public bool QuotaCheckAndUpdate(UserContext userContext, UserQuota quota)
{
bool flag;
lock (this.syncObject)
{
if (this.CheckConcurrentRequestQuota(quota.MaxConcurrentRequests))
{
if (this.CheckRequestPerTimeSlotQuota(quota.MaxRequestsPerTimeSlot, quota.TimeSlotSize))
{
Usage usage = this;
usage.concurrentRequests = usage.concurrentRequests + 1;
this.requests.Increment(quota.TimeSlotSize);
TraceHelper.Current.UserQuotaSucceeded(userContext.Name);
TraceHelper.Current.DebugMessage(string.Concat("Usage.QuotaCheckAndUpdate called. Concurrent requests = ", this.concurrentRequests));
flag = true;
}
else
{
DataServiceController.Current.QuotaSystem.UserQuotaViolation.Increment();
TraceHelper.Current.UserQuotaViolation(userContext.Name, "MaxRequestPerTimeSlot quota violation");
DataServiceController.Current.PerfCounters.UserQuotaViolationsPerSec.Increment();
flag = false;
}
}
else
{
DataServiceController.Current.QuotaSystem.UserQuotaViolation.Increment();
TraceHelper.Current.UserQuotaViolation(userContext.Name, "MaxConcurrentRequest quota violation");
DataServiceController.Current.PerfCounters.UserQuotaViolationsPerSec.Increment();
flag = false;
}
}
return(flag);
}
public bool IsAuthorized(UserContext userContext, Uri resourceUri)
{
SenderInfo senderInfo = new SenderInfo(userContext.GetIdentity(), userContext.ClientCertificate, resourceUri);
CustomAuthorizationHandler.CustomContext customContext = null;
TraceHelper.Current.MethodCall0("CustomAuthorizationHandler", "IsAuthorized");
try
{
using (OperationTracerWithTimeout operationTracerWithTimeout = new OperationTracerWithTimeout(new Action <string>(TraceHelper.Current.CustomAuthzCallStart), new Action <string>(TraceHelper.Current.CustomAuthzCallEnd), "AuthorizeUser", new Action <string>(TraceHelper.Current.CustomAuthzExceedTimeLimit), 30))
{
UserQuota userQuotum = null;
WindowsIdentity windowsIdentity = this.customAuthorization.AuthorizeUser(senderInfo, out userQuotum);
if (windowsIdentity != null)
{
if (userQuotum != null)
{
TraceHelper.Current.UserQuotaInformation(userContext.Name, userQuotum.MaxConcurrentRequests, userQuotum.MaxRequestsPerTimeSlot, userQuotum.TimeSlotSize);
customContext = new CustomAuthorizationHandler.CustomContext(windowsIdentity, userQuotum);
}
else
{
object[] nullQuota = new object[2];
nullQuota[0] = "CustomAuthorization.AuthorizeUser";
nullQuota[1] = Resources.NullQuota;
throw new InvalidOperationException(ExceptionHelpers.GetExceptionMessage(Resources.MethodReturnedInvalidOutput, nullQuota));
}
}
else
{
object[] nullWindowsIdentity = new object[2];
nullWindowsIdentity[0] = "CustomAuthorization.AuthorizeUser";
nullWindowsIdentity[1] = Resources.NullWindowsIdentity;
throw new InvalidOperationException(ExceptionHelpers.GetExceptionMessage(Resources.MethodReturnedInvalidOutput, nullWindowsIdentity));
}
}
}
catch (Exception exception1)
{
Exception exception = exception1;
if (!exception.IsSevereException())
{
exception.Trace(null);
}
else
{
throw;
}
}
this.customContextStore.StoreContext(customContext);
if (customContext == null || customContext.Identity == null)
{
TraceHelper.Current.AuthorizeUserRequestFailed(userContext.Name, userContext.AuthenticationType);
return(false);
}
else
{
TraceHelper.Current.AuthorizeUserRequestSucceeded(userContext.Name);
return(true);
}
}
/// <summary>
/// Authorize a user.
