コード例 #1
0
        // Token: 0x0600052E RID: 1326 RVA: 0x0001CBB8 File Offset: 0x0001ADB8
        protected override Uri GetTargetBackEndServerUrl()
        {
            Uri targetBackEndServerUrl = base.GetTargetBackEndServerUrl();

            if (this.isOwa14EwsProxyRequest)
            {
                return(new UriBuilder(targetBackEndServerUrl)
                {
                    Path = "/ews/exchange.asmx",
                    Query = string.Empty
                }.Uri);
            }
            if (targetBackEndServerUrl.AbsolutePath.IndexOf("ews/Nego2", StringComparison.OrdinalIgnoreCase) >= 0)
            {
                return(new UriBuilder(targetBackEndServerUrl)
                {
                    Path = "/ews/exchange.asmx"
                }.Uri);
            }
            OAuthIdentity oauthIdentity = base.HttpContext.User.Identity as OAuthIdentity;

            if (oauthIdentity != null && !oauthIdentity.IsAppOnly && oauthIdentity.IsKnownFromSameOrgExchange && base.HttpContext.Request.UserAgent.StartsWith("ASProxy/CrossForest", StringComparison.InvariantCultureIgnoreCase))
            {
                if (FaultInjection.TraceTest <bool>((FaultInjection.LIDs) 3548785981U))
                {
                    throw new InvalidOAuthTokenException(6009, null, null);
                }
                this.proxyForSameOrgExchangeOAuthCallToLowerVersion = (base.ProxyToDownLevel || FaultInjection.TraceTest <bool>((FaultInjection.LIDs) 2357603645U) || FaultInjection.TraceTest <bool>((FaultInjection.LIDs) 3431345469U));
                if (this.proxyForSameOrgExchangeOAuthCallToLowerVersion || oauthIdentity.ActAsUser.IsUserVerified)
                {
                    this.proxyForSameOrgExchangeOAuthCallToLowerVersionWithNoSidUser = (FaultInjection.TraceTest <bool>((FaultInjection.LIDs) 3431345469U) || oauthIdentity.ActAsUser.Sid == null);
                }
            }
            return(targetBackEndServerUrl);
        }
コード例 #2
0
        internal static CommonAccessToken CommonAccessTokenForCmdletProxy(this UserToken userToken, int targetVersion)
        {
            CommonAccessToken commonAccessToken = userToken.CommonAccessToken;

            if (commonAccessToken != null)
            {
                if (userToken.AuthenticationType == AuthenticationType.OAuth && targetVersion < Server.E15MinVersion)
                {
                    OAuthIdentity               oauthIdentity = OAuthIdentitySerializer.ConvertFromCommonAccessToken(commonAccessToken);
                    SidOAuthIdentity            sidIdentity   = SidOAuthIdentity.Create(oauthIdentity);
                    CertificateSidTokenAccessor certificateSidTokenAccessor = CertificateSidTokenAccessor.Create(sidIdentity);
                    commonAccessToken = certificateSidTokenAccessor.GetToken();
                }
            }
            else
            {
                commonAccessToken = new CommonAccessToken(AccessTokenType.CertificateSid);
                ExAssert.RetailAssert(userToken.UserSid != null, "UserToken.UserSid is expected to NOT NULL when CommonAccessToken doesn't exist. UserToken = " + userToken);
                commonAccessToken.ExtensionData["UserSid"] = userToken.UserSid.ToString();
                if (userToken.PartitionId != null)
                {
                    commonAccessToken.ExtensionData["Partition"] = userToken.PartitionId.ToString();
                }
            }
            commonAccessToken.IsCompressed = true;
            return(commonAccessToken);
        }
コード例 #3
0
ファイル: OwaIdentity.cs プロジェクト: YHZX2013/exchange_diff
        protected static OwaIdentity GetOwaIdentity(IIdentity identity)
        {
            CompositeIdentity compositeIdentity = identity as CompositeIdentity;

            if (compositeIdentity != null)
            {
                ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve CompositeIdentity.");
                return(OwaCompositeIdentity.CreateFromCompositeIdentity(compositeIdentity));
            }
            WindowsIdentity windowsIdentity = identity as WindowsIdentity;

