// Token: 0x0600052E RID: 1326 RVA: 0x0001CBB8 File Offset: 0x0001ADB8 protected override Uri GetTargetBackEndServerUrl() { Uri targetBackEndServerUrl = base.GetTargetBackEndServerUrl(); if (this.isOwa14EwsProxyRequest) { return(new UriBuilder(targetBackEndServerUrl) { Path = "/ews/exchange.asmx", Query = string.Empty }.Uri); } if (targetBackEndServerUrl.AbsolutePath.IndexOf("ews/Nego2", StringComparison.OrdinalIgnoreCase) >= 0) { return(new UriBuilder(targetBackEndServerUrl) { Path = "/ews/exchange.asmx" }.Uri); } OAuthIdentity oauthIdentity = base.HttpContext.User.Identity as OAuthIdentity; if (oauthIdentity != null && !oauthIdentity.IsAppOnly && oauthIdentity.IsKnownFromSameOrgExchange && base.HttpContext.Request.UserAgent.StartsWith("ASProxy/CrossForest", StringComparison.InvariantCultureIgnoreCase)) { if (FaultInjection.TraceTest <bool>((FaultInjection.LIDs) 3548785981U)) { throw new InvalidOAuthTokenException(6009, null, null); } this.proxyForSameOrgExchangeOAuthCallToLowerVersion = (base.ProxyToDownLevel || FaultInjection.TraceTest <bool>((FaultInjection.LIDs) 2357603645U) || FaultInjection.TraceTest <bool>((FaultInjection.LIDs) 3431345469U)); if (this.proxyForSameOrgExchangeOAuthCallToLowerVersion || oauthIdentity.ActAsUser.IsUserVerified) { this.proxyForSameOrgExchangeOAuthCallToLowerVersionWithNoSidUser = (FaultInjection.TraceTest <bool>((FaultInjection.LIDs) 3431345469U) || oauthIdentity.ActAsUser.Sid == null); } } return(targetBackEndServerUrl); }
internal static CommonAccessToken CommonAccessTokenForCmdletProxy(this UserToken userToken, int targetVersion) { CommonAccessToken commonAccessToken = userToken.CommonAccessToken; if (commonAccessToken != null) { if (userToken.AuthenticationType == AuthenticationType.OAuth && targetVersion < Server.E15MinVersion) { OAuthIdentity oauthIdentity = OAuthIdentitySerializer.ConvertFromCommonAccessToken(commonAccessToken); SidOAuthIdentity sidIdentity = SidOAuthIdentity.Create(oauthIdentity); CertificateSidTokenAccessor certificateSidTokenAccessor = CertificateSidTokenAccessor.Create(sidIdentity); commonAccessToken = certificateSidTokenAccessor.GetToken(); } } else { commonAccessToken = new CommonAccessToken(AccessTokenType.CertificateSid); ExAssert.RetailAssert(userToken.UserSid != null, "UserToken.UserSid is expected to NOT NULL when CommonAccessToken doesn't exist. UserToken = " + userToken); commonAccessToken.ExtensionData["UserSid"] = userToken.UserSid.ToString(); if (userToken.PartitionId != null) { commonAccessToken.ExtensionData["Partition"] = userToken.PartitionId.ToString(); } } commonAccessToken.IsCompressed = true; return(commonAccessToken); }
protected static OwaIdentity GetOwaIdentity(IIdentity identity) { CompositeIdentity compositeIdentity = identity as CompositeIdentity; if (compositeIdentity != null) { ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve CompositeIdentity."); return(OwaCompositeIdentity.CreateFromCompositeIdentity(compositeIdentity)); } WindowsIdentity windowsIdentity = identity as WindowsIdentity; if (windowsIdentity != null) { ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve WindowsIdentity."); if (windowsIdentity.IsAnonymous) { ExTraceGlobals.CoreCallTracer.TraceError(0L, "[OwaIdentity::ResolveLogonIdentity] - Windows identity cannot be anonymous."); throw new OwaIdentityException("Cannot create security context for anonymous windows identity."); } return(OwaWindowsIdentity.CreateFromWindowsIdentity(windowsIdentity)); } else { LiveIDIdentity liveIDIdentity = identity