public FederatedClientCredentials GetFederatedCredentialsForDelegation(ExternalAuthentication extAuth)
{
this.UpdateCrossPremiseStatus();
if ((!this.isArchiveCrossPremise || !this.isCrossPremiseArchiveEnabled) && !this.isMailboxCrossPremise)
{
throw new InvalidOperationException("This is not an enabled remote mailbox.");
}
if (this.xropTokenRequest == null)
{
throw new InvalidOperationException("We shouldn't be requesting DelegationTokenRequest for misconfigured remote mailbox properties.");
}
FedOrgCredentials organizationCredentials = new FedOrgCredentials(this.xropTokenRequest, extAuth.GetSecurityTokenService(this.adUser.OrganizationId));
return(new FederatedClientCredentials(this.xropUserFederatedIdentity, this.xropUserEmailAddress, organizationCredentials));
}
protected virtual bool TryGetExchangeRpcUrlFromAutodiscoverSettings(SmtpAddress remoteIdentity, SecurityTokenService securityTokenService, DelegationTokenRequest autoDiscoveryTokenRequest, Uri autoDiscoveryEndpoint, out Uri exchangeRpcUrl)
{
exchangeRpcUrl = null;
FedOrgCredentials credentials = new FedOrgCredentials(autoDiscoveryTokenRequest, securityTokenService);
bool result;
using (AutoDiscoverUserSettingsClient autoDiscoverUserSettingsClient = AutoDiscoverUserSettingsClient.CreateInstance(DirectorySessionFactory.Default.CreateTopologyConfigurationSession(ConsistencyMode.IgnoreInvalid, this.storeSession.MailboxOwner.MailboxInfo.OrganizationId.ToADSessionSettings(), 250, "TryGetExchangeRpcUrlFromAutodiscoverSettings", "f:\\15.00.1497\\sources\\dev\\data\\src\\storage\\ExchangePrincipal\\RemoteMailboxProperties.cs"), credentials, remoteIdentity, autoDiscoveryEndpoint, RemoteMailboxProperties.AutodiscoveryRequestedSettings))
{
autoDiscoverUserSettingsClient.AnchorMailbox = this.storeSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString();
UserSettings userSettings = autoDiscoverUserSettingsClient.Discover();
StringSetting stringSetting = userSettings.GetSetting(RemoteMailboxProperties.AutodiscoveryRequestedSettings[0]) as StringSetting;
result = (stringSetting != null && Uri.TryCreate(stringSetting.Value, UriKind.Absolute, out exchangeRpcUrl));
}
return(result);
}
private void Discover(ExchangePrincipal principal, ADUser executingUser, out string ewsEndpoint, out DelegationTokenRequest ewsTokenRequest)
{
SmtpAddress value = principal.MailboxInfo.RemoteIdentity.Value;
ADSessionSettings sessionSettings = ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(OrganizationId.ForestWideOrgId);
IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(null, true, ConsistencyMode.FullyConsistent, null, sessionSettings, ConfigScopes.TenantSubTree, 168, "Discover", "f:\\15.00.1497\\sources\\dev\\data\\src\\storage\\Search\\MailboxSearch\\MailboxSearchEwsClient.cs");
ADUser aduser = null;
TransportConfigContainer transportConfigContainer = DirectorySessionFactory.Default.GetTenantOrTopologyConfigurationSession(true, ConsistencyMode.IgnoreInvalid, sessionSettings, 171, "Discover", "f:\\15.00.1497\\sources\\dev\\data\\src\\storage\\Search\\MailboxSearch\\MailboxSearchEwsClient.cs").FindSingletonConfigurationObject <TransportConfigContainer>();
if (transportConfigContainer != null && transportConfigContainer.OrganizationFederatedMailbox != SmtpAddress.NullReversePath)
{
SmtpAddress organizationFederatedMailbox = transportConfigContainer.OrganizationFederatedMailbox;
ProxyAddress proxyAddress = null;
try
{
proxyAddress = ProxyAddress.Parse(organizationFederatedMailbox.ToString());
}
catch (ArgumentException ex)
{
ExTraceGlobals.SessionTracer.TraceError <string>((long)this.GetHashCode(), "Proxy address of organization federated mailbox is invalid: {0}", ex.ToString());
