// Token: 0x06001242 RID: 4674 RVA: 0x000395D0 File Offset: 0x000377D0
private void OnAuthenticate(object source, EventArgs args)
{
ExTraceGlobals.AccessCheckTracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthNModule.OnAuthenticate] Enter");
HttpApplication httpApplication = (HttpApplication)source;
HttpContext context = httpApplication.Context;
HttpRequest request = context.Request;
if (!request.IsAuthenticated)
{
ExTraceGlobals.AccessCheckTracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthNModule.OnAuthenticate] Request is not authenticated. Skip.");
return;
}
UserToken userToken = context.CurrentUserToken();
if (userToken == null)
{
ExTraceGlobals.AccessCheckTracer.TraceError((long)this.GetHashCode(), "[PswsAuthNModule.OnAuthenticate] user token is null. Skip.");
throw new InvalidOperationException("Unexpected condition: userToken from HttpContext is null.");
}
context.Items["X-Psws-CurrentLogonUser"] = context.User.Identity;
string pswsMembershipId = PswsAuthZHelper.GetPswsMembershipId(userToken, request.Headers);
ExAssert.RetailAssert(!string.IsNullOrWhiteSpace(pswsMembershipId), "userIdWithMembershipId can't be null or blank.");
string text = "PswsMembership-" + userToken.AuthenticationType;
ExTraceGlobals.AccessCheckTracer.TraceDebug((long)this.GetHashCode(), string.Format("[PswsAuthNModule.OnAuthenticate] userId = \"{0}\", userType = \"{1}\".", pswsMembershipId, text));
context.User = new GenericPrincipal(new GenericIdentity(pswsMembershipId, text), null);
ExTraceGlobals.AccessCheckTracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthNModule.OnAuthenticate] Leave");
}
// Token: 0x0600126F RID: 4719 RVA: 0x0003B544 File Offset: 0x00039744
protected override void PostGetInitialSessionState(PSSenderInfo senderInfo)
{
ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorizationPlugin.PostGetInitialSessionState] Enter.");
UserToken userToken = HttpContext.Current.CurrentUserToken();
PswsAuthZUserToken authZPluginUserToken = PswsAuthZHelper.GetAuthZPluginUserToken(userToken);
PswsBudgetManager.Instance.StartRunspace(authZPluginUserToken);
ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorizationPlugin.PostGetInitialSessionState] Exit.");
}
// Token: 0x0600126E RID: 4718 RVA: 0x0003B46C File Offset: 0x0003966C
protected override void PreGetInitialSessionState(PSSenderInfo senderInfo)
{
ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorizationPlugin.PreGetInitialSessionState] Enter.");
UserToken userToken = HttpContext.Current.CurrentUserToken();
PswsAuthZUserToken authZPluginUserToken = PswsAuthZHelper.GetAuthZPluginUserToken(userToken);
OverBudgetException ex;
if (PswsBudgetManager.Instance.CheckOverBudget(authZPluginUserToken, CostType.ActiveRunspace, out ex))
{
ExTraceGlobals.PublicPluginAPITracer.TraceError <OverBudgetException>((long)this.GetHashCode(), "[PswsAuthorizationPlugin.PreGetInitialSessionState] OverBudgetException: {0}.", ex);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_PswsOverBudgetException, null, new object[]
{
HttpContext.Current.User.Identity.Name,
ex.ToString(),
PswsBudgetManager.Instance.GetConnectedUsers()
});
PswsErrorHandling.SendErrorToClient(PswsErrorCode.OverBudgetException, ex, ex.Snapshot);
AuthZLogger.SafeAppendGenericError("OverBudgetException", ex.ToString(), false);
throw ex;
}
ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorizationPlugin.PreGetInitialSessionState] Exit.");
}