as LiveIDIdentity; if (liveIDIdentity != null) { ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve LiveIDIdentity."); return(OwaClientSecurityContextIdentity.CreateFromLiveIDIdentity(liveIDIdentity)); } WindowsTokenIdentity windowsTokenIdentity = identity as WindowsTokenIdentity; if (windowsTokenIdentity != null) { ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve WindowsTokenIdentity."); return(OwaClientSecurityContextIdentity.CreateFromClientSecurityContextIdentity(windowsTokenIdentity)); } OAuthIdentity oauthIdentity = identity as OAuthIdentity; if (oauthIdentity != null) { ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve OAuthIdentity."); return(OwaClientSecurityContextIdentity.CreateFromOAuthIdentity(oauthIdentity)); } AdfsIdentity adfsIdentity = identity as AdfsIdentity; if (adfsIdentity != null) { ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve AdfsIdentity."); return(OwaClientSecurityContextIdentity.CreateFromAdfsIdentity(identity as AdfsIdentity)); } SidBasedIdentity sidBasedIdentity = identity as SidBasedIdentity; if (sidBasedIdentity != null) { ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve SidBasedIdentity."); return(OwaClientSecurityContextIdentity.CreateFromsidBasedIdentity(sidBasedIdentity)); } ExTraceGlobals.CoreCallTracer.TraceError <Type>(0L, "[OwaIdentity::ResolveLogonIdentity] - Cannot resolve unsupported identity type: {0}.", identity.GetType()); throw new NotSupportedException(string.Format("Unexpected identity type. {0}", identity.GetType())); } }
// Token: 0x060004C4 RID: 1220 RVA: 0x0001D5B0 File Offset: 0x0001B7B0 private static ClientSecurityContext ClientSecurityContextFromIdentity(IIdentity identity) { if (GlobalSettings.UseOAuthMasterSidForSecurityContext) { OAuthIdentity oauthIdentity = identity as OAuthIdentity; if (oauthIdentity != null && oauthIdentity.ActAsUser != null && oauthIdentity.ActAsUser.MasterAccountSid != null) { return(new GenericSidIdentity(oauthIdentity.ActAsUser.MasterAccountSid.ToString(), oauthIdentity.AuthenticationType, oauthIdentity.ActAsUser.MasterAccountSid).CreateClientSecurityContext()); } } return(identity.CreateClientSecurityContext(true)); }
public static CommonAccessToken FixupCommonAccessToken(HttpContext httpContext, int targetVersion) { if (!httpContext.Request.IsAuthenticated) { return(null); } CommonAccessToken commonAccessToken = null; try { if (httpContext.User.Identity is OAuthIdentity) { OAuthIdentity oauthIdentity = httpContext.User.Identity as OAuthIdentity; commonAccessToken = oauthIdentity.ToCommonAccessToken(targetVersion); } else if (httpContext.User is DelegatedPrincipal) { commonAccessToken = new CommonAccessToken(AccessTokenType.RemotePowerShellDelegated); commonAccessToken.ExtensionData["DelegatedData"] = ((DelegatedPrincipal)httpContext.User).Identity.GetSafeName(true); } else { CommonAccessToken commonAccessToken2 = httpContext.Items["Item-CommonAccessToken"] as CommonAccessToken; if (commonAccessToken2 != null) { return(commonAccessToken2); } if (httpContext.User.Identity is WindowsIdentity) { WindowsIdentity windowsIdentity = httpContext.User.Identity as WindowsIdentity; string value = httpContext.Items[Constants.WLIDMemberName] as string; if (!string.IsNullOrEmpty(value)) { commonAccessToken = new CommonAccessToken(AccessTokenType.LiveIdNego2); commonAccessToken.ExtensionData["UserSid"] = windowsIdentity.User.ToString(); commonAccessToken.ExtensionData["MemberName"] = value; } else { commonAccessToken = new CommonAccessToken(windowsIdentity); } } } } catch (CommonAccessTokenException arg) { ExTraceGlobals.BriefTracer.TraceError <string, CommonAccessTokenException>(0L, "[AspNetHelper::FixupCommonAccessToken] Error encountered when creating CommonAccessToken from current logong identity. User: {0} Exception: {1}.", httpContext.User.Identity.GetSafeName(true), arg); throw new HttpProxyException(HttpStatusCode.Unauthorized, HttpProxySubErrorCode.UserNotFound, string.Format("Error encountered when creating common access token. User: {0}", httpContext.User.Identity.GetSafeName(true))); } return(commonAccessToken); }
public static KeyValuePair <string, string>?GetOAuthUserConstraint(IIdentity logonUser) { SidOAuthIdentity sidOAuthIdentity = (logonUser as SidOAuthIdentity) ?? (HttpContext.Current.Items["LogonUserIdentity"] as SidOAuthIdentity); OAuthIdentity oauthIdentity = (sidOAuthIdentity != null) ? sidOAuthIdentity.OAuthIdentity : (logonUser as OAuthIdentity); if (oauthIdentity != null) { string value = null; if (oauthIdentity.OAuthApplication == null || oauthIdentity.OAuthApplication.PartnerApplication == null || !OAuthHelper.parterIdToNameMap.TryGetValue(oauthIdentity.OAuthApplication.PartnerApplication.ApplicationIdentifier, out value)) { value = "OAuthACS.UnknownPartner"; } return(new KeyValuePair <string, string>?(new KeyValuePair <string, string>("AuthMethod", value))); } return(null); }
protected override void AddProtocolSpecificHeadersToServerRequest(WebHeaderCollection headers) { base.AddProtocolSpecificHeadersToServerRequest(headers); OAuthIdentity oauthIdentity = base.HttpContext.User.Identity as OAuthIdentity; if (oauthIdentity != null) { if (oauthIdentity.IsAppOnly) { throw new HttpException(403, "unsupported scenario"); } if (oauthIdentity.OrganizationId.OrganizationalUnit != null) { headers[WellKnownHeader.WLIDMemberName] = "dummy@" + oauthIdentity.OrganizationId.OrganizationalUnit.Name; } } }
internal static OwaClientSecurityContextIdentity CreateFromOAuthIdentity(OAuthIdentity oauthIdentity) { if (oauthIdentity == null) { throw new ArgumentNullException("oauthIdentity"); } ExAssert.RetailAssert(!oauthIdentity.IsAppOnly, "IsApplyOnly cannot be null in OAuthIdentity."); ExAssert.RetailAssert(oauthIdentity.ActAsUser != null, "ActAsUser cannot be null in OAuthIdentity."); string partitionId = string.Empty; if (!(oauthIdentity.OrganizationId == null) && !(oauthIdentity.OrganizationId.PartitionId == null)) { partitionId = oauthIdentity.OrganizationId.PartitionId.ToString(); } SidBasedIdentity cscIdentity = new SidBasedIdentity(oauthIdentity.ActAsUser.UserPrincipalName, oauthIdentity.ActAsUser.Sid.Value, oauthIdentity.ActAsUser.UserPrincipalName, oauthIdentity.AuthenticationType, partitionId) { UserOrganizationId = oauthIdentity.OrganizationId }; return(OwaClientSecurityContextIdentity.InternalCreateFromClientSecurityContextIdentity(cscIdentity, oauthIdentity.ActAsUser.UserPrincipalName, null)); }
private bool AuthorizeOAuthRequest(out string errorMsg) { OAuthIdentity oauthIdentity = base.HttpContext.User.Identity as OAuthIdentity; string empty = string.Empty; errorMsg = string.Empty; if (oauthIdentity != null && base.TryGetTenantDomain("organization", out empty)) { string text = string.Empty; if (oauthIdentity.OrganizationId != null) { text = oauthIdentity.OrganizationId.ConfigurationUnit.ToString(); } if (!string.IsNullOrEmpty(text) && string.Compare(text, empty, true) != 0) { errorMsg = string.Format("{0} is not a authorized tenant. The authorized tenant is {1}", empty, text); return(false); } } return(true); }