            if (windowsIdentity != null)
            {
                ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve WindowsIdentity.");
                if (windowsIdentity.IsAnonymous)
                {
                    ExTraceGlobals.CoreCallTracer.TraceError(0L, "[OwaIdentity::ResolveLogonIdentity] - Windows identity cannot be anonymous.");
                    throw new OwaIdentityException("Cannot create security context for anonymous windows identity.");
                }
                return(OwaWindowsIdentity.CreateFromWindowsIdentity(windowsIdentity));
            }
            else
            {
                LiveIDIdentity liveIDIdentity = identity as LiveIDIdentity;
                if (liveIDIdentity != null)
                {
                    ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve LiveIDIdentity.");
                    return(OwaClientSecurityContextIdentity.CreateFromLiveIDIdentity(liveIDIdentity));
                }
                WindowsTokenIdentity windowsTokenIdentity = identity as WindowsTokenIdentity;
                if (windowsTokenIdentity != null)
                {
                    ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve WindowsTokenIdentity.");
                    return(OwaClientSecurityContextIdentity.CreateFromClientSecurityContextIdentity(windowsTokenIdentity));
                }
                OAuthIdentity oauthIdentity = identity as OAuthIdentity;
                if (oauthIdentity != null)
                {
                    ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve OAuthIdentity.");
                    return(OwaClientSecurityContextIdentity.CreateFromOAuthIdentity(oauthIdentity));
                }
                AdfsIdentity adfsIdentity = identity as AdfsIdentity;
                if (adfsIdentity != null)
                {
                    ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve AdfsIdentity.");
                    return(OwaClientSecurityContextIdentity.CreateFromAdfsIdentity(identity as AdfsIdentity));
                }
                SidBasedIdentity sidBasedIdentity = identity as SidBasedIdentity;
                if (sidBasedIdentity != null)
                {
                    ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "[OwaIdentity::ResolveLogonIdentity] - Trying to resolve SidBasedIdentity.");
                    return(OwaClientSecurityContextIdentity.CreateFromsidBasedIdentity(sidBasedIdentity));
                }
                ExTraceGlobals.CoreCallTracer.TraceError <Type>(0L, "[OwaIdentity::ResolveLogonIdentity] - Cannot resolve unsupported identity type: {0}.", identity.GetType());
                throw new NotSupportedException(string.Format("Unexpected identity type. {0}", identity.GetType()));
            }
        }
コード例 #4
0
 // Token: 0x060004C4 RID: 1220 RVA: 0x0001D5B0 File Offset: 0x0001B7B0
 private static ClientSecurityContext ClientSecurityContextFromIdentity(IIdentity identity)
 {
     if (GlobalSettings.UseOAuthMasterSidForSecurityContext)
     {
         OAuthIdentity oauthIdentity = identity as OAuthIdentity;
         if (oauthIdentity != null && oauthIdentity.ActAsUser != null && oauthIdentity.ActAsUser.MasterAccountSid != null)
         {
             return(new GenericSidIdentity(oauthIdentity.ActAsUser.MasterAccountSid.ToString(), oauthIdentity.AuthenticationType, oauthIdentity.ActAsUser.MasterAccountSid).CreateClientSecurityContext());
         }
     }
     return(identity.CreateClientSecurityContext(true));
 }
コード例 #5
0
        public static CommonAccessToken FixupCommonAccessToken(HttpContext httpContext, int targetVersion)
        {
            if (!httpContext.Request.IsAuthenticated)
            {
                return(null);
            }
            CommonAccessToken commonAccessToken = null;

            try
            {
                if (httpContext.User.Identity is OAuthIdentity)
                {
                    OAuthIdentity oauthIdentity = httpContext.User.Identity as OAuthIdentity;
                    commonAccessToken = oauthIdentity.ToCommonAccessToken(targetVersion);
                }
                else if (httpContext.User is DelegatedPrincipal)
                {
                    commonAccessToken = new CommonAccessToken(AccessTokenType.RemotePowerShellDelegated);
                    commonAccessToken.ExtensionData["DelegatedData"] = ((DelegatedPrincipal)httpContext.User).Identity.GetSafeName(true);
                }
                else
                {
                    CommonAccessToken commonAccessToken2 = httpContext.Items["Item-CommonAccessToken"] as CommonAccessToken;
                    if (commonAccessToken2 != null)
                    {
                        return(commonAccessToken2);
                    }
                    if (httpContext.User.Identity is WindowsIdentity)
                    {
                        WindowsIdentity windowsIdentity = httpContext.User.Identity as WindowsIdentity;
                        string          value           = httpContext.Items[Constants.WLIDMemberName] as string;
                        if (!string.IsNullOrEmpty(value))
                        {
                            commonAccessToken = new CommonAccessToken(AccessTokenType.LiveIdNego2);
                            commonAccessToken.ExtensionData["UserSid"]    = windowsIdentity.User.ToString();
                            commonAccessToken.ExtensionData["MemberName"] = value;
                        }
                        else
                        {
                            commonAccessToken = new CommonAccessToken(windowsIdentity);
                        }
                    }
                }
            }
            catch (CommonAccessTokenException arg)
            {
                ExTraceGlobals.BriefTracer.TraceError <string, CommonAccessTokenException>(0L, "[AspNetHelper::FixupCommonAccessToken] Error encountered when creating CommonAccessToken from current logong identity. User: {0} Exception: {1}.", httpContext.User.Identity.GetSafeName(true), arg);
                throw new HttpProxyException(HttpStatusCode.Unauthorized, HttpProxySubErrorCode.UserNotFound, string.Format("Error encountered when creating common access token. User: {0}", httpContext.User.Identity.GetSafeName(true)));
            }
            return(commonAccessToken);
        }
コード例 #6
0
ファイル: OAuthHelper.cs プロジェクト: YHZX2013/exchange_diff
        public static KeyValuePair <string, string>?GetOAuthUserConstraint(IIdentity logonUser)
        {
            SidOAuthIdentity sidOAuthIdentity = (logonUser as SidOAuthIdentity) ?? (HttpContext.Current.Items["LogonUserIdentity"] as SidOAuthIdentity);
            OAuthIdentity    oauthIdentity    = (sidOAuthIdentity != null) ? sidOAuthIdentity.OAuthIdentity : (logonUser as OAuthIdentity);