/// </summary>
/// <param name="senderInfo">Sender information</param>
/// <param name="userQuota">User quota value</param>
/// <returns>User context in which to execute PowerShell cmdlet</returns>
public override WindowsIdentity AuthorizeUser(SenderInfo senderInfo, out UserQuota userQuota)
{
var maxConcurrentRequests = ConfigurationManager.AppSettings["MaxConcurrentRequests"];
var maxRequestsPerTimeslot = ConfigurationManager.AppSettings["MaxRequestsPerTimeslot"];
var timeslotSize = ConfigurationManager.AppSettings["TimeslotSize"];
userQuota = new UserQuota(
maxConcurrentRequests != null ? int.Parse(maxConcurrentRequests, CultureInfo.CurrentUICulture) : DefaultMaxConcurrentRequests,
maxRequestsPerTimeslot != null ? int.Parse(maxRequestsPerTimeslot, CultureInfo.CurrentUICulture) : DefaultMaxRequestsPerTimeslot,
timeslotSize != null ? int.Parse(timeslotSize, CultureInfo.CurrentUICulture) : DefaultTimeslotSize);
return(WindowsIdentity.GetCurrent());
}
public static Account ToAccount(this User info, UserQuota quota)
{
return(new Account
{
Storage = new Storage
{
Total = quota.Quota,
Remaining = quota.Available,
Used = quota.Quota - quota.Available
},
Email = info.Emails != null ? info.Emails.Preferred : String.Empty,
Name = info.Name
});
}
public static void ProcessingRequestHandler(object source, DataServiceProcessingPipelineEventArgs args)
{
UserData userDatum = null;
TraceHelper.Current.DebugMessage("QuotaSystem.ProcessingRequestHandler entered");
if (args != null && args.OperationContext != null)
{
TraceHelper.CorrelateWithClientRequestId(args.OperationContext);
}
UserContext userContext = new UserContext(CurrentRequestHelper.Identity, CurrentRequestHelper.Certificate);
if (!DataServiceController.Current.IsRequestProcessingStarted(userContext))
{
UserDataCache.UserDataEnvelope userDataEnvelope = DataServiceController.Current.UserDataCache.Get(userContext);
using (userDataEnvelope)
{
UserQuota userQuota = DataServiceController.Current.GetUserQuota(userContext);
if (args != null)
{
Guid activityId = EtwActivity.GetActivityId();
args.OperationContext.ResponseHeaders.Add("request-id", activityId.ToString());
}
if (userDataEnvelope.Data.Usage.QuotaCheckAndUpdate(userContext, userQuota))
{
DataServiceController.Current.UserDataCache.TryLockKey(userContext, out userDatum);
}
else
{
throw new DataServiceException(0x193, ExceptionHelpers.GetDataServiceExceptionMessage(HttpStatusCode.Forbidden, Resources.UserQuotaExceeded, new object[0]));
}
}
DataServiceController.Current.SetRequestProcessingState(userContext, true);
TraceHelper.Current.RequestProcessingStart();
DataServiceController.Current.UserDataCache.Trace();
TraceHelper.Current.DebugMessage("QuotaSystem.ProcessingRequestHandler exited");
return;
}
else
{
TraceHelper.Current.DebugMessage("QuotaSystem.ProcessingRequestHandler IsRequestProcessingStarted returned true");
return;
}
}
/// <summary>
/// Authorizes a user
/// </summary>
/// <param name="senderInfo">User information</param>
/// <param name="quota">Returns user quota</param>
/// <returns>WindowsIdentity, if the user is authorized else throws an exception</returns>
public override WindowsIdentity AuthorizeUser(SenderInfo senderInfo, out UserQuota quota)
{
if ((senderInfo == null) || (senderInfo.Principal == null) || (senderInfo.Principal.Identity == null))
{
throw new ArgumentNullException("senderInfo");
}
if (senderInfo.Principal.Identity.IsAuthenticated == false)
{
throw new ArgumentException("User is not authenticated");
}
RbacUser.RbacUserInfo userInfo = null;
if (senderInfo.Principal.WindowsIdentity != null)
{
userInfo = new RbacUser.RbacUserInfo(senderInfo.Principal.WindowsIdentity);
}
else
{
userInfo = new RbacUser.RbacUserInfo(senderInfo.Principal.Identity);
}
return(RbacSystem.Current.AuthorizeUser(userInfo, out quota));
}
public string GetProperty(string propertyName, string format, CultureInfo formatProvider, UserInfo accessingUser, Scope accessLevel, ref bool propertyNotFound)
{
var outputFormat = string.Empty;
if (format == string.Empty)
{
outputFormat = "g";
}
var lowerPropertyName = propertyName.ToLowerInvariant();
if (accessLevel == Scope.NoSettings)
{
propertyNotFound = true;
return(PropertyAccess.ContentLocked);
}
propertyNotFound = true;
var result = string.Empty;
var isPublic = true;
switch (lowerPropertyName)
{
case "url":
propertyNotFound = false;
result = PropertyAccess.FormatString(PortalAlias.HTTPAlias, format);
break;
case "fullurl": //return portal alias with protocol
propertyNotFound = false;
result = PropertyAccess.FormatString(Globals.AddHTTP(PortalAlias.HTTPAlias), format);
break;
case "passwordreminderurl": //if regsiter page defined in portal settings, then get that page url, otherwise return home page.
