// Token: 0x0600052E RID: 1326 RVA: 0x0001CBB8 File Offset: 0x0001ADB8
protected override Uri GetTargetBackEndServerUrl()
{
Uri targetBackEndServerUrl = base.GetTargetBackEndServerUrl();
if (this.isOwa14EwsProxyRequest)
{
return(new UriBuilder(targetBackEndServerUrl)
{
Path = "/ews/exchange.asmx",
Query = string.Empty
}.Uri);
}
if (targetBackEndServerUrl.AbsolutePath.IndexOf("ews/Nego2", StringComparison.OrdinalIgnoreCase) >= 0)
{
return(new UriBuilder(targetBackEndServerUrl)
{
Path = "/ews/exchange.asmx"
}.Uri);
}
OAuthIdentity oauthIdentity = base.HttpContext.User.Identity as OAuthIdentity;
if (oauthIdentity != null && !oauthIdentity.IsAppOnly && oauthIdentity.IsKnownFromSameOrgExchange && base.HttpContext.Request.UserAgent.StartsWith("ASProxy/CrossForest", StringComparison.InvariantCultureIgnoreCase))
{
if (FaultInjection.TraceTest <bool>((FaultInjection.LIDs) 3548785981U))
{
throw new InvalidOAuthTokenException(6009, null, null);
}
this.proxyForSameOrgExchangeOAuthCallToLowerVersion = (base.ProxyToDownLevel || FaultInjection.TraceTest <bool>((FaultInjection.LIDs) 2357603645U) || FaultInjection.TraceTest <bool>((FaultInjection.LIDs) 3431345469U));
if (this.proxyForSameOrgExchangeOAuthCallToLowerVersion || oauthIdentity.ActAsUser.IsUserVerified)
{
this.proxyForSameOrgExchangeOAuthCallToLowerVersionWithNoSidUser = (FaultInjection.TraceTest <bool>((FaultInjection.LIDs) 3431345469U) || oauthIdentity.ActAsUser.Sid == null);
}
}
return(targetBackEndServerUrl);
}
internal static CommonAccessToken CommonAccessTokenForCmdletProxy(this UserToken userToken, int targetVersion)
{
CommonAccessToken commonAccessToken = userToken.CommonAccessToken;
if (commonAccessToken != null)
{
if (userToken.AuthenticationType == AuthenticationType.OAuth && targetVersion < Server.E15MinVersion)
{
OAuthIdentity oauthIdentity = OAuthIdentitySerializer.ConvertFromCommonAccessToken(commonAccessToken);
SidOAuthIdentity sidIdentity = SidOAuthIdentity.Create(oauthIdentity);
CertificateSidTokenAccessor certificateSidTokenAccessor = CertificateSidTokenAccessor.Create(sidIdentity);
commonAccessToken = certificateSidTokenAccessor.GetToken();
}
}
else
{
commonAccessToken = new CommonAccessToken(AccessTokenType.CertificateSid);
ExAssert.RetailAssert(userToken.UserSid != null, "UserToken.UserSid is expected to NOT NULL when CommonAccessToken doesn't exist. UserToken = " + userToken);
commonAccessToken.ExtensionData["UserSid"] = userToken.UserSid.ToString();
if (userToken.PartitionId != null)
{
commonAccessToken.ExtensionData["Partition"] = userToken.PartitionId.ToString();
}
}
commonAccessToken.IsCompressed = true;
return(commonAccessToken);
}
protected static OwaIdentity GetOwaIdentity(IIdentity identity)
{
CompositeIdentity compositeIdentity = identity as CompositeIdentity;
if (compositeIdentity != null)
{
ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve CompositeIdentity.");
return(OwaCompositeIdentity.CreateFromCompositeIdentity(compositeIdentity));
}
WindowsIdentity windowsIdentity = identity as WindowsIdentity;
if (windowsIdentity != null)
{
ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve WindowsIdentity.");
if (windowsIdentity.IsAnonymous)
{
ExTraceGlobals.CoreCallTracer.TraceError(0L, "[OwaIdentity::ResolveLogonIdentity] - Windows identity cannot be anonymous.");
throw new OwaIdentityException("Cannot create security context for anonymous windows identity.");
}
return(OwaWindowsIdentity.CreateFromWindowsIdentity(windowsIdentity));
}
else
{
