// Token: 0x0600000B RID: 11 RVA: 0x0000220C File Offset: 0x0000040C
private static CommonAccessToken CommonAccessTokenFromUrl(string user, Uri requestURI, out Exception ex)
{
if (requestURI == null)
{
throw new ArgumentNullException("requestURI");
}
ex = null;
CommonAccessToken result = null;
NameValueCollection nameValueCollectionFromUri = LiveIdBasicAuthModule.GetNameValueCollectionFromUri(requestURI);
string text = nameValueCollectionFromUri.Get("X-Rps-CAT");
if (!string.IsNullOrWhiteSpace(text))
{
try
{
result = CommonAccessToken.Deserialize(Uri.UnescapeDataString(text));
}
catch (Exception ex2)
{
Logger.TraceError(ExTraceGlobals.RemotePowershellBackendCmdletProxyModuleTracer, "Got exception when trying to parse CommonAccessToken: {0}.", new object[]
{
ex2.ToString()
});
Logger.LogEvent(TaskEventLogConstants.Tuple_LogInvalidCommonAccessTokenReceived, text, new object[]
{
user,
requestURI.ToString(),
Strings.ErrorWhenParsingCommonAccessToken(ex2.ToString())
});
ex = ex2;
}
}
return(result);
}
internal static void UniformCommonAccessToken(this UserToken userToken)
{
CommonAccessToken commonAccessToken = userToken.CommonAccessToken;
if (commonAccessToken == null)
{
return;
}
CommonAccessToken commonAccessToken2 = CommonAccessToken.Deserialize(commonAccessToken.Serialize());
commonAccessToken2.Version = 0;
commonAccessToken2.ExtensionData.Clear();
foreach (string key in UserTokenHelper.WinRMCATExtensionDataKeys)
{
if (commonAccessToken.ExtensionData.ContainsKey(key))
{
commonAccessToken2.ExtensionData[key] = commonAccessToken.ExtensionData[key];
}
}
if (!commonAccessToken2.ExtensionData.ContainsKey("UserSid") && userToken.UserSid != null)
{
commonAccessToken2.ExtensionData["UserSid"] = userToken.UserSid.ToString();
}
}
// Token: 0x060000EA RID: 234 RVA: 0x00005B50 File Offset: 0x00003D50
private static AnchorMailbox TryCreateFromCommonAccessToken(CommonAccessToken cat, IRequestContext requestContext)
{
AccessTokenType accessTokenType = (AccessTokenType)Enum.Parse(typeof(AccessTokenType), cat.TokenType, true);
if (accessTokenType == 5)
{
requestContext.Logger.SafeSet(3, "CommonAccessToken-CompositeIdentity");
cat = CommonAccessToken.Deserialize(cat.ExtensionData["PrimaryIdentityToken"]);
accessTokenType = (AccessTokenType)Enum.Parse(typeof(AccessTokenType), cat.TokenType, true);
}
switch (accessTokenType)
{
case 0:
requestContext.Logger.SafeSet(3, "CommonAccessToken-Windows");
return(new SidAnchorMailbox(cat.WindowsAccessToken.UserSid, requestContext));
case 1:
{
LiveIdFbaTokenAccessor liveIdFbaTokenAccessor = LiveIdFbaTokenAccessor.Attach(cat);
requestContext.Logger.SafeSet(3, "CommonAccessToken-LiveId");
return(new SidAnchorMailbox(liveIdFbaTokenAccessor.UserSid, requestContext)
{
OrganizationId = liveIdFbaTokenAccessor.OrganizationId,
SmtpOrLiveId = liveIdFbaTokenAccessor.LiveIdMemberName
});
}
case 2:
{
LiveIdBasicTokenAccessor liveIdBasicTokenAccessor = LiveIdBasicTokenAccessor.Attach(cat);
requestContext.Logger.SafeSet(3, "CommonAccessToken-LiveIdBasic");
if (liveIdBasicTokenAccessor.UserSid != null)
{
return(new SidAnchorMailbox(liveIdBasicTokenAccessor.UserSid, requestContext)
{
OrganizationId = liveIdBasicTokenAccessor.OrganizationId,
SmtpOrLiveId = liveIdBasicTokenAccessor.LiveIdMemberName
});
}
if (SmtpAddress.IsValidSmtpAddress(liveIdBasicTokenAccessor.LiveIdMemberName))
{
string domain = SmtpAddress.Parse(liveIdBasicTokenAccessor.LiveIdMemberName).Domain;
return(new PuidAnchorMailbox(liveIdBasicTokenAccessor.Puid, domain, requestContext));
}
return(null);
}
case 3:
{
string sid = cat.ExtensionData["UserSid"];
string text;
cat.ExtensionData.TryGetValue("OrganizationName", out text);
string smtpOrLiveId;
cat.ExtensionData.TryGetValue("MemberName", out smtpOrLiveId);