public override string VerifyToken(HttpRequestBase request, out object tokenData) { dynamic userData; try { userData = GetUserDataFromToken(request); } catch (Exception) { throw new InvalidOperationException("Google OAuth error: cannot parse user data from the request."); } tokenData = new OAuthIdentity { Identifier = userData.sub, Email = userData.email, Username = userData.sub, FullName = userData.name, AvatarUrl = userData.picture }; return(userData.sub); }
// Token: 0x060000EB RID: 235 RVA: 0x00005DD4 File Offset: 0x00003FD4 private static AnchorMailbox CreateFromLogonIdentity(IRequestContext requestContext) { HttpContext httpContext = requestContext.HttpContext; IPrincipal user = httpContext.User; IIdentity identity = httpContext.User.Identity; string text; HttpContextItemParser.TryGetLiveIdMemberName(httpContext.Items, ref text); OAuthIdentity oauthIdentity = identity as OAuthIdentity; if (oauthIdentity != null) { string externalDirectoryObjectId; if (RequestHeaderParser.TryGetExternalDirectoryObjectId(httpContext.Request.Headers, ref externalDirectoryObjectId)) { requestContext.Logger.SafeSet(3, "OAuthIdentity-ExternalDirectoryObjectId"); return(new ExternalDirectoryObjectIdAnchorMailbox(externalDirectoryObjectId, oauthIdentity.OrganizationId, requestContext)); } if (oauthIdentity.ActAsUser != null) { requestContext.Logger.SafeSet(3, "OAuthIdentity-ActAsUser"); return(new OAuthActAsUserAnchorMailbox(oauthIdentity.ActAsUser, requestContext)); } requestContext.Logger.SafeSet(3, "OAuthIdentity-AppOrganization"); return(new OrganizationAnchorMailbox(oauthIdentity.OrganizationId, requestContext)); } else { GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity; if (genericSidIdentity != null) { requestContext.Logger.SafeSet(3, "GenericSidIdentity"); return(new SidAnchorMailbox(genericSidIdentity.Sid, requestContext) { PartitionId = genericSidIdentity.PartitionId, SmtpOrLiveId = text }); } DelegatedPrincipal delegatedPrincipal = user as DelegatedPrincipal; if (delegatedPrincipal != null && delegatedPrincipal.DelegatedOrganization != null && string.IsNullOrEmpty(text)) { requestContext.Logger.SafeSet(3, "DelegatedPrincipal-DelegatedOrganization"); return(new DomainAnchorMailbox(delegatedPrincipal.DelegatedOrganization, requestContext)); } WindowsIdentity windowsIdentity = identity as WindowsIdentity; if (windowsIdentity != null) { if (string.IsNullOrEmpty(text)) { requestContext.Logger.SafeSet(3, "WindowsIdentity"); } else { requestContext.Logger.SafeSet(3, "WindowsIdentity-LiveIdMemberName"); } return(new SidAnchorMailbox(windowsIdentity.User, requestContext) { SmtpOrLiveId = text }); } SecurityIdentifier securityIdentifier = null; if (IIdentityExtensions.TryGetSecurityIdentifier(identity, ref securityIdentifier) && !securityIdentifier.Equals(AuthCommon.MemberNameNullSid)) { if (string.IsNullOrEmpty(text)) { requestContext.Logger.SafeSet(3, "SID"); } else { requestContext.Logger.SafeSet(3, "SID-LiveIdMemberName"); } return(new SidAnchorMailbox(securityIdentifier, requestContext) { SmtpOrLiveId = text }); } if (!HttpProxySettings.IdentityIndependentAuthBehaviorEnabled.Value && requestContext.AuthBehavior.AuthState != AuthState.FrontEndFullAuth) { AnchorMailbox anchorMailbox = requestContext.AuthBehavior.CreateAuthModuleSpecificAnchorMailbox(requestContext); if (anchorMailbox != null) { return(anchorMailbox); } } if (!string.IsNullOrEmpty(text) && SmtpAddress.IsValidSmtpAddress(text)) { requestContext.Logger.SafeSet(3, "Smtp-LiveIdMemberName"); return(new SmtpAnchorMailbox(text, requestContext)); } throw new InvalidOperationException(string.Format("Unknown idenity {0} with type {1}.", IIdentityExtensions.GetSafeName(identity, true), identity.ToString())); } }