// Token: 0x06001276 RID: 4726 RVA: 0x0003B7F0 File Offset: 0x000399F0
internal static string GetPswsMembershipId(UserToken userToken, NameValueCollection collection)
{
ExAssert.RetailAssert(userToken != null, "[PswsAuthorization.GetPswsMembershipId] userToken can't be null.");
string friendlyName = userToken.Organization.GetFriendlyName();
ExchangeRunspaceConfigurationSettings exchangeRunspaceConfigurationSettings = PswsAuthZHelper.BuildRunspaceConfigurationSettings("https://www.outlook.com/Psws/Service.svc", userToken, collection);
CultureInfo cultureInfo;
PswsAuthZHelper.TryParseCultureInfo(collection, out cultureInfo);
string text = userToken.ManagedOrganization;
if (string.IsNullOrWhiteSpace(text))
{
text = exchangeRunspaceConfigurationSettings.TenantOrganization;
}
string result = string.Format("Name:{0};AT:{1};UserOrg:{2};ManOrg:{3};SL:{4};FSL:{5};CA:{6};EDK:{7};Cul:{8};Proxy:{9}", new object[]
{
PswsAuthZHelper.GetUserNameForCache(userToken),
userToken.AuthenticationType,
friendlyName,
text,
exchangeRunspaceConfigurationSettings.CurrentSerializationLevel,
exchangeRunspaceConfigurationSettings.ProxyFullSerialization,
exchangeRunspaceConfigurationSettings.ClientApplication,
exchangeRunspaceConfigurationSettings.EncodeDecodeKey,
(cultureInfo == null) ? "null" : cultureInfo.Name,
exchangeRunspaceConfigurationSettings.IsProxy
});
AuthZLogger.SafeSetLogger(PswsMetadata.IsProxy, exchangeRunspaceConfigurationSettings.IsProxy);
AuthZLogger.SafeSetLogger(PswsMetadata.ClientApplication, exchangeRunspaceConfigurationSettings.ClientApplication);
AuthZLogger.SafeSetLogger(PswsMetadata.ProxyFullSerialzation, exchangeRunspaceConfigurationSettings.ProxyFullSerialization);
AuthZLogger.SafeSetLogger(PswsMetadata.SerializationLevel, exchangeRunspaceConfigurationSettings.CurrentSerializationLevel);
AuthZLogger.SafeSetLogger(PswsMetadata.CultureInfo, (cultureInfo == null) ? "null" : cultureInfo.Name);
AuthZLogger.SafeSetLogger(PswsMetadata.TenantOrganization, text);
return(result);
}
// Token: 0x0600126D RID: 4717 RVA: 0x0003B44A File Offset: 0x0003964A
protected override ExchangeRunspaceConfigurationSettings BuildRunspaceConfigurationSettings(string connectionString, IIdentity identity)
{
return(PswsAuthZHelper.BuildRunspaceConfigurationSettings(connectionString, HttpContext.Current.CurrentUserToken(), HttpContext.Current.Request.Headers));
}
// Token: 0x0600126C RID: 4716 RVA: 0x0003B42B File Offset: 0x0003962B
protected override IIdentity GetExecutingUserIdentity(PSPrincipal psPrincipal, string connectionUrl, out UserToken userToken, out Microsoft.Exchange.Configuration.Core.AuthenticationType authenticationType)
{
userToken = HttpContext.Current.CurrentUserToken();
authenticationType = userToken.AuthenticationType;
return(PswsAuthZHelper.GetExecutingAuthZUser(userToken));
}
// Token: 0x06001244 RID: 4676 RVA: 0x00039740 File Offset: 0x00037940
public override WindowsIdentity AuthorizeUser(SenderInfo senderInfo, out UserQuota userQuota)
{
ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Enter.");
WindowsIdentity current;
try
{
if (this.IsBlockedPswsDirectInvocation())
{
AuthZLogger.SafeAppendGenericError("PswsAuthorization.AuthorizeUser", "UnAuthorized. Blocked Psws direct invocation", false);
throw new InvalidOperationException(Strings.InvalidPswsDirectInvocationBlocked);
}
CultureInfo cultureInfo = null;
if (PswsAuthZHelper.TryParseCultureInfo(HttpContext.Current.Request.Headers, out cultureInfo))