if (!string.IsNullOrEmpty(text) && requestContext.Logger != null)
{
requestContext.Logger.ActivityScope.SetProperty(5, text);
}
requestContext.Logger.SafeSet(3, "CommonAccessToken-LiveIdNego2");
return(new SidAnchorMailbox(sid, requestContext)
{
SmtpOrLiveId = smtpOrLiveId
});
}
case 4:
return(null);
case 6:
return(null);
case 7:
{
ADRawEntry httpContextADRawEntry = AuthCommon.GetHttpContextADRawEntry(requestContext.HttpContext);
if (httpContextADRawEntry != null)
{
requestContext.Logger.SafeSet(3, "CommonAccessToken-CertificateSid");
return(new UserADRawEntryAnchorMailbox(httpContextADRawEntry, requestContext));
}
CertificateSidTokenAccessor certificateSidTokenAccessor = CertificateSidTokenAccessor.Attach(cat);
requestContext.Logger.SafeSet(3, "CommonAccessToken-CertificateSid");
return(new SidAnchorMailbox(certificateSidTokenAccessor.UserSid, requestContext)
{
PartitionId = certificateSidTokenAccessor.PartitionId
});
}
case 8:
return(null);
}
return(null);
}
// Token: 0x06000058 RID: 88 RVA: 0x00003368 File Offset: 0x00001568
private void Deserialize(Stream stream)
{
using (BinaryReader binaryReader = new BinaryReader(stream))
{
this.ReadAndValidateFieldType(binaryReader, 'V', Strings.MissingVersion);
this.Version = this.BinaryRead <ushort>(new Func <ushort>(binaryReader.ReadUInt16), Strings.MissingVersion);
this.ReadAndValidateFieldType(binaryReader, 'A', Strings.MissingAuthenticationType);
string value = this.BinaryRead <string>(new Func <string>(binaryReader.ReadString), Strings.MissingAuthenticationType);
AuthenticationType authenticationType;
if (!Enum.TryParse <AuthenticationType>(value, out authenticationType))
{
ExTraceGlobals.UserTokenTracer.TraceError <AuthenticationType>(0L, "Invalid authentication type {0}", authenticationType);
throw new UserTokenException(Strings.InvalidDelegatedPrincipal(value));
}
this.AuthenticationType = authenticationType;
this.ReadAndValidateFieldType(binaryReader, 'D', Strings.MissingDelegatedPrincipal);
string text = this.ReadNullableString(binaryReader, Strings.MissingDelegatedPrincipal);
DelegatedPrincipal delegatedPrincipal = null;
if (text != null && !DelegatedPrincipal.TryParseDelegatedString(text, out delegatedPrincipal))
{
ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid delegated principal {0}", text);
throw new UserTokenException(Strings.InvalidDelegatedPrincipal(text));
}
this.DelegatedPrincipal = delegatedPrincipal;
this.ReadAndValidateFieldType(binaryReader, 'L', Strings.MissingWindowsLiveId);
this.WindowsLiveId = this.ReadNullableString(binaryReader, Strings.MissingWindowsLiveId);
this.ReadAndValidateFieldType(binaryReader, 'N', Strings.MissingUserName);
this.UserName = this.ReadNullableString(binaryReader, Strings.MissingUserName);
this.ReadAndValidateFieldType(binaryReader, 'U', Strings.MissingUserSid);
string text2 = this.ReadNullableString(binaryReader, Strings.MissingUserSid);
if (text2 != null)
{
try
{
this.UserSid = new SecurityIdentifier(text2);
}
catch (ArgumentException innerException)
{
ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid user sid {0}", text2);
throw new UserTokenException(Strings.InvalidUserSid(text2), innerException);
}
}
this.ReadAndValidateFieldType(binaryReader, 'P', Strings.MissingPartitionId);
string text3 = this.ReadNullableString(binaryReader, Strings.MissingPartitionId);
PartitionId partitionId = null;
if (text3 != null && !PartitionId.TryParse(text3, out partitionId))
{
ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid partition id {0}", text3);
throw new UserTokenException(Strings.InvalidPartitionId(text3));
}
this.PartitionId = partitionId;
this.ReadAndValidateFieldType(binaryReader, 'O', Strings.MissingOrganization);