LiveIDIdentity liveIDIdentity = identity as LiveIDIdentity;
if (liveIDIdentity != null)
{
ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve LiveIDIdentity.");
return(OwaClientSecurityContextIdentity.CreateFromLiveIDIdentity(liveIDIdentity));
}
WindowsTokenIdentity windowsTokenIdentity = identity as WindowsTokenIdentity;
if (windowsTokenIdentity != null)
{
ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve WindowsTokenIdentity.");
return(OwaClientSecurityContextIdentity.CreateFromClientSecurityContextIdentity(windowsTokenIdentity));
}
OAuthIdentity oauthIdentity = identity as OAuthIdentity;
if (oauthIdentity != null)
{
ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve OAuthIdentity.");
return(OwaClientSecurityContextIdentity.CreateFromOAuthIdentity(oauthIdentity));
}
AdfsIdentity adfsIdentity = identity as AdfsIdentity;
if (adfsIdentity != null)
{
ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve AdfsIdentity.");
return(OwaClientSecurityContextIdentity.CreateFromAdfsIdentity(identity as AdfsIdentity));
}
SidBasedIdentity sidBasedIdentity = identity as SidBasedIdentity;
if (sidBasedIdentity != null)
{
ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve SidBasedIdentity.");
return(OwaClientSecurityContextIdentity.CreateFromsidBasedIdentity(sidBasedIdentity));
}
ExTraceGlobals.CoreCallTracer.TraceError <Type>(0L, "[OwaIdentity::ResolveLogonIdentity] - Cannot resolve unsupported identity type: {0}.", identity.GetType());
throw new NotSupportedException(string.Format("Unexpected identity type. {0}", identity.GetType()));
}
}
// Token: 0x060004C4 RID: 1220 RVA: 0x0001D5B0 File Offset: 0x0001B7B0
private static ClientSecurityContext ClientSecurityContextFromIdentity(IIdentity identity)
{
if (GlobalSettings.UseOAuthMasterSidForSecurityContext)
{
OAuthIdentity oauthIdentity = identity as OAuthIdentity;
if (oauthIdentity != null && oauthIdentity.ActAsUser != null && oauthIdentity.ActAsUser.MasterAccountSid != null)
{
return(new GenericSidIdentity(oauthIdentity.ActAsUser.MasterAccountSid.ToString(), oauthIdentity.AuthenticationType, oauthIdentity.ActAsUser.MasterAccountSid).CreateClientSecurityContext());
}
}
return(identity.CreateClientSecurityContext(true));
}
public static CommonAccessToken FixupCommonAccessToken(HttpContext httpContext, int targetVersion)
{
if (!httpContext.Request.IsAuthenticated)
{
return(null);
}
CommonAccessToken commonAccessToken = null;
try
{
if (httpContext.User.Identity is OAuthIdentity)
{
OAuthIdentity oauthIdentity = httpContext.User.Identity as OAuthIdentity;
commonAccessToken = oauthIdentity.ToCommonAccessToken(targetVersion);
}
else if (httpContext.User is DelegatedPrincipal)
{
commonAccessToken = new CommonAccessToken(AccessTokenType.RemotePowerShellDelegated);
commonAccessToken.ExtensionData["DelegatedData"] = ((DelegatedPrincipal)httpContext.User).Identity.GetSafeName(true);
}
else
{
CommonAccessToken commonAccessToken2 = httpContext.Items["Item-CommonAccessToken"] as CommonAccessToken;
if (commonAccessToken2 != null)
{
return(commonAccessToken2);
}
if (httpContext.User.Identity is WindowsIdentity)
{
WindowsIdentity windowsIdentity = httpContext.User.Identity as WindowsIdentity;
string value = httpContext.Items[Constants.WLIDMemberName] as string;
if (!string.IsNullOrEmpty(value))
{
commonAccessToken = new CommonAccessToken(AccessTokenType.LiveIdNego2);
commonAccessToken.ExtensionData["UserSid"] = windowsIdentity.User.ToString();
commonAccessToken.ExtensionData["MemberName"] = value;
}
else
{