}
if (proxyAddress != null && !(proxyAddress is InvalidProxyAddress))
{
aduser = (tenantOrRootOrgRecipientSession.FindByProxyAddress(proxyAddress) as ADUser);
}
}
OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get(OrganizationId.ForestWideOrgId);
OrganizationRelationship organizationRelationship = organizationIdCacheValue.GetOrganizationRelationship(value.Domain);
if (aduser == null || organizationRelationship == null)
{
throw new OrganizationNotFederatedException();
}
DelegationTokenRequest request = new DelegationTokenRequest
{
FederatedIdentity = aduser.GetFederatedIdentity(),
EmailAddress = aduser.GetFederatedSmtpAddress().ToString(),
Target = organizationRelationship.GetTokenTarget(),
Offer = Offer.Autodiscover
};
FedOrgCredentials credentials = new FedOrgCredentials(request, this.GetSecurityTokenService(aduser.OrganizationId));
Uri uri = null;
using (AutoDiscoverUserSettingsClient autoDiscoverUserSettingsClient = AutoDiscoverUserSettingsClient.CreateInstance(DirectorySessionFactory.Default.CreateTopologyConfigurationSession(ConsistencyMode.IgnoreInvalid, sessionSettings, 215, "Discover", "f:\\15.00.1497\\sources\\dev\\data\\src\\storage\\Search\\MailboxSearch\\MailboxSearchEwsClient.cs"), credentials, value, organizationRelationship.TargetAutodiscoverEpr, MailboxSearchEwsClient.AutoDiscoverRequestedSettings))
{
UserSettings userSettings = autoDiscoverUserSettingsClient.Discover();
StringSetting stringSetting = userSettings.GetSetting("ExternalEwsUrl") as StringSetting;
if (stringSetting == null || !Uri.TryCreate(stringSetting.Value, UriKind.Absolute, out uri))
{
throw new AutoDAccessException(ServerStrings.AutoDRequestFailed);
}
}
ewsEndpoint = EwsWsSecurityUrl.Fix(uri.ToString());
string text = null;
if (executingUser.EmailAddresses != null && executingUser.EmailAddresses.Count > 0)
{
List <string> federatedEmailAddresses = executingUser.GetFederatedEmailAddresses();
if (federatedEmailAddresses != null && federatedEmailAddresses.Count > 0)
{
text = federatedEmailAddresses[0];
}
}
if (string.IsNullOrEmpty(text))
{
ewsTokenRequest = new DelegationTokenRequest
{
FederatedIdentity = aduser.GetFederatedIdentity(),
EmailAddress = aduser.GetFederatedSmtpAddress().ToString(),
Target = organizationRelationship.GetTokenTarget(),
Offer = Offer.MailboxSearch
};
return;
}
ewsTokenRequest = new DelegationTokenRequest
{
FederatedIdentity = executingUser.GetFederatedIdentity(),
EmailAddress = text.ToString(),
Target = organizationRelationship.GetTokenTarget(),
Offer = Offer.MailboxSearch
};
}
public static AutoDiscoverUserSettingsClient CreateInstance(ITopologyConfigurationSession topologyConfigurationSession, FedOrgCredentials credentials, SmtpAddress identity, Uri autoDiscoveryEndpoint, string[] requestedSettings)
{
Util.ThrowOnNullArgument(credentials, "credentials");
RequestedToken token;
try
{
token = credentials.GetToken();
}
catch (WSTrustException ex)
{
string text = identity.ToString();
string text2 = ex.ToString();
StorageGlobals.EventLogger.LogEvent(StorageEventLogConstants.Tuple_AutoDiscoverFailedToAquireSecurityToken, text, new object[]
{
text,
text2
});
ExTraceGlobals.XtcTracer.TraceError <string, string>(0L, "AutoDiscover request failed for {0}, failed to aquire security token. Exception: {1}.", text, text2);
throw new AutoDAccessException(ServerStrings.AutoDFailedToGetToken, ex);
}
return(new AutoDiscoverUserSettingsClient(topologyConfigurationSession, SoapHttpClientAuthenticator.Create(token), EwsWsSecurityUrl.Fix(autoDiscoveryEndpoint), identity, requestedSettings));
}
