예제 #1
0
        internal static string GetPswsMembershipId(UserToken userToken, NameValueCollection collection)
        {
            ExAssert.RetailAssert(userToken != null, "[PswsAuthorization.GetPswsMembershipId] userToken can't be null.");
            string friendlyName = userToken.Organization.GetFriendlyName();
            ExchangeRunspaceConfigurationSettings exchangeRunspaceConfigurationSettings = PswsAuthZHelper.BuildRunspaceConfigurationSettings("https://www.outlook.com/Psws/Service.svc", userToken, collection);
            CultureInfo cultureInfo;

            PswsAuthZHelper.TryParseCultureInfo(collection, out cultureInfo);
            string text = userToken.ManagedOrganization;

            if (string.IsNullOrWhiteSpace(text))
            {
                text = exchangeRunspaceConfigurationSettings.TenantOrganization;
            }
            string result = string.Format("Name:{0};AT:{1};UserOrg:{2};ManOrg:{3};SL:{4};FSL:{5};CA:{6};EDK:{7};Cul:{8};Proxy:{9}", new object[]
            {
                PswsAuthZHelper.GetUserNameForCache(userToken),
                userToken.AuthenticationType,
                friendlyName,
                text,
                exchangeRunspaceConfigurationSettings.CurrentSerializationLevel,
                exchangeRunspaceConfigurationSettings.ProxyFullSerialization,
                exchangeRunspaceConfigurationSettings.ClientApplication,
                exchangeRunspaceConfigurationSettings.EncodeDecodeKey,
                (cultureInfo == null) ? "null" : cultureInfo.Name,
                exchangeRunspaceConfigurationSettings.IsProxy
            });

            AuthZLogger.SafeSetLogger(PswsMetadata.IsProxy, exchangeRunspaceConfigurationSettings.IsProxy);
            AuthZLogger.SafeSetLogger(PswsMetadata.ClientApplication, exchangeRunspaceConfigurationSettings.ClientApplication);
            AuthZLogger.SafeSetLogger(PswsMetadata.ProxyFullSerialzation, exchangeRunspaceConfigurationSettings.ProxyFullSerialization);
            AuthZLogger.SafeSetLogger(PswsMetadata.SerializationLevel, exchangeRunspaceConfigurationSettings.CurrentSerializationLevel);
            AuthZLogger.SafeSetLogger(PswsMetadata.CultureInfo, (cultureInfo == null) ? "null" : cultureInfo.Name);
            AuthZLogger.SafeSetLogger(PswsMetadata.TenantOrganization, text);
            return(result);
        }
예제 #2
0
        // Token: 0x06001244 RID: 4676 RVA: 0x00039740 File Offset: 0x00037940
        public override WindowsIdentity AuthorizeUser(SenderInfo senderInfo, out UserQuota userQuota)
        {
            ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Enter.");
            WindowsIdentity current;

