private void CreateInputHtmlCollection(SecureNameValueCollection collection, SecureHttpBuffer buffer, Uri redirectUrl, int majorCasVersion)
{
foreach (string text in collection)
{
buffer.CopyAtCurrentPosition("<input type='hidden' name='");
buffer.CopyAtCurrentPosition(text);
buffer.CopyAtCurrentPosition("' value='");
if (text == "password")
{
SecureString securePassword;
collection.TryGetSecureValue(text, out securePassword);
using (SecureArray <char> secureArray = securePassword.TransformToSecureCharArray(new CharTransformDelegate(FbaFormPostProxyRequestHandler.EncodeForSingleQuotedAttribute)))
{
buffer.CopyAtCurrentPosition(secureArray);
goto IL_14B;
}
goto IL_72;
}
goto IL_72;
IL_14B:
buffer.CopyAtCurrentPosition("'>");
continue;
IL_72:
string text2;
if (!(text == "destination"))
{
collection.TryGetUnsecureValue(text, out text2);
buffer.CopyAtCurrentPosition(EncodingUtilities.HtmlEncode(text2));
goto IL_14B;
}
collection.TryGetUnsecureValue(text, out text2);
Uri uri;
if (!Uri.TryCreate(text2, UriKind.Absolute, out uri))
{
throw new HttpException(400, "destination value is not valid");
}
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.Append(redirectUrl.Scheme);
stringBuilder.Append(Uri.SchemeDelimiter);
stringBuilder.Append(redirectUrl.Authority);
if (FbaFormPostProxyRequestHandler.IsOwaUrl(uri, OwaUrl.AuthPost, true))
{
stringBuilder.Append(OwaUrl.ApplicationRoot.ImplicitUrl);
}
else if (string.IsNullOrEmpty(this.explicitLogonUser))
{
stringBuilder.Append(redirectUrl.PathAndQuery);
}
else
{
stringBuilder.Append(uri.PathAndQuery);
}
buffer.CopyAtCurrentPosition(stringBuilder.ToString());
goto IL_14B;
}
}
private void CreateHtmlForSsoFba(SecureHttpBuffer buffer, SecureNameValueCollection collection, Uri redirectUrl, int majorCasVersion)
{
string noScriptHtml = FbaFormPostProxyRequestHandler.GetNoScriptHtml();
buffer.CopyAtCurrentPosition("<html><noscript>");
buffer.CopyAtCurrentPosition(noScriptHtml.ToString());
buffer.CopyAtCurrentPosition("</noscript><head><title>Continue</title><script type='text/javascript'>function OnBack(){}function DoSubmit(){var subt=false;if(!subt){subt=true;document.logonForm.submit();}}</script></head><body onload='javascript:DoSubmit();'>");
this.CreateFormHtmlForSsoFba(buffer, collection, redirectUrl, majorCasVersion);
buffer.CopyAtCurrentPosition("</body></html>");
}
private void CreateFormHtmlForSsoFba(SecureHttpBuffer buffer, SecureNameValueCollection collection, Uri redirectUrl, int majorCasVersion)
{
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.Append(redirectUrl.Scheme);
stringBuilder.Append(Uri.SchemeDelimiter);
stringBuilder.Append(redirectUrl.Authority);
stringBuilder.Append(OwaUrl.AuthDll.ImplicitUrl);
buffer.CopyAtCurrentPosition("<form name='logonForm' id='logonForm' action='");
buffer.CopyAtCurrentPosition(stringBuilder.ToString());
buffer.CopyAtCurrentPosition("' method='post' target='_top'>");
this.CreateInputHtmlCollection(collection, buffer, redirectUrl, majorCasVersion);
buffer.CopyAtCurrentPosition("</form>");
}
private void RedirectUsingSSOFBA(SecureNameValueCollection collection, Uri redirectUrl, HttpResponse response, int majorCasVersion)
{
response.StatusCode = 200;
response.Status = "200 - OK";
response.BufferOutput = false;
response.CacheControl = "no-cache";
response.Cache.SetNoStore();
HttpCookie httpCookie = new HttpCookie("PBack");
httpCookie.Value = "1";
response.Cookies.Add(httpCookie);
response.Headers.Add("X-OWA-FEError", ErrorFE.FEErrorCodes.CasRedirect.ToString());
using (SecureHttpBuffer secureHttpBuffer = new SecureHttpBuffer(1000, response))