propertyNotFound = false;
var reminderUrl = Globals.AddHTTP(PortalAlias.HTTPAlias);
if (RegisterTabId > Null.NullInteger)
{
reminderUrl = Globals.RegisterURL(string.Empty, string.Empty);
}
result = PropertyAccess.FormatString(reminderUrl, format);
break;
case "portalid":
propertyNotFound = false;
result = (PortalId.ToString(outputFormat, formatProvider));
break;
case "portalname":
propertyNotFound = false;
result = PropertyAccess.FormatString(PortalName, format);
break;
case "homedirectory":
propertyNotFound = false;
result = PropertyAccess.FormatString(HomeDirectory, format);
break;
case "homedirectorymappath":
isPublic = false;
propertyNotFound = false;
result = PropertyAccess.FormatString(HomeDirectoryMapPath, format);
break;
case "logofile":
propertyNotFound = false;
result = PropertyAccess.FormatString(LogoFile, format);
break;
case "footertext":
propertyNotFound = false;
var footerText = FooterText.Replace("[year]", DateTime.Now.Year.ToString());
result = PropertyAccess.FormatString(footerText, format);
break;
case "expirydate":
isPublic = false;
propertyNotFound = false;
result = (ExpiryDate.ToString(outputFormat, formatProvider));
break;
case "userregistration":
isPublic = false;
propertyNotFound = false;
result = (UserRegistration.ToString(outputFormat, formatProvider));
break;
case "banneradvertising":
isPublic = false;
propertyNotFound = false;
result = (BannerAdvertising.ToString(outputFormat, formatProvider));
break;
case "currency":
propertyNotFound = false;
result = PropertyAccess.FormatString(Currency, format);
break;
case "administratorid":
isPublic = false;
propertyNotFound = false;
result = (AdministratorId.ToString(outputFormat, formatProvider));
break;
case "email":
propertyNotFound = false;
result = PropertyAccess.FormatString(Email, format);
break;
case "hostfee":
isPublic = false;
propertyNotFound = false;
result = (HostFee.ToString(outputFormat, formatProvider));
break;
case "hostspace":
isPublic = false;
propertyNotFound = false;
result = (HostSpace.ToString(outputFormat, formatProvider));
break;
case "pagequota":
isPublic = false;
propertyNotFound = false;
result = (PageQuota.ToString(outputFormat, formatProvider));
break;
case "userquota":
isPublic = false;
propertyNotFound = false;
result = (UserQuota.ToString(outputFormat, formatProvider));
break;
case "administratorroleid":
isPublic = false;
propertyNotFound = false;
result = (AdministratorRoleId.ToString(outputFormat, formatProvider));
break;
case "administratorrolename":
isPublic = false;
propertyNotFound = false;
result = PropertyAccess.FormatString(AdministratorRoleName, format);
break;
case "registeredroleid":
isPublic = false;
propertyNotFound = false;
result = (RegisteredRoleId.ToString(outputFormat, formatProvider));
break;
case "registeredrolename":
isPublic = false;
propertyNotFound = false;
result = PropertyAccess.FormatString(RegisteredRoleName, format);
break;
case "description":
propertyNotFound = false;
result = PropertyAccess.FormatString(Description, format);
break;
case "keywords":
propertyNotFound = false;
result = PropertyAccess.FormatString(KeyWords, format);
break;
case "backgroundfile":
propertyNotFound = false;
result = PropertyAccess.FormatString(BackgroundFile, format);
break;
case "admintabid":
isPublic = false;
propertyNotFound = false;
result = AdminTabId.ToString(outputFormat, formatProvider);
break;
case "supertabid":
isPublic = false;
propertyNotFound = false;
result = SuperTabId.ToString(outputFormat, formatProvider);
break;
case "splashtabid":
isPublic = false;
propertyNotFound = false;
result = SplashTabId.ToString(outputFormat, formatProvider);
break;
case "hometabid":
isPublic = false;
propertyNotFound = false;
result = HomeTabId.ToString(outputFormat, formatProvider);
break;
case "logintabid":
isPublic = false;
propertyNotFound = false;
result = LoginTabId.ToString(outputFormat, formatProvider);
break;
case "registertabid":
isPublic = false;
propertyNotFound = false;
result = RegisterTabId.ToString(outputFormat, formatProvider);
break;
case "usertabid":
isPublic = false;
propertyNotFound = false;
result = UserTabId.ToString(outputFormat, formatProvider);
break;
case "defaultlanguage":
propertyNotFound = false;
result = PropertyAccess.FormatString(DefaultLanguage, format);
break;
case "users":
isPublic = false;
propertyNotFound = false;
result = Users.ToString(outputFormat, formatProvider);
break;
case "pages":
isPublic = false;
propertyNotFound = false;
result = Pages.ToString(outputFormat, formatProvider);
break;
case "contentvisible":
isPublic = false;
break;
