.GetSecurityIdentifier();
}
else
{
this.accessedUserIdentity = this.LogonUserIdentity;
this.accessedUserSid = this.logonUserSid;
}
this.UserName = identity.Name;
}
public RbacSettings(HttpContext context)
{
ExTraceGlobals.RBACTracer.TraceInformation <string>(0, 0L, "Extracting RBAC settings from {0}.", context.GetRequestUrlForLog());
Guid vdirId = Guid.Empty;
Guid.TryParse(HttpContext.Current.Request.Headers["X-vDirObjectId"], out vdirId);
this.ecpService = new Lazy <EcpService>(delegate()
{
if (vdirId == Guid.Empty)
{
return(null);
}
ServiceTopology currentServiceTopology = ServiceTopology.GetCurrentServiceTopology("f:\\15.00.1497\\sources\\dev\\admin\\src\\ecp\\RBAC\\RbacSettings.cs", ".ctor", 707);
return(currentServiceTopology.FindAnyCafeService <EcpService>((EcpService service) => service.ADObjectId.ObjectGuid == vdirId, "f:\\15.00.1497\\sources\\dev\\admin\\src\\ecp\\RBAC\\RbacSettings.cs", ".ctor", 708));
});
this.LogonUserIdentity = context.User.Identity;
this.OriginalUser = context.User;
this.IsProxyLogon = context.Request.FilePath.EndsWith("/proxyLogon.ecp", StringComparison.OrdinalIgnoreCase);
bool flag = context.IsAcsOAuthRequest();
if (this.IsProxyLogon)
{
this.ProxySecurityAccessToken = new SerializedAccessToken(context.Request.InputStream);
}
else
{
this.ProxySecurityAccessToken = null;
}
string logonAccountSddlSid = context.Request.Headers["msExchLogonAccount"];
string text = context.Request.Headers["msExchLogonMailbox"];
string targetMailboxSddlSid = context.Request.Headers["msExchTargetMailbox"];
Server inboundProxyCaller = RbacSettings.GetInboundProxyCaller(text, this.LogonUserIdentity as WindowsIdentity);
if (inboundProxyCaller != null)
{
this.IsInboundProxyRequest = true;
this.InboundProxyCallerName = inboundProxyCaller.Name;
EcpLogonInformation identity = EcpLogonInformation.Create(logonAccountSddlSid, text, targetMailboxSddlSid, this.ProxySecurityAccessToken);
this.EcpIdentity = new EcpIdentity(identity, "-ProxySession");
}
else
{
this.IsInboundProxyRequest = false;
this.InboundProxyCallerName = string.Empty;
string explicitUser = context.GetExplicitUser();
string targetTenant = context.GetTargetTenant();
string text2 = string.IsNullOrEmpty(targetTenant) ? "-RbacSession" : ("-RbacSession-@" + targetTenant);
if (flag)
{
text2 += "-OAuthACS";
}
if (!string.IsNullOrEmpty(explicitUser))
{
this.EcpIdentity = new EcpIdentity(context.User, explicitUser, text2);
}
else
{
this.EcpIdentity = new EcpIdentity(this.LogonUserIdentity, text2);
}
}
this.UserUniqueKeyForCanary = this.GetUserUniqueKey();
this.IsExplicitSignOn = this.EcpIdentity.IsExplicitSignon;
bool flag2 = null == context.Request.Cookies[RbacModule.SessionStateCookieName];
if (flag2 && !flag)
{
context.Response.Cookies.Add(new HttpCookie(RbacModule.SessionStateCookieName, Guid.NewGuid().ToString())
{
HttpOnly = true
});
this.CacheKey = this.GetCacheKey();
this.ExpireSession();
}
else
{
this.CacheKey = this.GetCacheKey();
}
ExTraceGlobals.RBACTracer.TraceInformation(0, 0L, "RBAC Settings for {0}: UserName: {1}, IsNewBrowserWindow={2}, IsInboundProxyRequest={3}, InboundProxyCallerName={4}, HasCachedSession={5}", new object[]
{
context.GetRequestUrlForLog(),
this.UserName,
flag2,
this.IsInboundProxyRequest,
this.InboundProxyCallerName,
this.CachedSession != null
});
}