{
this.CreateHtmlForSsoFba(secureHttpBuffer, collection, redirectUrl, majorCasVersion);
secureHttpBuffer.Flush();
response.End();
}
}
private void HandleFbaFormPost(BackEndServer backEndServer)
{
HttpContext httpContext = base.HttpContext;
HttpResponse response = httpContext.Response;
Uri uri = null;
string text = httpContext.Items["destination"] as string;
bool flag = false;
bool flag2 = false;
bool flag3 = true;
string fqdn = backEndServer.Fqdn;
int version = backEndServer.Version;
OwaServerVersion owaServerVersion = null;
bool flag4 = false;
ServiceTopology currentServiceTopology = ServiceTopology.GetCurrentServiceTopology("f:\\15.00.1497\\sources\\dev\\cafe\\src\\HttpProxy\\RequestHandlers\\FbaFormPostProxyRequestHandler.cs", "HandleFbaFormPost", 780);
Site site = currentServiceTopology.GetSite(fqdn, "f:\\15.00.1497\\sources\\dev\\cafe\\src\\HttpProxy\\RequestHandlers\\FbaFormPostProxyRequestHandler.cs", "HandleFbaFormPost", 781);
if (site != null && !site.Equals(HttpProxyGlobals.LocalSite.Member))
{
flag3 = false;
}
if (!FbaFormPostProxyRequestHandler.DisableSSORedirects)
{
owaServerVersion = OwaServerVersion.CreateFromVersionNumber(version);
if (UrlUtilities.IsEcpUrl(text) && owaServerVersion.Major < (int)ExchangeObjectVersion.Exchange2010.ExchangeBuild.Major)
{
flag = false;
flag2 = false;
}
else if (!flag3 && !UserAgentParser.IsMonitoringRequest(base.ClientRequest.UserAgent))
{
if (owaServerVersion.Major >= (int)ExchangeObjectVersion.Exchange2007.ExchangeBuild.Major)
{
FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause legacyRedirectFailureCause = FbaFormPostProxyRequestHandler.NeedCrossSiteRedirect(backEndServer, site, HttpProxyGlobals.LocalSite.Member, owaServerVersion, UrlUtilities.IsEcpUrl(text), out uri, out flag4);
string authority = base.ClientRequest.Url.Authority;
string b = (uri == null) ? string.Empty : uri.Authority;
flag2 = (legacyRedirectFailureCause != FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause.NoCasFound && !string.Equals(authority, b, StringComparison.OrdinalIgnoreCase) && (legacyRedirectFailureCause != FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause.None || uri != null));
if (uri == null && owaServerVersion.Major == (int)ExchangeObjectVersion.Exchange2007.ExchangeBuild.Major)
{
flag = (FbaFormPostProxyRequestHandler.NeedOnSiteLegacyRedirect(backEndServer, null, HttpProxyGlobals.LocalSite.Member, owaServerVersion, out uri, out flag4) != FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause.None || uri != null);
}
}
}
else
{
flag = (FbaFormPostProxyRequestHandler.NeedOnSiteLegacyRedirect(backEndServer, site, HttpProxyGlobals.LocalSite.Member, owaServerVersion, out uri, out flag4) != FbaFormPostProxyRequestHandler.LegacyRedirectFailureCause.None || uri != null);
}
}
if (flag2 || flag)
{
if (uri != null)
{
string authority2 = base.ClientRequest.Url.Authority;
string authority3 = uri.Authority;
if (string.Compare(authority2, authority3, StringComparison.OrdinalIgnoreCase) == 0)
{
throw new HttpException(403, "Redirect loop detected");
}
}
using (SecureNameValueCollection secureNameValueCollection = new SecureNameValueCollection())
{
int num = (int)base.HttpContext.Items["flags"];
secureNameValueCollection.AddUnsecureNameValue("destination", base.HttpContext.Items["destination"] as string);
secureNameValueCollection.AddUnsecureNameValue("username", base.HttpContext.Items["username"] as string);
secureNameValueCollection.AddUnsecureNameValue("flags", num.ToString(CultureInfo.InvariantCulture));