            if (oauthIdentity != null)
            {
                string value = null;
                if (oauthIdentity.OAuthApplication == null || oauthIdentity.OAuthApplication.PartnerApplication == null || !OAuthHelper.parterIdToNameMap.TryGetValue(oauthIdentity.OAuthApplication.PartnerApplication.ApplicationIdentifier, out value))
                {
                    value = "OAuthACS.UnknownPartner";
                }
                return(new KeyValuePair <string, string>?(new KeyValuePair <string, string>("AuthMethod", value)));
            }
            return(null);
        }
コード例 #7
0
        protected override void AddProtocolSpecificHeadersToServerRequest(WebHeaderCollection headers)
        {
            base.AddProtocolSpecificHeadersToServerRequest(headers);
            OAuthIdentity oauthIdentity = base.HttpContext.User.Identity as OAuthIdentity;

            if (oauthIdentity != null)
            {
                if (oauthIdentity.IsAppOnly)
                {
                    throw new HttpException(403, "unsupported scenario");
                }
                if (oauthIdentity.OrganizationId.OrganizationalUnit != null)
                {
                    headers[WellKnownHeader.WLIDMemberName] = "dummy@" + oauthIdentity.OrganizationId.OrganizationalUnit.Name;
                }
            }
        }
コード例 #8
0
        internal static OwaClientSecurityContextIdentity CreateFromOAuthIdentity(OAuthIdentity oauthIdentity)
        {
            if (oauthIdentity == null)
            {
                throw new ArgumentNullException("oauthIdentity");
            }
            ExAssert.RetailAssert(!oauthIdentity.IsAppOnly, "IsApplyOnly cannot be null in OAuthIdentity.");
            ExAssert.RetailAssert(oauthIdentity.ActAsUser != null, "ActAsUser cannot be null in OAuthIdentity.");
            string partitionId = string.Empty;

            if (!(oauthIdentity.OrganizationId == null) && !(oauthIdentity.OrganizationId.PartitionId == null))
            {
                partitionId = oauthIdentity.OrganizationId.PartitionId.ToString();
            }
            SidBasedIdentity cscIdentity = new SidBasedIdentity(oauthIdentity.ActAsUser.UserPrincipalName, oauthIdentity.ActAsUser.Sid.Value, oauthIdentity.ActAsUser.UserPrincipalName, oauthIdentity.AuthenticationType, partitionId)
            {
                UserOrganizationId = oauthIdentity.OrganizationId
            };

            return(OwaClientSecurityContextIdentity.InternalCreateFromClientSecurityContextIdentity(cscIdentity, oauthIdentity.ActAsUser.UserPrincipalName, null));
        }
コード例 #9
0
        private bool AuthorizeOAuthRequest(out string errorMsg)
        {
            OAuthIdentity oauthIdentity = base.HttpContext.User.Identity as OAuthIdentity;
            string        empty         = string.Empty;

