internal string GetADsPath(string dn) { string str = null; str = "LDAP://" + this.serverName; if (this.portSpecified) { str = str + ":" + this.port; } System.Web.Security.NativeComInterfaces.IAdsPathname pathname = (System.Web.Security.NativeComInterfaces.IAdsPathname) new System.Web.Security.NativeComInterfaces.Pathname(); pathname.Set(dn, 4); pathname.EscapedMode = 2; return(str + "/" + pathname.Retrieve(7)); }
internal DirectoryInformation(string adspath, NetworkCredential credentials, string connProtection, int clientSearchTimeout, int serverSearchTimeout, bool enablePasswordReset) { System.DirectoryServices.AuthenticationTypes[,] typesArray = new System.DirectoryServices.AuthenticationTypes[3, 2]; typesArray[1, 0] = System.DirectoryServices.AuthenticationTypes.Encryption | System.DirectoryServices.AuthenticationTypes.Secure; typesArray[1, 1] = System.DirectoryServices.AuthenticationTypes.Encryption; typesArray[2, 0] = System.DirectoryServices.AuthenticationTypes.Sealing | System.DirectoryServices.AuthenticationTypes.Signing | System.DirectoryServices.AuthenticationTypes.Secure; typesArray[2, 1] = System.DirectoryServices.AuthenticationTypes.Sealing | System.DirectoryServices.AuthenticationTypes.Signing | System.DirectoryServices.AuthenticationTypes.Secure; this.authTypes = typesArray; this.ldapAuthTypes = new AuthType[, ] { { AuthType.Negotiate, AuthType.Basic }, { AuthType.Negotiate, AuthType.Basic }, { AuthType.Negotiate, AuthType.Negotiate } }; this.adspath = adspath; this.credentials = credentials; this.clientSearchTimeout = clientSearchTimeout; this.serverSearchTimeout = serverSearchTimeout; if (!adspath.StartsWith("LDAP", StringComparison.Ordinal)) { throw new ProviderException(System.Web.SR.GetString("ADMembership_OnlyLdap_supported")); } System.Web.Security.NativeComInterfaces.IAdsPathname pathname = (System.Web.Security.NativeComInterfaces.IAdsPathname) new System.Web.Security.NativeComInterfaces.Pathname(); try { pathname.Set(adspath, 1); } catch (COMException exception) { if (exception.ErrorCode == -2147463168) { throw new ProviderException(System.Web.SR.GetString("ADMembership_invalid_path")); } throw; } try { this.serverName = pathname.Retrieve(9); } catch (COMException exception2) { if (exception2.ErrorCode == -2147463168) { throw new ProviderException(System.Web.SR.GetString("ADMembership_ServerlessADsPath_not_supported")); } throw; } this.creationContainerDN = this.containerDN = pathname.Retrieve(7); int index = this.serverName.IndexOf(':'); if (index != -1) { string serverName = this.serverName; this.serverName = serverName.Substring(0, index); this.port = int.Parse(serverName.Substring(index + 1), NumberFormatInfo.InvariantInfo); this.portSpecified = true; } if (string.Compare(connProtection, "Secure", StringComparison.Ordinal) != 0) { goto Label_039F; } bool flag = false; bool flag2 = false; if (!this.IsDefaultCredential()) { this.authenticationType = this.GetAuthenticationTypes(ActiveDirectoryConnectionProtection.Ssl, CredentialsType.NonWindows); this.ldapAuthType = this.GetLdapAuthenticationTypes(ActiveDirectoryConnectionProtection.Ssl, CredentialsType.NonWindows); try { this.rootdse = new DirectoryEntry(this.GetADsPath("rootdse"), this.GetUsername(), this.GetPassword(), this.authenticationType); this.rootdse.RefreshCache(); this.connectionProtection = ActiveDirectoryConnectionProtection.Ssl; if (!this.portSpecified) { this.port = 0x27c; this.portSpecified = true; } goto Label_0282; } catch (COMException exception3) { if (exception3.ErrorCode != -2147023570) { if (exception3.ErrorCode != -2147016646) { throw; } flag = true; } else { flag2 = true; } goto Label_0282; } } flag2 = true; Label_0282: if (flag2) { this.authenticationType = this.GetAuthenticationTypes(ActiveDirectoryConnectionProtection.Ssl, CredentialsType.Windows); this.ldapAuthType = this.GetLdapAuthenticationTypes(ActiveDirectoryConnectionProtection.Ssl, CredentialsType.Windows); try { this.rootdse = new DirectoryEntry(this.GetADsPath("rootdse"), this.GetUsername(), this.GetPassword(), this.authenticationType); this.rootdse.RefreshCache(); this.connectionProtection = ActiveDirectoryConnectionProtection.Ssl; if (!this.portSpecified) { this.port = 0x27c; this.portSpecified = true; } } catch (COMException exception4) { if (exception4.ErrorCode != -2147016646) { throw; } flag = true; } } if (!flag) { goto Label_0405; } this.authenticationType = this.GetAuthenticationTypes(ActiveDirectoryConnectionProtection.SignAndSeal, CredentialsType.Windows); this.ldapAuthType = this.GetLdapAuthenticationTypes(ActiveDirectoryConnectionProtection.SignAndSeal, CredentialsType.Windows); try { this.rootdse = new DirectoryEntry(this.GetADsPath("rootdse"), this.GetUsername(), this.GetPassword(), this.authenticationType); this.rootdse.RefreshCache(); this.connectionProtection = ActiveDirectoryConnectionProtection.SignAndSeal; goto Label_0405; } catch (COMException exception5) { throw new ProviderException(System.Web.SR.GetString("ADMembership_Secure_connection_not_established", new object[] { exception5.Message }), exception5); } Label_039F: if (this.IsDefaultCredential()) { throw new