commonAccessToken = new CommonAccessToken(windowsIdentity);
}
}
}
}
catch (CommonAccessTokenException arg)
{
ExTraceGlobals.BriefTracer.TraceError <string, CommonAccessTokenException>(0L, "[AspNetHelper::FixupCommonAccessToken] Error encountered when creating CommonAccessToken from current logong identity. User: {0} Exception: {1}.", httpContext.User.Identity.GetSafeName(true), arg);
throw new HttpProxyException(HttpStatusCode.Unauthorized, HttpProxySubErrorCode.UserNotFound, string.Format("Error encountered when creating common access token. User: {0}", httpContext.User.Identity.GetSafeName(true)));
}
return(commonAccessToken);
}
public static KeyValuePair <string, string>?GetOAuthUserConstraint(IIdentity logonUser)
{
SidOAuthIdentity sidOAuthIdentity = (logonUser as SidOAuthIdentity) ?? (HttpContext.Current.Items["LogonUserIdentity"] as SidOAuthIdentity);
OAuthIdentity oauthIdentity = (sidOAuthIdentity != null) ? sidOAuthIdentity.OAuthIdentity : (logonUser as OAuthIdentity);
if (oauthIdentity != null)
{
string value = null;
if (oauthIdentity.OAuthApplication == null || oauthIdentity.OAuthApplication.PartnerApplication == null || !OAuthHelper.parterIdToNameMap.TryGetValue(oauthIdentity.OAuthApplication.PartnerApplication.ApplicationIdentifier, out value))
{
value = "OAuthACS.UnknownPartner";
}
return(new KeyValuePair <string, string>?(new KeyValuePair <string, string>("AuthMethod", value)));
}
return(null);
}
protected override void AddProtocolSpecificHeadersToServerRequest(WebHeaderCollection headers)
{
base.AddProtocolSpecificHeadersToServerRequest(headers);
OAuthIdentity oauthIdentity = base.HttpContext.User.Identity as OAuthIdentity;
if (oauthIdentity != null)
{
if (oauthIdentity.IsAppOnly)
{
throw new HttpException(403, "unsupported scenario");
}
if (oauthIdentity.OrganizationId.OrganizationalUnit != null)
{
headers[WellKnownHeader.WLIDMemberName] = "dummy@" + oauthIdentity.OrganizationId.OrganizationalUnit.Name;
}
}
}
internal static OwaClientSecurityContextIdentity CreateFromOAuthIdentity(OAuthIdentity oauthIdentity)
{
if (oauthIdentity == null)
{
throw new ArgumentNullException("oauthIdentity");
}
ExAssert.RetailAssert(!oauthIdentity.IsAppOnly, "IsApplyOnly cannot be null in OAuthIdentity.");
ExAssert.RetailAssert(oauthIdentity.ActAsUser != null, "ActAsUser cannot be null in OAuthIdentity.");
string partitionId = string.Empty;
if (!(oauthIdentity.OrganizationId == null) && !(oauthIdentity.OrganizationId.PartitionId == null))
{
partitionId = oauthIdentity.OrganizationId.PartitionId.ToString();
}
SidBasedIdentity cscIdentity = new SidBasedIdentity(oauthIdentity.ActAsUser.UserPrincipalName, oauthIdentity.ActAsUser.Sid.Value, oauthIdentity.ActAsUser.UserPrincipalName, oauthIdentity.AuthenticationType, partitionId)
{
UserOrganizationId = oauthIdentity.OrganizationId
};
return(OwaClientSecurityContextIdentity.InternalCreateFromClientSecurityContextIdentity(cscIdentity, oauthIdentity.ActAsUser.UserPrincipalName, null));
}
private bool AuthorizeOAuthRequest(out string errorMsg)
{
OAuthIdentity oauthIdentity = base.HttpContext.User.Identity as OAuthIdentity;
string empty = string.Empty;
errorMsg = string.Empty;
if (oauthIdentity != null && base.TryGetTenantDomain("organization", out empty))
{
string text = string.Empty;
if (oauthIdentity.OrganizationId != null)
{
text = oauthIdentity.OrganizationId.ConfigurationUnit.ToString();
}
if (!string.IsNullOrEmpty(text) && string.Compare(text, empty, true) != 0)
{