string text4 = this.ReadNullableString(binaryReader, Strings.MissingOrganization);
if (text4 != null)
{
byte[] bytes;
try
{
bytes = Convert.FromBase64String(text4);
}
catch (FormatException innerException2)
{
ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid organization id {0}", text4);
throw new UserTokenException(Strings.InvalidOrganization(text4), innerException2);
}
OrganizationId organization;
if (!OrganizationId.TryCreateFromBytes(bytes, Encoding.UTF8, out organization))
{
ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid organization id {0}", text4);
throw new UserTokenException(Strings.InvalidOrganization(text4));
}
this.Organization = organization;
}
this.ReadAndValidateFieldType(binaryReader, 'M', Strings.MissingManagedOrganization);
this.ManagedOrganization = this.ReadNullableString(binaryReader, Strings.MissingManagedOrganization);
this.ReadAndValidateFieldType(binaryReader, 'W', Strings.MissingAppPasswordUsed);
this.AppPasswordUsed = this.BinaryRead <bool>(new Func <bool>(binaryReader.ReadBoolean), Strings.MissingAppPasswordUsed);
int num = (int)(binaryReader.BaseStream.Length - binaryReader.BaseStream.Position);
if (num > 0)
{
byte[] array = binaryReader.ReadBytes(num);
array = this.Decompress(array);
this.CommonAccessToken = CommonAccessToken.Deserialize(Encoding.UTF8.GetString(array));
}
else
{
this.CommonAccessToken = null;
}
}
}
private IAuthenticationInfo GetPrincipal(OperationContext operationContext)
{
MRSProxyAuthorizationManager.AuthenticationData authenticationData = this.GetAuthenticationData(operationContext);
if (authenticationData.AuthenticationInfo != null)
{
return(authenticationData.AuthenticationInfo);
}
IAuthenticationInfo authenticationInfo = base.Authenticate(operationContext);
if (authenticationInfo == null)
{
return(null);
}
if (operationContext.Channel.LocalAddress.Uri.Scheme == "net.tcp" || this.TestIntegration.UseHttpsForLocalMoves)
{
return(authenticationInfo);
}
WindowsPrincipal windowsPrincipal = authenticationInfo.WindowsPrincipal;
WindowsIdentity windowsIdentity = windowsPrincipal.Identity as WindowsIdentity;
using (ClientSecurityContext clientSecurityContext = new ClientSecurityContext(windowsIdentity))
{
if (!LocalServer.AllowsTokenSerializationBy(clientSecurityContext))
{
MrsTracer.ProxyService.Debug("MRSProxyAuthorizationManager: User {0} does not have the permission to serialize security token.", new object[]
{
authenticationInfo.PrincipalName
});
return(null);
}
}
object obj;
if (!OperationContext.Current.IncomingMessageProperties.TryGetValue(HttpRequestMessageProperty.Name, out obj))
{
return(null);
}
HttpRequestMessageProperty httpRequestMessageProperty = obj as HttpRequestMessageProperty;
if (httpRequestMessageProperty == null)
{
return(null);
}
string[] values = httpRequestMessageProperty.Headers.GetValues("X-CommonAccessToken");
if (values == null || values.Length != 1)
{
return(null);
}
string text = values[0];
if (string.IsNullOrEmpty(text))
{
return(null);
}
using (ClientSecurityContext clientSecurityContext2 = new ClientSecurityContext(windowsIdentity))
{
if (!LocalServer.AllowsTokenSerializationBy(clientSecurityContext2))
{
MrsTracer.ProxyService.Debug("MRSProxyAuthorizationManager: User {0} does not have the permission to serialize security token.", new object[]
{
windowsIdentity
});
return(null);
}
}
CommonAccessToken commonAccessToken = CommonAccessToken.Deserialize(text);
SecurityIdentifier securityIdentifier = new SecurityIdentifier(commonAccessToken.WindowsAccessToken.UserSid);
IRootOrganizationRecipientSession rootOrganizationRecipientSession = DirectorySessionFactory.Default.CreateRootOrgRecipientSession(true, ConsistencyMode.PartiallyConsistent, ADSessionSettings.FromRootOrgScopeSet(), 300, "GetPrincipal", "f:\\15.00.1497\\sources\\dev\\mrs\\src\\ProxyService\\MRSProxyAuthorizationManager.cs");