case "controlpanelvisible":
isPublic = false;
propertyNotFound = false;
result = PropertyAccess.Boolean2LocalizedYesNo(ControlPanelVisible, formatProvider);
break;
}
if (!isPublic && accessLevel != Scope.Debug)
{
propertyNotFound = true;
result = PropertyAccess.ContentLocked;
}
return(result);
}
// Token: 0x06001244 RID: 4676 RVA: 0x00039740 File Offset: 0x00037940
public override WindowsIdentity AuthorizeUser(SenderInfo senderInfo, out UserQuota userQuota)
{
ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Enter.");
WindowsIdentity current;
try
{
if (this.IsBlockedPswsDirectInvocation())
{
AuthZLogger.SafeAppendGenericError("PswsAuthorization.AuthorizeUser", "UnAuthorized. Blocked Psws direct invocation", false);
throw new InvalidOperationException(Strings.InvalidPswsDirectInvocationBlocked);
}
CultureInfo cultureInfo = null;
if (PswsAuthZHelper.TryParseCultureInfo(HttpContext.Current.Request.Headers, out cultureInfo))
{
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Set thread culture to be {0}", cultureInfo.Name);
Thread.CurrentThread.CurrentCulture = cultureInfo;
Thread.CurrentThread.CurrentUICulture = cultureInfo;
}
IThrottlingPolicy throttlingPolicy = null;
PswsAuthZUserToken authZUserToken = null;
AuthZLogHelper.ExecuteWSManPluginAPI("PswsAuthorization.AuthorizeUser", false, true, delegate()
{
UserToken userToken = HttpContext.Current.CurrentUserToken();
authZUserToken = PswsAuthZHelper.GetAuthZPluginUserToken(userToken);
if (authZUserToken != null)
{
throttlingPolicy = authZUserToken.GetThrottlingPolicy();
}
});
ExAssert.RetailAssert(authZUserToken != null, "UnAuthorized. The user token is invalid (null).");
ExAssert.RetailAssert(throttlingPolicy != null, "UnAuthorized. Unable to get the user quota.");
PswsBudgetManager.Instance.HeartBeat(authZUserToken);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.ServerActiveRunspaces, PswsBudgetManager.Instance.TotalActiveRunspaces);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.ServerActiveUsers, PswsBudgetManager.Instance.TotalActiveUsers);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.UserBudgetOnStart, PswsBudgetManager.Instance.GetWSManBudgetUsage(authZUserToken));
userQuota = new UserQuota((int)(throttlingPolicy.PswsMaxConcurrency.IsUnlimited ? 2147483647U : throttlingPolicy.PswsMaxConcurrency.Value), (int)(throttlingPolicy.PswsMaxRequest.IsUnlimited ? 2147483647U : throttlingPolicy.PswsMaxRequest.Value), (int)(throttlingPolicy.PswsMaxRequestTimePeriod.IsUnlimited ? 2147483647U : throttlingPolicy.PswsMaxRequestTimePeriod.Value));
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <Unlimited <uint>, Unlimited <uint>, Unlimited <uint> >((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] User quota: PswsMaxConcurrenty={0}, PswsMaxRequest={1}, PswsMaxRequestTimePeriod={2}.", throttlingPolicy.PswsMaxConcurrency, throttlingPolicy.PswsMaxRequest, throttlingPolicy.PswsMaxRequestTimePeriod);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.IsAuthorized, true);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.AuthorizeUser, authZUserToken.UserNameForLogging);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.GetQuota, string.Format("PswsMaxConcurrenty={0};PswsMaxRequest={1};PswsMaxRequestTimePeriod={2}", throttlingPolicy.PswsMaxConcurrency, throttlingPolicy.PswsMaxRequest, throttlingPolicy.PswsMaxRequestTimePeriod));
string ruleName = null;
if (this.ConnectionBlockedByClientAccessRules(authZUserToken, out ruleName))
{
throw new ClientAccessRulesBlockedConnectionException(ruleName);
}
current = WindowsIdentity.GetCurrent();
}
catch (Exception ex)
{
ExTraceGlobals.PublicPluginAPITracer.TraceError <Exception>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Exception: {0}", ex);
AuthZLogger.SafeAppendGenericError("PswsAuthorization.AuthorizeUser", ex, new Func <Exception, bool>(KnownException.IsUnhandledException));
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_PswsPublicAPIFailed, null, new object[]
{
"PswsAuthorization.AuthorizeUser",
ex.ToString()
});
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.IsAuthorized, false);
PswsErrorHandling.SendErrorToClient((ex is ClientAccessRulesBlockedConnectionException) ? PswsErrorCode.ClientAccessRuleBlock : PswsErrorCode.AuthZUserError, ex, null);
throw;
}
finally
{
ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Exit.");
}
return(current);
}
public CustomContext(WindowsIdentity identity, UserQuota quota)
{
this.Identity = new SafeRefCountedContainer <WindowsIdentity>(identity);
this.UserQuota = quota;
this.CmdletsExecuted = 0;
}
