private MRSProxyAuthorizationManager.AuthenticationData GetAuthenticationData(OperationContext operationContext) { MRSProxyAuthorizationManager.AuthenticationData authenticationData = null; if (!MRSProxyAuthorizationManager.Sessions.TryGetValue(operationContext.SessionId, out authenticationData)) { authenticationData = new MRSProxyAuthorizationManager.AuthenticationData(); MRSProxyAuthorizationManager.Sessions.AddAbsolute(operationContext.SessionId, authenticationData, MRSProxyAuthorizationManager.authenticationDataExpiration, null); } return(authenticationData); }
internal override bool PostAuthnCheck(OperationContext operationContext, IAuthenticationInfo authenticationInfo) { if (operationContext.ServiceSecurityContext.IsAnonymous) { return(false); } MRSProxyAuthorizationManager.AuthenticationData authenticationData = this.GetAuthenticationData(operationContext); if (authenticationData.IsAuthorized) { return(true); } if (authenticationInfo.IsCertificateAuthentication) { authenticationData.IsAuthorized = true; } else { authenticationData.IsAuthorized = base.PostAuthnCheck(operationContext, authenticationInfo); } return(authenticationData.IsAuthorized); }
private IAuthenticationInfo GetPrincipal(OperationContext operationContext) { MRSProxyAuthorizationManager.AuthenticationData authenticationData = this.GetAuthenticationData(operationContext); if (authenticationData.AuthenticationInfo != null) { return(authenticationData.AuthenticationInfo); } IAuthenticationInfo authenticationInfo = base.Authenticate(operationContext); if (authenticationInfo == null) { return(null); } if (operationContext.Channel.LocalAddress.Uri.Scheme == "net.tcp" || this.TestIntegration.UseHttpsForLocalMoves) { return(authenticationInfo); } WindowsPrincipal windowsPrincipal = authenticationInfo.WindowsPrincipal; WindowsIdentity windowsIdentity = windowsPrincipal.Identity as WindowsIdentity; using (ClientSecurityContext clientSecurityContext = new ClientSecurityContext(windowsIdentity)) { if (!LocalServer.AllowsTokenSerializationBy(clientSecurityContext)) { MrsTracer.ProxyService.Debug("MRSProxyAuthorizationManager: User {0} does not have the permission to serialize security token.", new object[] { authenticationInfo.PrincipalName }); return(null); } } object obj; if (!OperationContext.Current.IncomingMessageProperties.TryGetValue(HttpRequestMessageProperty.Name, out obj)) { return(null); } HttpRequestMessageProperty httpRequestMessageProperty = obj as HttpRequestMessageProperty; if (httpRequestMessageProperty == null) { return(null); } string[] values = httpRequestMessageProperty.Headers.GetValues("X-CommonAccessToken"); if (values == null || values.Length != 1) { return(null); } string text = values[0]; if (string.IsNullOrEmpty(text)) { return(null); } using (ClientSecurityContext clientSecurityContext2 = new ClientSecurityContext(windowsIdentity)) { if (!LocalServer.AllowsTokenSerializationBy(clientSecurityContext2)) { MrsTracer.ProxyService.Debug("MRSProxyAuthorizationManager: User {0} does not have the permission to serialize security token.", new object[] { windowsIdentity }); return(null); } } CommonAccessToken commonAccessToken = CommonAccessToken.Deserialize(text); SecurityIdentifier securityIdentifier = new SecurityIdentifier(commonAccessToken.WindowsAccessToken.UserSid); IRootOrganizationRecipientSession rootOrganizationRecipientSession = DirectorySessionFactory.Default.CreateRootOrgRecipientSession(true, ConsistencyMode.PartiallyConsistent, ADSessionSettings.FromRootOrgScopeSet(), 300, "GetPrincipal", "f:\\15.00.1497\\sources\\dev\\mrs\\src\\ProxyService\\MRSProxyAuthorizationManager.cs"); ADRawEntry adrawEntry = rootOrganizationRecipientSession.FindADRawEntryBySid(securityIdentifier, MRSProxyAuthorizationManager.userPrincipalName); if (adrawEntry == null) { authenticationData.AuthenticationInfo = new AuthenticationInfo(securityIdentifier); } else { string sUserPrincipalName = (string)adrawEntry[ADUserSchema.UserPrincipalName]; windowsIdentity = new WindowsIdentity(sUserPrincipalName); authenticationData.AuthenticationInfo = new AuthenticationInfo(windowsIdentity, windowsIdentity.Name); } return(authenticationData.AuthenticationInfo); }