using (SecureString secureString = base.HttpContext.Items["password"] as SecureString)
{
secureNameValueCollection.AddSecureNameValue("password", secureString);
if (flag)
{
if (uri == null)
{
AspNetHelper.TransferToErrorPage(httpContext, ErrorFE.FEErrorCodes.NoLegacyCAS);
}
else if (flag4)
{
if (uri.Scheme == Uri.UriSchemeHttps)
{
ExTraceGlobals.VerboseTracer.TraceDebug <string>((long)this.GetHashCode(), "FbaFormPostProxyRequestHandler - SSO redirecting to {0}", uri.ToString());
this.RedirectUsingSSOFBA(secureNameValueCollection, uri, response, owaServerVersion.Major);
response.End();
}
else
{
AspNetHelper.TransferToErrorPage(httpContext, ErrorFE.FEErrorCodes.NoFbaSSL);
}
}
else
{
ExTraceGlobals.VerboseTracer.TraceDebug <string>((long)this.GetHashCode(), "FbaFormPostProxyRequestHandler - redirecting to {0}", uri.ToString());
base.PfdTracer.TraceRedirect("FbaAuth", uri.ToString());
response.Redirect(FbaFormPostProxyRequestHandler.CheckRedirectUrlForNewline(uri.ToString()));
}
}
else if (flag2)
{
if (uri == null)
{
AspNetHelper.TransferToErrorPage(httpContext, ErrorFE.FEErrorCodes.NoLegacyCAS);
}
else
{
Uri uri2 = uri;
if (this.explicitLogonUser != null)
{
uri2 = FbaFormPostProxyRequestHandler.AppendSmtpAddressToUrl(uri, this.explicitLogonUser);
}
if (flag4)
{
if (uri.Scheme == Uri.UriSchemeHttps)
{
ExTraceGlobals.VerboseTracer.TraceDebug <string>((long)this.GetHashCode(), "FbaFormPostProxyRequestHandler - SSO redirecting to {0}", uri.ToString());
this.RedirectUsingSSOFBA(secureNameValueCollection, uri, response, owaServerVersion.Major);
response.End();
}
else
{
AspNetHelper.TransferToErrorPage(httpContext, ErrorFE.FEErrorCodes.NoFbaSSL);
}
}
else
{
ExTraceGlobals.VerboseTracer.TraceDebug <string>((long)this.GetHashCode(), "FbaFormPostProxyRequestHandler - redirecting to {0}", uri2.ToString());
base.PfdTracer.TraceRedirect("FbaAuth", uri2.ToString());
response.Redirect(FbaFormPostProxyRequestHandler.CheckRedirectUrlForNewline(uri2.ToString()));
}
}
}
}
return;
}
}
try
{
FbaModule.SetCadataCookies(base.HttpApplication);
}
catch (MissingSslCertificateException)
{
AspNetHelper.TransferToErrorPage(httpContext, ErrorFE.FEErrorCodes.NoFbaSSL);
}
ExTraceGlobals.VerboseTracer.TraceDebug <string>((long)this.GetHashCode(), "FbaFormPostProxyRequestHandler - redirecting to {0}", text);
base.PfdTracer.TraceRedirect("FbaAuth", text);
response.Redirect(FbaFormPostProxyRequestHandler.CheckRedirectUrlForNewline(text), false);
}
private void ChangePassword()
{
SecureHtmlFormReader secureHtmlFormReader = new SecureHtmlFormReader(base.Request);
secureHtmlFormReader.AddSensitiveInputName("oldPwd");
secureHtmlFormReader.AddSensitiveInputName("newPwd1");
secureHtmlFormReader.AddSensitiveInputName("newPwd2");
SecureNameValueCollection secureNameValueCollection = null;
try
{
if (secureHtmlFormReader.TryReadSecureFormData(out secureNameValueCollection))
{
string text = null;
SecureString secureString = null;
SecureString secureString2 = null;
SecureString secureString3 = null;
try
{
secureNameValueCollection.TryGetUnsecureValue("username", out text);
secureNameValueCollection.TryGetSecureValue("oldPwd", out secureString);
secureNameValueCollection.TryGetSecureValue("newPwd1", out secureString2);
secureNameValueCollection.TryGetSecureValue("newPwd2", out secureString3);
if (text != null && secureString != null && secureString2 != null && secureString3 != null)
{
if (!ExpiredPassword.SecureStringEquals(secureString2, secureString3))
{
this.reason = ExpiredPassword.ExpiredPasswordReason.PasswordConflict;
}
else
{