errorMsg = string.Format("{0} is not a authorized tenant. The authorized tenant is {1}", empty, text);
return(false);
}
}
return(true);
}
public override string VerifyToken(HttpRequestBase request, out object tokenData)
{
dynamic userData;
try
{
userData = GetUserDataFromToken(request);
}
catch (Exception)
{
throw new InvalidOperationException("Google OAuth error: cannot parse user data from the request.");
}
tokenData = new OAuthIdentity
{
Identifier = userData.sub,
Email = userData.email,
Username = userData.sub,
FullName = userData.name,
AvatarUrl = userData.picture
};
return(userData.sub);
}
// Token: 0x060000EB RID: 235 RVA: 0x00005DD4 File Offset: 0x00003FD4
private static AnchorMailbox CreateFromLogonIdentity(IRequestContext requestContext)
{
HttpContext httpContext = requestContext.HttpContext;
IPrincipal user = httpContext.User;
IIdentity identity = httpContext.User.Identity;
string text;
HttpContextItemParser.TryGetLiveIdMemberName(httpContext.Items, ref text);
OAuthIdentity oauthIdentity = identity as OAuthIdentity;
if (oauthIdentity != null)
{
string externalDirectoryObjectId;
if (RequestHeaderParser.TryGetExternalDirectoryObjectId(httpContext.Request.Headers, ref externalDirectoryObjectId))
{
requestContext.Logger.SafeSet(3, "OAuthIdentity-ExternalDirectoryObjectId");
return(new ExternalDirectoryObjectIdAnchorMailbox(externalDirectoryObjectId, oauthIdentity.OrganizationId, requestContext));
}
if (oauthIdentity.ActAsUser != null)
{
requestContext.Logger.SafeSet(3, "OAuthIdentity-ActAsUser");
return(new OAuthActAsUserAnchorMailbox(oauthIdentity.ActAsUser, requestContext));
}
requestContext.Logger.SafeSet(3, "OAuthIdentity-AppOrganization");
return(new OrganizationAnchorMailbox(oauthIdentity.OrganizationId, requestContext));
}
else
{
GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity;
if (genericSidIdentity != null)
{
requestContext.Logger.SafeSet(3, "GenericSidIdentity");
return(new SidAnchorMailbox(genericSidIdentity.Sid, requestContext)
{
PartitionId = genericSidIdentity.PartitionId,
SmtpOrLiveId = text
});
}
DelegatedPrincipal delegatedPrincipal = user as DelegatedPrincipal;
if (delegatedPrincipal != null && delegatedPrincipal.DelegatedOrganization != null && string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(3, "DelegatedPrincipal-DelegatedOrganization");
return(new DomainAnchorMailbox(delegatedPrincipal.DelegatedOrganization, requestContext));
}
WindowsIdentity windowsIdentity = identity as WindowsIdentity;
if (windowsIdentity != null)
{
if (string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(3, "WindowsIdentity");
}
else
{
requestContext.Logger.SafeSet(3, "WindowsIdentity-LiveIdMemberName");
}
return(new SidAnchorMailbox(windowsIdentity.User, requestContext)
{
SmtpOrLiveId = text
});
}
SecurityIdentifier securityIdentifier = null;
if (IIdentityExtensions.TryGetSecurityIdentifier(identity, ref securityIdentifier) && !securityIdentifier.Equals(AuthCommon.MemberNameNullSid))
{
if (string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(3, "SID");
}
else
{
requestContext.Logger.SafeSet(3, "SID-LiveIdMemberName");
}
return(new SidAnchorMailbox(securityIdentifier, requestContext)
{
SmtpOrLiveId = text
});
}
if (!HttpProxySettings.IdentityIndependentAuthBehaviorEnabled.Value && requestContext.AuthBehavior.AuthState != AuthState.FrontEndFullAuth)
{
AnchorMailbox anchorMailbox = requestContext.AuthBehavior.CreateAuthModuleSpecificAnchorMailbox(requestContext);
if (anchorMailbox != null)
{
return(anchorMailbox);
}
}
if (!string.IsNullOrEmpty(text) && SmtpAddress.IsValidSmtpAddress(text))
