private void ChangePassword() { SecureHtmlFormReader secureHtmlFormReader = new SecureHtmlFormReader(base.Request); secureHtmlFormReader.AddSensitiveInputName("oldPwd"); secureHtmlFormReader.AddSensitiveInputName("newPwd1"); secureHtmlFormReader.AddSensitiveInputName("newPwd2"); SecureNameValueCollection secureNameValueCollection = null; try { if (secureHtmlFormReader.TryReadSecureFormData(out secureNameValueCollection)) { string text = null; SecureString secureString = null; SecureString secureString2 = null; SecureString secureString3 = null; try { secureNameValueCollection.TryGetUnsecureValue("username", out text); secureNameValueCollection.TryGetSecureValue("oldPwd", out secureString); secureNameValueCollection.TryGetSecureValue("newPwd1", out secureString2); secureNameValueCollection.TryGetSecureValue("newPwd2", out secureString3); if (text != null && secureString != null && secureString2 != null && secureString3 != null) { if (!ExpiredPassword.SecureStringEquals(secureString2, secureString3)) { this.reason = ExpiredPassword.ExpiredPasswordReason.PasswordConflict; } else { switch (ExpiredPassword.ChangePasswordNUCP(text, secureString, secureString2)) { case ExpiredPassword.ChangePasswordResult.Success: this.reason = ExpiredPassword.ExpiredPasswordReason.None; this.passwordChanged = true; break; case ExpiredPassword.ChangePasswordResult.InvalidCredentials: this.reason = ExpiredPassword.ExpiredPasswordReason.InvalidCredentials; break; case ExpiredPassword.ChangePasswordResult.LockedOut: this.reason = ExpiredPassword.ExpiredPasswordReason.LockedOut; break; case ExpiredPassword.ChangePasswordResult.BadNewPassword: this.reason = ExpiredPassword.ExpiredPasswordReason.InvalidNewPassword; break; case ExpiredPassword.ChangePasswordResult.OtherError: this.reason = ExpiredPassword.ExpiredPasswordReason.InvalidCredentials; break; } } } } finally { secureString.Dispose(); secureString2.Dispose(); secureString3.Dispose(); } } } finally { if (secureNameValueCollection != null) { secureNameValueCollection.Dispose(); } } }
private bool HandleFbaAuthFormPost(HttpApplication httpApplication) { HttpContext context = httpApplication.Context; HttpRequest request = context.Request; HttpResponse response = context.Response; if (request.GetHttpMethod() != HttpMethod.Post) { return(false); } string strB = request.Url.Segments[request.Url.Segments.Length - 1]; if (string.Compare("auth.owa", strB, StringComparison.OrdinalIgnoreCase) != 0 && string.Compare("owaauth.dll", strB, StringComparison.OrdinalIgnoreCase) != 0) { return(false); } if (string.IsNullOrEmpty(request.ContentType)) { request.ContentType = "application/x-www-form-urlencoded"; } SecureHtmlFormReader secureHtmlFormReader = new SecureHtmlFormReader(request); secureHtmlFormReader.AddSensitiveInputName("password"); SecureNameValueCollection secureNameValueCollection = null; try { if (!secureHtmlFormReader.TryReadSecureFormData(out secureNameValueCollection)) { AspNetHelper.EndResponse(context, HttpStatusCode.BadRequest); } string text = null; string text2 = null; SecureString secureString = null; string text3 = null; secureNameValueCollection.TryGetUnsecureValue("username", out text2); secureNameValueCollection.TryGetSecureValue("password", out secureString); secureNameValueCollection.TryGetUnsecureValue("destination", out text); secureNameValueCollection.TryGetUnsecureValue("flags", out text3); if (text == null || text2 == null || secureString == null || text3 == null || !this.CheckPostDestination(text, context.Request)) { AspNetHelper.EndResponse(context, HttpStatusCode.BadRequest); } this.password = secureString.Copy(); this.userName = text2; this.destinationUrl = text; int num; if (int.TryParse(text3, NumberStyles.Integer, CultureInfo.InvariantCulture, out num)) { this.flags = num; } else { this.flags = 0; } text2 += ":"; Encoding @default = Encoding.Default; int maxByteCount = @default.GetMaxByteCount(text2.Length + secureString.Length); using (SecureArray <byte> secureArray = new SecureArray <byte>(maxByteCount)) { int num2 = @default.GetBytes(text2, 0, text2.Length, secureArray.ArrayValue, 0); using (SecureArray <char> secureArray2 = secureString.ConvertToSecureCharArray()) { num2 += @default.GetBytes(secureArray2.ArrayValue, 0, secureArray2.Length(), secureArray.ArrayValue, num2); this.basicAuthString = "Basic " + Convert.ToBase64String(secureArray.ArrayValue, 0, num2); request.Headers["Authorization"] = this.basicAuthString; } } } finally { if (secureNameValueCollection != null) { secureNameValueCollection.Dispose(); } } ExTraceGlobals.VerboseTracer.TraceDebug <Uri>(0L, "HandleFbaAuthFormPost - {0}", request.Url); return(true); }