            errorMsg = string.Empty;
            if (oauthIdentity != null && base.TryGetTenantDomain("organization", out empty))
            {
                string text = string.Empty;
                if (oauthIdentity.OrganizationId != null)
                {
                    text = oauthIdentity.OrganizationId.ConfigurationUnit.ToString();
                }
                if (!string.IsNullOrEmpty(text) && string.Compare(text, empty, true) != 0)
                {
                    errorMsg = string.Format("{0} is not a authorized tenant. The authorized tenant is {1}", empty, text);
                    return(false);
                }
            }
            return(true);
        }
コード例 #10
0
        public override string VerifyToken(HttpRequestBase request, out object tokenData)
        {
            dynamic userData;

            try
            {
                userData = GetUserDataFromToken(request);
            }
            catch (Exception)
            {
                throw new InvalidOperationException("Google OAuth error: cannot parse user data from the request.");
            }

            tokenData = new OAuthIdentity
            {
                Identifier = userData.sub,
                Email      = userData.email,
                Username   = userData.sub,
                FullName   = userData.name,
                AvatarUrl  = userData.picture
            };

            return(userData.sub);
        }
コード例 #11
0
        // Token: 0x060000EB RID: 235 RVA: 0x00005DD4 File Offset: 0x00003FD4
        private static AnchorMailbox CreateFromLogonIdentity(IRequestContext requestContext)
        {
            HttpContext httpContext = requestContext.HttpContext;
            IPrincipal  user        = httpContext.User;
            IIdentity   identity    = httpContext.User.Identity;
            string      text;

            HttpContextItemParser.TryGetLiveIdMemberName(httpContext.Items, ref text);
            OAuthIdentity oauthIdentity = identity as OAuthIdentity;

            if (oauthIdentity != null)
            {
                string externalDirectoryObjectId;
                if (RequestHeaderParser.TryGetExternalDirectoryObjectId(httpContext.Request.Headers, ref externalDirectoryObjectId))
                {
                    requestContext.Logger.SafeSet(3, "OAuthIdentity-ExternalDirectoryObjectId");
                    return(new ExternalDirectoryObjectIdAnchorMailbox(externalDirectoryObjectId, oauthIdentity.OrganizationId, requestContext));
                }
                if (oauthIdentity.ActAsUser != null)
                {
                    requestContext.Logger.SafeSet(3, "OAuthIdentity-ActAsUser");
                    return(new OAuthActAsUserAnchorMailbox(oauthIdentity.ActAsUser, requestContext));
                }
                requestContext.Logger.SafeSet(3, "OAuthIdentity-AppOrganization");
                return(new OrganizationAnchorMailbox(oauthIdentity.OrganizationId, requestContext));
            }
            else
            {
                GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity;
                if (genericSidIdentity != null)
                {
                    requestContext.Logger.SafeSet(3, "GenericSidIdentity");
                    return(new SidAnchorMailbox(genericSidIdentity.Sid, requestContext)
                    {
                        PartitionId = genericSidIdentity.PartitionId,
                        SmtpOrLiveId = text
                    });
                }
                DelegatedPrincipal delegatedPrincipal = user as DelegatedPrincipal;
                if (delegatedPrincipal != null && delegatedPrincipal.DelegatedOrganization != null && string.IsNullOrEmpty(text))
                {
                    requestContext.Logger.SafeSet(3, "DelegatedPrincipal-DelegatedOrganization");
                    return(new DomainAnchorMailbox(delegatedPrincipal.DelegatedOrganization, requestContext));
                }
                WindowsIdentity windowsIdentity = identity as WindowsIdentity;
                if (windowsIdentity != null)
                {
                    if (string.IsNullOrEmpty(text))
                    {
                        requestContext.Logger.SafeSet(3, "WindowsIdentity");
                    }
                    else
                    {
                        requestContext.Logger.SafeSet(3, "WindowsIdentity-LiveIdMemberName");
                    }
                    return(new SidAnchorMailbox(windowsIdentity.User, requestContext)
                    {
                        SmtpOrLiveId = text
                    });
                }
                SecurityIdentifier securityIdentifier = null;
                if (IIdentityExtensions.TryGetSecurityIdentifier(identity, ref securityIdentifier) && !securityIdentifier.Equals(AuthCommon.MemberNameNullSid))
                {
                    if (string.IsNullOrEmpty(text))
                    {
                        requestContext.Logger.SafeSet(3, "SID");
                    }
                    else
                    {
                        requestContext.Logger.SafeSet(3, "SID-LiveIdMemberName");
                    }
                    return(new SidAnchorMailbox(securityIdentifier, requestContext)
                    {
                        SmtpOrLiveId = text
                    });
                }
                if (!HttpProxySettings.IdentityIndependentAuthBehaviorEnabled.Value && requestContext.AuthBehavior.AuthState != AuthState.FrontEndFullAuth)
                {
                    AnchorMailbox anchorMailbox = requestContext.AuthBehavior.CreateAuthModuleSpecificAnchorMailbox(requestContext);
                    if (anchorMailbox != null)
                    {
                        return(anchorMailbox);
                    }
                }
                if (!string.IsNullOrEmpty(text) && SmtpAddress.IsValidSmtpAddress(text))
                {
                    requestContext.Logger.SafeSet(3, "Smtp-LiveIdMemberName");
                    return(new SmtpAnchorMailbox(text, requestContext));
                }
                throw new InvalidOperationException(string.Format("Unknown idenity {0} with type {1}.", IIdentityExtensions.GetSafeName(identity, true), identity.ToString()));
            }
        }
コード例 #12
0
        private static AnchorMailbox CreateFromLogonIdentity(IRequestContext requestContext)
        {
            HttpContext   httpContext   = requestContext.HttpContext;
            IPrincipal    user          = httpContext.User;
            IIdentity     identity      = httpContext.User.Identity;
            string        text          = httpContext.Items[Constants.WLIDMemberName] as string;
            OAuthIdentity oauthIdentity = identity as OAuthIdentity;