{
requestContext.Logger.SafeSet(3, "Smtp-LiveIdMemberName");
return(new SmtpAnchorMailbox(text, requestContext));
}
throw new InvalidOperationException(string.Format("Unknown idenity {0} with type {1}.", IIdentityExtensions.GetSafeName(identity, true), identity.ToString()));
}
}
private static AnchorMailbox CreateFromLogonIdentity(IRequestContext requestContext)
{
HttpContext httpContext = requestContext.HttpContext;
IPrincipal user = httpContext.User;
IIdentity identity = httpContext.User.Identity;
string text = httpContext.Items[Constants.WLIDMemberName] as string;
OAuthIdentity oauthIdentity = identity as OAuthIdentity;
if (oauthIdentity != null)
{
string text2 = httpContext.Request.Headers[Constants.ExternalDirectoryObjectIdHeaderName];
if (!string.IsNullOrEmpty(text2))
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-ExternalDirectoryObjectId");
return(new ExternalDirectoryObjectIdAnchorMailbox(text2, oauthIdentity.OrganizationId, requestContext));
}
if (oauthIdentity.ActAsUser != null)
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-ActAsUser");
return(new OAuthActAsUserAnchorMailbox(oauthIdentity.ActAsUser, requestContext));
}
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-AppOrganization");
return(new OrganizationAnchorMailbox(oauthIdentity.OrganizationId, requestContext));
}
else
{
GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity;
if (genericSidIdentity != null)
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "GenericSidIdentity");
return(new SidAnchorMailbox(genericSidIdentity.Sid, requestContext)
{
PartitionId = genericSidIdentity.PartitionId,
SmtpOrLiveId = text
});
}
DelegatedPrincipal delegatedPrincipal = user as DelegatedPrincipal;
if (delegatedPrincipal != null && delegatedPrincipal.DelegatedOrganization != null && string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "DelegatedPrincipal-DelegatedOrganization");
return(new DomainAnchorMailbox(delegatedPrincipal.DelegatedOrganization, requestContext));
}
WindowsIdentity windowsIdentity = identity as WindowsIdentity;
if (windowsIdentity != null)
{
if (string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "WindowsIdentity");
}
else
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "WindowsIdentity-LiveIdMemberName");
}
return(new SidAnchorMailbox(windowsIdentity.User, requestContext)
{
SmtpOrLiveId = text
});
}
try
{
SecurityIdentifier securityIdentifier = identity.GetSecurityIdentifier();
if (!securityIdentifier.Equals(AuthCommon.MemberNameNullSid))
{
if (string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "SID");
}
else
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "SID-LiveIdMemberName");
}
return(new SidAnchorMailbox(securityIdentifier, requestContext)
{
SmtpOrLiveId = text
});
}
}
catch (Exception)
{
}
if (requestContext.AuthBehavior.AuthState != AuthState.FrontEndFullAuth)
{
AnchorMailbox anchorMailbox = requestContext.AuthBehavior.CreateAuthModuleSpecificAnchorMailbox(requestContext);
if (anchorMailbox != null)
{
return(anchorMailbox);
}
}
if (!string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "Smtp-LiveIdMemberName");
return(new SmtpAnchorMailbox(text, requestContext));
}
throw new InvalidOperationException(string.Format("Unknown idenity {0} with type {1}.", identity.GetSafeName(true), identity.ToString()));
}
}
public override bool IsFullyAuthenticated()
{
OAuthIdentity oauthIdentity = base.HttpContext.User.Identity as OAuthIdentity;
return(oauthIdentity != null);
}
