private void RunClientAccessRules()
{
long ticks = DateTime.UtcNow.Ticks;
ClientAccessRuleCollection clientAccessRuleCollection = this.FetchClientAccessRulesCollection();
ADRawEntry adrawEntry = this.FetchADRawEntry(this.User);
string usernameFromADRawEntry = ClientAccessRulesUtils.GetUsernameFromADRawEntry(adrawEntry);
base.WriteVerbose(RulesTasksStrings.TestClientAccessRuleFoundUsername(usernameFromADRawEntry));
ClientAccessRulesEvaluationContext context = new ClientAccessRulesEvaluationContext(clientAccessRuleCollection, usernameFromADRawEntry, new IPEndPoint(this.RemoteAddress, this.RemotePort), this.Protocol, this.AuthenticationType, adrawEntry, ObjectSchema.GetInstance <ClientAccessRulesRecipientFilterSchema>(), delegate(ClientAccessRulesEvaluationContext evaluationContext)
{
}, delegate(Rule rule, ClientAccessRulesAction action)
{
ObjectId identity = null;
ClientAccessRule clientAccessRule = rule as ClientAccessRule;
if (clientAccessRule != null)
{
identity = clientAccessRule.Identity;
}
this.WriteResult(new ClientAccessRulesEvaluationResult
{
Identity = identity,
Name = rule.Name,
Action = action
});
}, ticks);
clientAccessRuleCollection.Run(context);
}
private static bool ShouldBlockConnection(HttpContext httpContext, ExchangeRunspaceConfiguration exchangeRunspaceConfiguration)
{
if (exchangeRunspaceConfiguration == null || exchangeRunspaceConfiguration.ExecutingUser == null || !VariantConfiguration.GetSnapshot(MachineSettingsContext.Local, null, null).Eac.EACClientAccessRulesEnabled.Enabled)
{
return(false);
}
double ruleLatency = 0.0;
string ruleName = string.Empty;
string usernameFromADRawEntry = ClientAccessRulesUtils.GetUsernameFromADRawEntry(exchangeRunspaceConfiguration.ExecutingUser);
bool flag = ClientAccessRulesUtils.ShouldBlockConnection(exchangeRunspaceConfiguration.OrganizationId, usernameFromADRawEntry, ClientAccessProtocol.ExchangeAdminCenter, ClientAccessRulesUtils.GetRemoteEndPointFromContext(httpContext), httpContext.Request.IsAuthenticatedByAdfs() ? ClientAccessAuthenticationMethod.AdfsAuthentication : ClientAccessAuthenticationMethod.BasicAuthentication, exchangeRunspaceConfiguration.ExecutingUser, delegate(ClientAccessRulesEvaluationContext context)
{
ruleName = context.CurrentRule.Name;
}, delegate(double latency)
{
ruleLatency = latency;
});
if (flag || ruleLatency > 50.0)
{
ActivityContextLogger.Instance.LogEvent(new ClientAccessRulesLogEvent(exchangeRunspaceConfiguration.OrganizationId, usernameFromADRawEntry, ClientAccessRulesUtils.GetRemoteEndPointFromContext(httpContext), httpContext.Request.IsAuthenticatedByAdfs() ? ClientAccessAuthenticationMethod.AdfsAuthentication : ClientAccessAuthenticationMethod.BasicAuthentication, ruleName, ruleLatency, flag));
}
return(flag);
}
// Token: 0x06001246 RID: 4678 RVA: 0x00039C60 File Offset: 0x00037E60
private bool ConnectionBlockedByClientAccessRules(PswsAuthZUserToken userToken, out string blockingRuleName)
{
blockingRuleName = null;
if (userToken.OrgId != null && VariantConfiguration.GetSnapshot(MachineSettingsContext.Local, null, null).CmdletInfra.PswsClientAccessRulesEnabled.Enabled)
{
string blockRuleName = null;
bool result = ClientAccessRulesUtils.ShouldBlockConnection(userToken.OrgId, ClientAccessRulesUtils.GetUsernameFromADRawEntry(userToken.UserEntry), ClientAccessProtocol.PowerShellWebServices, ClientAccessRulesUtils.GetRemoteEndPointFromContext(HttpContext.Current), ClientAccessAuthenticationMethod.BasicAuthentication, userToken.UserEntry, delegate(ClientAccessRulesEvaluationContext context)
{
blockRuleName = context.CurrentRule.Name;
AuthZLogger.SafeAppendGenericError(ClientAccessRulesConstants.ClientAccessRuleName, context.CurrentRule.Name, false);
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, string>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Blocked by Client Access Rules ({0}={1})", ClientAccessRulesConstants.ClientAccessRuleName, context.CurrentRule.Name);
}, delegate(double latency)
{
if (latency > 50.0)
{
AuthZLogger.SafeAppendGenericInfo(ClientAccessRulesConstants.ClientAccessRulesLatency, latency.ToString());
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, string>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Client Access Rules latency logger ({0}={1})", ClientAccessRulesConstants.ClientAccessRulesLatency, latency.ToString());
}
});
blockingRuleName = blockRuleName;
return(result);
}
return(false);
}