            try
            {
                if (this.IsBlockedPswsDirectInvocation())
                {
                    AuthZLogger.SafeAppendGenericError("PswsAuthorization.AuthorizeUser", "UnAuthorized. Blocked Psws direct invocation", false);
                    throw new InvalidOperationException(Strings.InvalidPswsDirectInvocationBlocked);
                }
                CultureInfo cultureInfo = null;
                if (PswsAuthZHelper.TryParseCultureInfo(HttpContext.Current.Request.Headers, out cultureInfo))
                {
                    ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Set thread culture to be {0}", cultureInfo.Name);
                    Thread.CurrentThread.CurrentCulture   = cultureInfo;
                    Thread.CurrentThread.CurrentUICulture = cultureInfo;
                }
                IThrottlingPolicy  throttlingPolicy = null;
                PswsAuthZUserToken authZUserToken   = null;
                AuthZLogHelper.ExecuteWSManPluginAPI("PswsAuthorization.AuthorizeUser", false, true, delegate()
                {
                    UserToken userToken = HttpContext.Current.CurrentUserToken();
                    authZUserToken      = PswsAuthZHelper.GetAuthZPluginUserToken(userToken);
                    if (authZUserToken != null)
                    {
                        throttlingPolicy = authZUserToken.GetThrottlingPolicy();
                    }
                });
                ExAssert.RetailAssert(authZUserToken != null, "UnAuthorized. The user token is invalid (null).");
                ExAssert.RetailAssert(throttlingPolicy != null, "UnAuthorized. Unable to get the user quota.");
                PswsBudgetManager.Instance.HeartBeat(authZUserToken);
                AuthZLogger.SafeSetLogger(RpsAuthZMetadata.ServerActiveRunspaces, PswsBudgetManager.Instance.TotalActiveRunspaces);
                AuthZLogger.SafeSetLogger(RpsAuthZMetadata.ServerActiveUsers, PswsBudgetManager.Instance.TotalActiveUsers);
                AuthZLogger.SafeSetLogger(RpsAuthZMetadata.UserBudgetOnStart, PswsBudgetManager.Instance.GetWSManBudgetUsage(authZUserToken));
                userQuota = new UserQuota((int)(throttlingPolicy.PswsMaxConcurrency.IsUnlimited ? 2147483647U : throttlingPolicy.PswsMaxConcurrency.Value), (int)(throttlingPolicy.PswsMaxRequest.IsUnlimited ? 2147483647U : throttlingPolicy.PswsMaxRequest.Value), (int)(throttlingPolicy.PswsMaxRequestTimePeriod.IsUnlimited ? 2147483647U : throttlingPolicy.PswsMaxRequestTimePeriod.Value));
                ExTraceGlobals.PublicPluginAPITracer.TraceDebug <Unlimited <uint>, Unlimited <uint>, Unlimited <uint> >((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] User quota: PswsMaxConcurrenty={0}, PswsMaxRequest={1}, PswsMaxRequestTimePeriod={2}.", throttlingPolicy.PswsMaxConcurrency, throttlingPolicy.PswsMaxRequest, throttlingPolicy.PswsMaxRequestTimePeriod);
                AuthZLogger.SafeSetLogger(RpsAuthZMetadata.IsAuthorized, true);
                AuthZLogger.SafeSetLogger(RpsAuthZMetadata.AuthorizeUser, authZUserToken.UserNameForLogging);
                AuthZLogger.SafeSetLogger(RpsAuthZMetadata.GetQuota, string.Format("PswsMaxConcurrenty={0};PswsMaxRequest={1};PswsMaxRequestTimePeriod={2}", throttlingPolicy.PswsMaxConcurrency, throttlingPolicy.PswsMaxRequest, throttlingPolicy.PswsMaxRequestTimePeriod));
                string ruleName = null;
                if (this.ConnectionBlockedByClientAccessRules(authZUserToken, out ruleName))
                {
                    throw new ClientAccessRulesBlockedConnectionException(ruleName);
                }
                current = WindowsIdentity.GetCurrent();
            }
            catch (Exception ex)
            {
                ExTraceGlobals.PublicPluginAPITracer.TraceError <Exception>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Exception: {0}", ex);
                AuthZLogger.SafeAppendGenericError("PswsAuthorization.AuthorizeUser", ex, new Func <Exception, bool>(KnownException.IsUnhandledException));
                TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_PswsPublicAPIFailed, null, new object[]
                {
                    "PswsAuthorization.AuthorizeUser",
                    ex.ToString()
                });
                AuthZLogger.SafeSetLogger(RpsAuthZMetadata.IsAuthorized, false);
                PswsErrorHandling.SendErrorToClient((ex is ClientAccessRulesBlockedConnectionException) ? PswsErrorCode.ClientAccessRuleBlock : PswsErrorCode.AuthZUserError, ex, null);
                throw;
            }
            finally
            {
                ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Exit.");
            }
            return(current);
        }
예제 #3
0
 private void LogCommonValues()
 {
     AuthZLogger.SafeSetLogger(RpsCommonMetadata.SessionId, this.sessionId);
     AuthZLogger.SafeAppendGenericInfo("FirstRequestId", this.firstRequestId);
     AuthZLogHelper.LogAuthZUserToken(this.currentAuthZUserToken);
 }