{
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Set thread culture to be {0}", cultureInfo.Name);
Thread.CurrentThread.CurrentCulture = cultureInfo;
Thread.CurrentThread.CurrentUICulture = cultureInfo;
}
IThrottlingPolicy throttlingPolicy = null;
PswsAuthZUserToken authZUserToken = null;
AuthZLogHelper.ExecuteWSManPluginAPI("PswsAuthorization.AuthorizeUser", false, true, delegate()
{
UserToken userToken = HttpContext.Current.CurrentUserToken();
authZUserToken = PswsAuthZHelper.GetAuthZPluginUserToken(userToken);
if (authZUserToken != null)
{
throttlingPolicy = authZUserToken.GetThrottlingPolicy();
}
});
ExAssert.RetailAssert(authZUserToken != null, "UnAuthorized. The user token is invalid (null).");
ExAssert.RetailAssert(throttlingPolicy != null, "UnAuthorized. Unable to get the user quota.");
PswsBudgetManager.Instance.HeartBeat(authZUserToken);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.ServerActiveRunspaces, PswsBudgetManager.Instance.TotalActiveRunspaces);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.ServerActiveUsers, PswsBudgetManager.Instance.TotalActiveUsers);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.UserBudgetOnStart, PswsBudgetManager.Instance.GetWSManBudgetUsage(authZUserToken));
userQuota = new UserQuota((int)(throttlingPolicy.PswsMaxConcurrency.IsUnlimited ? 2147483647U : throttlingPolicy.PswsMaxConcurrency.Value), (int)(throttlingPolicy.PswsMaxRequest.IsUnlimited ? 2147483647U : throttlingPolicy.PswsMaxRequest.Value), (int)(throttlingPolicy.PswsMaxRequestTimePeriod.IsUnlimited ? 2147483647U : throttlingPolicy.PswsMaxRequestTimePeriod.Value));
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <Unlimited <uint>, Unlimited <uint>, Unlimited <uint> >((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] User quota: PswsMaxConcurrenty={0}, PswsMaxRequest={1}, PswsMaxRequestTimePeriod={2}.", throttlingPolicy.PswsMaxConcurrency, throttlingPolicy.PswsMaxRequest, throttlingPolicy.PswsMaxRequestTimePeriod);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.IsAuthorized, true);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.AuthorizeUser, authZUserToken.UserNameForLogging);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.GetQuota, string.Format("PswsMaxConcurrenty={0};PswsMaxRequest={1};PswsMaxRequestTimePeriod={2}", throttlingPolicy.PswsMaxConcurrency, throttlingPolicy.PswsMaxRequest, throttlingPolicy.PswsMaxRequestTimePeriod));
string ruleName = null;
if (this.ConnectionBlockedByClientAccessRules(authZUserToken, out ruleName))
{
throw new ClientAccessRulesBlockedConnectionException(ruleName);
}
current = WindowsIdentity.GetCurrent();
}
catch (Exception ex)
{
ExTraceGlobals.PublicPluginAPITracer.TraceError <Exception>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Exception: {0}", ex);
AuthZLogger.SafeAppendGenericError("PswsAuthorization.AuthorizeUser", ex, new Func <Exception, bool>(KnownException.IsUnhandledException));
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_PswsPublicAPIFailed, null, new object[]
{
"PswsAuthorization.AuthorizeUser",
ex.ToString()
});
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.IsAuthorized, false);
PswsErrorHandling.SendErrorToClient((ex is ClientAccessRulesBlockedConnectionException) ? PswsErrorCode.ClientAccessRuleBlock : PswsErrorCode.AuthZUserError, ex, null);
throw;
}
finally
{
ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Exit.");
}
return(current);
}