ADRawEntry adrawEntry = rootOrganizationRecipientSession.FindADRawEntryBySid(securityIdentifier, MRSProxyAuthorizationManager.userPrincipalName);
if (adrawEntry == null)
{
authenticationData.AuthenticationInfo = new AuthenticationInfo(securityIdentifier);
}
else
{
string sUserPrincipalName = (string)adrawEntry[ADUserSchema.UserPrincipalName];
windowsIdentity = new WindowsIdentity(sUserPrincipalName);
authenticationData.AuthenticationInfo = new AuthenticationInfo(windowsIdentity, windowsIdentity.Name);
}
return(authenticationData.AuthenticationInfo);
}
private static AnchorMailbox TryCreateFromCommonAccessToken(CommonAccessToken cat, IRequestContext requestContext)
{
AccessTokenType accessTokenType = (AccessTokenType)Enum.Parse(typeof(AccessTokenType), cat.TokenType, true);
if (accessTokenType == AccessTokenType.CompositeIdentity)
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-CompositeIdentity");
cat = CommonAccessToken.Deserialize(cat.ExtensionData["PrimaryIdentityToken"]);
accessTokenType = (AccessTokenType)Enum.Parse(typeof(AccessTokenType), cat.TokenType, true);
}
switch (accessTokenType)
{
case AccessTokenType.Windows:
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-Windows");
return(new SidAnchorMailbox(cat.WindowsAccessToken.UserSid, requestContext));
case AccessTokenType.LiveId:
{
LiveIdFbaTokenAccessor liveIdFbaTokenAccessor = LiveIdFbaTokenAccessor.Attach(cat);
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-LiveId");
return(new SidAnchorMailbox(liveIdFbaTokenAccessor.UserSid, requestContext)
{
OrganizationId = liveIdFbaTokenAccessor.OrganizationId,
SmtpOrLiveId = liveIdFbaTokenAccessor.LiveIdMemberName
});
}
case AccessTokenType.LiveIdBasic:
{
LiveIdBasicTokenAccessor liveIdBasicTokenAccessor = LiveIdBasicTokenAccessor.Attach(cat);
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-LiveIdBasic");
if (liveIdBasicTokenAccessor.UserSid != null)
{
return(new SidAnchorMailbox(liveIdBasicTokenAccessor.UserSid, requestContext)
{
OrganizationId = liveIdBasicTokenAccessor.OrganizationId,
SmtpOrLiveId = liveIdBasicTokenAccessor.LiveIdMemberName
});
}
return(new PuidAnchorMailbox(liveIdBasicTokenAccessor.Puid, liveIdBasicTokenAccessor.LiveIdMemberName, requestContext));
}
case AccessTokenType.LiveIdNego2:
{
string sid = cat.ExtensionData["UserSid"];
string value;
cat.ExtensionData.TryGetValue("OrganizationName", out value);
string smtpOrLiveId;
cat.ExtensionData.TryGetValue("MemberName", out smtpOrLiveId);
if (!string.IsNullOrEmpty(value) && requestContext.Logger != null)
{
requestContext.Logger.ActivityScope.SetProperty(ActivityStandardMetadata.TenantId, value);
}
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-LiveIdNego2");
return(new SidAnchorMailbox(sid, requestContext)
{
SmtpOrLiveId = smtpOrLiveId
});
}
case AccessTokenType.OAuth:
return(null);
case AccessTokenType.Adfs:
return(null);
case AccessTokenType.CertificateSid:
{
ADRawEntry httpContextADRawEntry = AuthCommon.GetHttpContextADRawEntry(requestContext.HttpContext);
if (httpContextADRawEntry != null)
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-CertificateSid");
return(new UserADRawEntryAnchorMailbox(httpContextADRawEntry, requestContext));
}
CertificateSidTokenAccessor certificateSidTokenAccessor = CertificateSidTokenAccessor.Attach(cat);
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-CertificateSid");
return(new SidAnchorMailbox(certificateSidTokenAccessor.UserSid, requestContext)
{
PartitionId = certificateSidTokenAccessor.PartitionId
});
}
case AccessTokenType.RemotePowerShellDelegated:
return(null);
}
return(null);
}