NotSupportedException(System.Web.SR.GetString("ADMembership_Default_Creds_not_supported")); } this.authenticationType = this.GetAuthenticationTypes(this.connectionProtection, CredentialsType.NonWindows); this.ldapAuthType = this.GetLdapAuthenticationTypes(this.connectionProtection, CredentialsType.NonWindows); this.rootdse = new DirectoryEntry(this.GetADsPath("rootdse"), this.GetUsername(), this.GetPassword(), this.authenticationType); Label_0405: if (this.rootdse == null) { this.rootdse = new DirectoryEntry(this.GetADsPath("RootDSE"), this.GetUsername(), this.GetPassword(), this.authenticationType); } this.directoryType = this.GetDirectoryType(); if ((this.directoryType == System.Web.Security.DirectoryType.ADAM) && (this.connectionProtection == ActiveDirectoryConnectionProtection.SignAndSeal)) { throw new ProviderException(System.Web.SR.GetString("ADMembership_Ssl_connection_not_established")); } if ((this.directoryType == System.Web.Security.DirectoryType.AD) && ((this.port == 0xcc4) || (this.port == 0xcc5))) { throw new ProviderException(System.Web.SR.GetString("ADMembership_GCPortsNotSupported")); } if (string.IsNullOrEmpty(this.containerDN)) { if (this.directoryType == System.Web.Security.DirectoryType.AD) { this.containerDN = (string)this.rootdse.Properties["defaultNamingContext"].Value; if (this.containerDN == null) { throw new ProviderException(System.Web.SR.GetString("ADMembership_DefContainer_not_specified")); } DirectoryEntry entry = new DirectoryEntry(this.GetADsPath("<WKGUID=a9d1ca15768811d1aded00c04fd8d5cd," + this.containerDN + ">"), this.GetUsername(), this.GetPassword(), this.authenticationType); try { this.creationContainerDN = (string)System.Web.Security.PropertyManager.GetPropertyValue(entry, "distinguishedName"); goto Label_05DE; } catch (COMException exception6) { if (exception6.ErrorCode == -2147016656) { throw new ProviderException(System.Web.SR.GetString("ADMembership_DefContainer_does_not_exist")); } throw; } } throw new ProviderException(System.Web.SR.GetString("ADMembership_Container_must_be_specified")); } DirectoryEntry directoryEntry = new DirectoryEntry(this.GetADsPath(this.containerDN), this.GetUsername(), this.GetPassword(), this.authenticationType); try { this.creationContainerDN = this.containerDN = (string)System.Web.Security.PropertyManager.GetPropertyValue(directoryEntry, "distinguishedName"); } catch (COMException exception7) { if (exception7.ErrorCode == -2147016656) { throw new ProviderException(System.Web.SR.GetString("ADMembership_Container_does_not_exist")); } throw; } Label_05DE: using (LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier(this.serverName + ":" + this.port), GetCredentialsWithDomain(credentials), this.ldapAuthType) { SessionOptions = { ProtocolVersion = 3 } }) { SearchResponse response; connection.SessionOptions.ReferralChasing = ReferralChasingOptions.None; this.SetSessionOptionsForSecureConnection(connection, false); connection.Bind(); SearchRequest request = new SearchRequest { DistinguishedName = this.containerDN, Filter = "(objectClass=*)", Scope = System.DirectoryServices.Protocols.SearchScope.Base }; request.Attributes.Add("distinguishedName"); request.Attributes.Add("objectClass"); if (this.ServerSearchTimeout != -1) { request.TimeLimit = new TimeSpan(0, this.ServerSearchTimeout, 0); } try { response = (SearchResponse)connection.SendRequest(request); if ((response.ResultCode == ResultCode.Referral) || (response.ResultCode == ResultCode.NoSuchObject)) { throw new ProviderException(System.Web.SR.GetString("ADMembership_Container_does_not_exist")); } if (response.ResultCode != ResultCode.Success) { throw new ProviderException(response.ErrorMessage); } } catch (DirectoryOperationException exception8) { SearchResponse response2 = (SearchResponse)exception8.Response; if (response2.ResultCode == ResultCode.NoSuchObject) { throw new ProviderException(System.Web.SR.GetString("ADMembership_Container_does_not_exist")); } throw; } DirectoryAttribute objectClass = response.Entries[0].Attributes["objectClass"]; if (!this.ContainerIsSuperiorOfUser(objectClass)) { throw new ProviderException(System.Web.SR.GetString("ADMembership_Container_not_superior")); } if ((this.connectionProtection == ActiveDirectoryConnectionProtection.None) || (this.connectionProtection == ActiveDirectoryConnectionProtection.Ssl)) { this.concurrentBindSupported = this.IsConcurrentBindSupported(connection); } } if (this.directoryType == System.Web.Security.DirectoryType.ADAM) { this.adamPartitionDN = this.GetADAMPartitionFromContainer(); } else if (enablePasswordReset) { DirectoryEntry entry3 = new DirectoryEntry(this.GetADsPath((string)System.Web.Security.PropertyManager.GetPropertyValue(this.rootdse, "defaultNamingContext")), this.GetUsername(), this.GetPassword(), this.AuthenticationTypes); System.Web.Security.NativeComInterfaces.IAdsLargeInteger propertyValue = (System.Web.Security.NativeComInterfaces.IAdsLargeInteger)System.Web.Security.PropertyManager.GetPropertyValue(entry3, "lockoutDuration"); long num2 = (propertyValue.HighPart * 0x100000000L) + ((uint)propertyValue.LowPart); this.adLockoutDuration = new TimeSpan(-num2); } }