            if (oauthIdentity != null)
            {
                string text2 = httpContext.Request.Headers[Constants.ExternalDirectoryObjectIdHeaderName];
                if (!string.IsNullOrEmpty(text2))
                {
                    requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-ExternalDirectoryObjectId");
                    return(new ExternalDirectoryObjectIdAnchorMailbox(text2, oauthIdentity.OrganizationId, requestContext));
                }
                if (oauthIdentity.ActAsUser != null)
                {
                    requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-ActAsUser");
                    return(new OAuthActAsUserAnchorMailbox(oauthIdentity.ActAsUser, requestContext));
                }
                requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-AppOrganization");
                return(new OrganizationAnchorMailbox(oauthIdentity.OrganizationId, requestContext));
            }
            else
            {
                GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity;
                if (genericSidIdentity != null)
                {
                    requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "GenericSidIdentity");
                    return(new SidAnchorMailbox(genericSidIdentity.Sid, requestContext)
                    {
                        PartitionId = genericSidIdentity.PartitionId,
                        SmtpOrLiveId = text
                    });
                }
                DelegatedPrincipal delegatedPrincipal = user as DelegatedPrincipal;
                if (delegatedPrincipal != null && delegatedPrincipal.DelegatedOrganization != null && string.IsNullOrEmpty(text))
                {
                    requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "DelegatedPrincipal-DelegatedOrganization");
                    return(new DomainAnchorMailbox(delegatedPrincipal.DelegatedOrganization, requestContext));
                }
                WindowsIdentity windowsIdentity = identity as WindowsIdentity;
                if (windowsIdentity != null)
                {
                    if (string.IsNullOrEmpty(text))
                    {
                        requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "WindowsIdentity");
                    }
                    else
                    {
                        requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "WindowsIdentity-LiveIdMemberName");
                    }
                    return(new SidAnchorMailbox(windowsIdentity.User, requestContext)
                    {
                        SmtpOrLiveId = text
                    });
                }
                try
                {
                    SecurityIdentifier securityIdentifier = identity.GetSecurityIdentifier();
                    if (!securityIdentifier.Equals(AuthCommon.MemberNameNullSid))
                    {
                        if (string.IsNullOrEmpty(text))
                        {
                            requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "SID");
                        }
                        else
                        {
                            requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "SID-LiveIdMemberName");
                        }
                        return(new SidAnchorMailbox(securityIdentifier, requestContext)
                        {
                            SmtpOrLiveId = text
                        });
                    }
                }
                catch (Exception)
                {
                }
                if (requestContext.AuthBehavior.AuthState != AuthState.FrontEndFullAuth)
                {
                    AnchorMailbox anchorMailbox = requestContext.AuthBehavior.CreateAuthModuleSpecificAnchorMailbox(requestContext);
                    if (anchorMailbox != null)
                    {
                        return(anchorMailbox);
                    }
                }
                if (!string.IsNullOrEmpty(text))
                {
                    requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "Smtp-LiveIdMemberName");
                    return(new SmtpAnchorMailbox(text, requestContext));
                }
                throw new InvalidOperationException(string.Format("Unknown idenity {0} with type {1}.", identity.GetSafeName(true), identity.ToString()));
            }
        }
コード例 #13
0
        public override bool IsFullyAuthenticated()
        {
            OAuthIdentity oauthIdentity = base.HttpContext.User.Identity as OAuthIdentity;

            return(oauthIdentity != null);
        }