switch (ExpiredPassword.ChangePasswordNUCP(text, secureString, secureString2))
{
case ExpiredPassword.ChangePasswordResult.Success:
this.reason = ExpiredPassword.ExpiredPasswordReason.None;
this.passwordChanged = true;
break;
case ExpiredPassword.ChangePasswordResult.InvalidCredentials:
this.reason = ExpiredPassword.ExpiredPasswordReason.InvalidCredentials;
break;
case ExpiredPassword.ChangePasswordResult.LockedOut:
this.reason = ExpiredPassword.ExpiredPasswordReason.LockedOut;
break;
case ExpiredPassword.ChangePasswordResult.BadNewPassword:
this.reason = ExpiredPassword.ExpiredPasswordReason.InvalidNewPassword;
break;
case ExpiredPassword.ChangePasswordResult.OtherError:
this.reason = ExpiredPassword.ExpiredPasswordReason.InvalidCredentials;
break;
}
}
}
}
finally
{
secureString.Dispose();
secureString2.Dispose();
secureString3.Dispose();
}
}
}
finally
{
if (secureNameValueCollection != null)
{
secureNameValueCollection.Dispose();
}
}
}
private bool HandleFbaAuthFormPost(HttpApplication httpApplication)
{
HttpContext context = httpApplication.Context;
HttpRequest request = context.Request;
HttpResponse response = context.Response;
if (request.GetHttpMethod() != HttpMethod.Post)
{
return(false);
}
string strB = request.Url.Segments[request.Url.Segments.Length - 1];
if (string.Compare("auth.owa", strB, StringComparison.OrdinalIgnoreCase) != 0 && string.Compare("owaauth.dll", strB, StringComparison.OrdinalIgnoreCase) != 0)
{
return(false);
}
if (string.IsNullOrEmpty(request.ContentType))
{
request.ContentType = "application/x-www-form-urlencoded";
}
SecureHtmlFormReader secureHtmlFormReader = new SecureHtmlFormReader(request);
secureHtmlFormReader.AddSensitiveInputName("password");
SecureNameValueCollection secureNameValueCollection = null;
try
{
if (!secureHtmlFormReader.TryReadSecureFormData(out secureNameValueCollection))
{
AspNetHelper.EndResponse(context, HttpStatusCode.BadRequest);
}
string text = null;
string text2 = null;
SecureString secureString = null;
string text3 = null;
secureNameValueCollection.TryGetUnsecureValue("username", out text2);
secureNameValueCollection.TryGetSecureValue("password", out secureString);
secureNameValueCollection.TryGetUnsecureValue("destination", out text);
secureNameValueCollection.TryGetUnsecureValue("flags", out text3);
if (text == null || text2 == null || secureString == null || text3 == null || !this.CheckPostDestination(text, context.Request))
{
AspNetHelper.EndResponse(context, HttpStatusCode.BadRequest);
}
this.password = secureString.Copy();
this.userName = text2;
this.destinationUrl = text;
int num;
if (int.TryParse(text3, NumberStyles.Integer, CultureInfo.InvariantCulture, out num))
{
this.flags = num;
}
else
{
this.flags = 0;
}
text2 += ":";
Encoding @default = Encoding.Default;
int maxByteCount = @default.GetMaxByteCount(text2.Length + secureString.Length);
using (SecureArray <byte> secureArray = new SecureArray <byte>(maxByteCount))
{
int num2 = @default.GetBytes(text2, 0, text2.Length, secureArray.ArrayValue, 0);
using (SecureArray <char> secureArray2 = secureString.ConvertToSecureCharArray())
{
num2 += @default.GetBytes(secureArray2.ArrayValue, 0, secureArray2.Length(), secureArray.ArrayValue, num2);
this.basicAuthString = "Basic " + Convert.ToBase64String(secureArray.ArrayValue, 0, num2);
request.Headers["Authorization"] = this.basicAuthString;
}
}
}
finally
{
if (secureNameValueCollection != null)
{
secureNameValueCollection.Dispose();
}
}
ExTraceGlobals.VerboseTracer.TraceDebug <Uri>(0L, "HandleFbaAuthFormPost - {0}", request.Url);
return(true);
}