private static AnchorMailbox CreateFromLogonIdentity(IRequestContext requestContext) { HttpContext httpContext = requestContext.HttpContext; IPrincipal user = httpContext.User; IIdentity identity = httpContext.User.Identity; string text = httpContext.Items[Constants.WLIDMemberName] as string; OAuthIdentity oauthIdentity = identity as OAuthIdentity; if (oauthIdentity != null) { string text2 = httpContext.Request.Headers[Constants.ExternalDirectoryObjectIdHeaderName]; if (!string.IsNullOrEmpty(text2)) { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-ExternalDirectoryObjectId"); return(new ExternalDirectoryObjectIdAnchorMailbox(text2, oauthIdentity.OrganizationId, requestContext)); } if (oauthIdentity.ActAsUser != null) { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-ActAsUser"); return(new OAuthActAsUserAnchorMailbox(oauthIdentity.ActAsUser, requestContext)); } requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-AppOrganization"); return(new OrganizationAnchorMailbox(oauthIdentity.OrganizationId, requestContext)); } else { GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity; if (genericSidIdentity != null) { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "GenericSidIdentity"); return(new SidAnchorMailbox(genericSidIdentity.Sid, requestContext) { PartitionId = genericSidIdentity.PartitionId, SmtpOrLiveId = text }); } DelegatedPrincipal delegatedPrincipal = user as DelegatedPrincipal; if (delegatedPrincipal != null && delegatedPrincipal.DelegatedOrganization != null && string.IsNullOrEmpty(text)) { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "DelegatedPrincipal-DelegatedOrganization"); return(new DomainAnchorMailbox(delegatedPrincipal.DelegatedOrganization, requestContext)); } WindowsIdentity windowsIdentity = identity as WindowsIdentity; if (windowsIdentity != null) { if (string.IsNullOrEmpty(text)) { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "WindowsIdentity"); } else { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "WindowsIdentity-LiveIdMemberName"); } return(new SidAnchorMailbox(windowsIdentity.User, requestContext) { SmtpOrLiveId = text }); } try { SecurityIdentifier securityIdentifier = identity.GetSecurityIdentifier(); if (!securityIdentifier.Equals(AuthCommon.MemberNameNullSid)) { if (string.IsNullOrEmpty(text)) { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "SID"); } else { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "SID-LiveIdMemberName"); } return(new SidAnchorMailbox(securityIdentifier, requestContext) { SmtpOrLiveId = text }); } } catch (Exception) { } if (requestContext.AuthBehavior.AuthState != AuthState.FrontEndFullAuth) { AnchorMailbox anchorMailbox = requestContext.AuthBehavior.CreateAuthModuleSpecificAnchorMailbox(requestContext); if (anchorMailbox != null) { return(anchorMailbox); } } if (!string.IsNullOrEmpty(text)) { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "Smtp-LiveIdMemberName"); return(new SmtpAnchorMailbox(text, requestContext)); } throw new InvalidOperationException(string.Format("Unknown idenity {0} with type {1}.", identity.GetSafeName(true), identity.ToString())); } }
public override bool IsFullyAuthenticated() { OAuthIdentity oauthIdentity = base.HttpContext.User.Identity as OAuthIdentity; return(oauthIdentity != null); }