private void CreateInputHtmlCollection(SecureNameValueCollection collection, SecureHttpBuffer buffer, Uri redirectUrl, int majorCasVersion) { string value = "<input type='hidden' name='"; string value2 = "' value='"; string value3 = "'>"; foreach (string text in collection) { buffer.CopyAtCurrentPosition(value); buffer.CopyAtCurrentPosition(text); buffer.CopyAtCurrentPosition(value2); if (text == "password") { SecureString secureValue; collection.TryGetSecureValue(text, out secureValue); buffer.CopyAtCurrentPosition(secureValue); } else if (text == "destination") { string text2; collection.TryGetUnsecureValue(text, out text2); Uri uri; if (!Uri.TryCreate(text2, UriKind.Absolute, out uri)) { throw new OwaInvalidRequestException("destination value is not valid"); } StringBuilder stringBuilder = new StringBuilder(); if (majorCasVersion < (int)ExchangeObjectVersion.Exchange2007.ExchangeBuild.Major) { stringBuilder.Append(redirectUrl); } else { stringBuilder.Append(redirectUrl.Scheme); stringBuilder.Append(Uri.SchemeDelimiter); stringBuilder.Append(redirectUrl.Authority); if (Utilities.IsOwaUrl(uri, OwaUrl.AuthPost, true)) { stringBuilder.Append(OwaUrl.ApplicationRoot.ImplicitUrl); } else { stringBuilder.Append(uri.PathAndQuery); } } buffer.CopyAtCurrentPosition(stringBuilder.ToString()); } else { string text2; collection.TryGetUnsecureValue(text, out text2); buffer.CopyAtCurrentPosition(text2); } buffer.CopyAtCurrentPosition(value3); } }
private void CreateHtmlForSsoFba(SecureHttpBuffer buffer, SecureNameValueCollection collection, Uri redirectUrl, int majorCasVersion) { SanitizedHtmlString noScriptHtml = Utilities.GetNoScriptHtml(); string value = "<html><noscript>"; string value2 = "</noscript><head><title>Continue</title><script type='text/javascript'>function OnBack(){}function DoSubmit(){var subt=false;if(!subt){subt=true;document.logonForm.submit();}}</script></head><body onload='javascript:DoSubmit();'>"; string value3 = "</body></html>"; buffer.CopyAtCurrentPosition(value); buffer.CopyAtCurrentPosition(noScriptHtml.ToString()); buffer.CopyAtCurrentPosition(value2); this.CreateFormHtmlForSsoFba(buffer, collection, redirectUrl, majorCasVersion); buffer.CopyAtCurrentPosition(value3); }
private void RedirectUsingSSOFBA(SecureNameValueCollection collection, Uri redirectUrl, HttpResponse response, int majorCasVersion) { response.StatusCode = 200; response.Status = "200 - OK"; response.BufferOutput = false; response.CacheControl = "no-cache"; response.Cache.SetNoStore(); HttpCookie httpCookie = new HttpCookie("PBack"); httpCookie.Value = "1"; response.Cookies.Add(httpCookie); SecureHttpBuffer secureHttpBuffer = new SecureHttpBuffer(1000, response); this.CreateHtmlForSsoFba(secureHttpBuffer, collection, redirectUrl, majorCasVersion); secureHttpBuffer.FlushBuffer(); response.End(); }
private void CreateFormHtmlForSsoFba(SecureHttpBuffer buffer, SecureNameValueCollection collection, Uri redirectUrl, int majorCasVersion) { string value = "<form name='logonForm' id='logonForm' action='"; string value2 = "' method='post' target='_top'>"; string value3 = "</form>"; StringBuilder stringBuilder = new StringBuilder(); stringBuilder.Append(redirectUrl.Scheme); stringBuilder.Append(Uri.SchemeDelimiter); stringBuilder.Append(redirectUrl.Authority); if (majorCasVersion < (int)ExchangeObjectVersion.Exchange2007.ExchangeBuild.Major) { stringBuilder.Append("/exchweb/bin/auth/owaauth.dll"); } else { stringBuilder.Append(OwaUrl.AuthDll.ImplicitUrl); } buffer.CopyAtCurrentPosition(value); buffer.CopyAtCurrentPosition(stringBuilder.ToString()); buffer.CopyAtCurrentPosition(value2); this.CreateInputHtmlCollection(collection, buffer, redirectUrl, majorCasVersion); buffer.CopyAtCurrentPosition(value3); }
// Token: 0x06001375 RID: 4981 RVA: 0x00078088 File Offset: 0x00076288 public bool TryReadSecureFormData(out SecureNameValueCollection formCollection) { bool flag = false; formCollection = new SecureNameValueCollection(); bool result; try { if (string.Compare(this.request.ContentType, 0, "application/x-www-form-urlencoded", 0, "application/x-www-form-urlencoded".Length, StringComparison.OrdinalIgnoreCase) != 0) { result = false; } else { byte[] array = new byte[this.request.ContentLength]; int num = array.Length; for (int i = 0; i < num; i++) { int num2 = i; int num3 = -1; while (i < num) { int num4 = this.request.InputStream.ReadByte(); if (num4 == -1) { i = num; break; } array[i] = (byte)num4; if (array[i] == 61) { if (num3 < 0) { num3 = i; } } else if (array[i] == 38) { break; } i++; } string text; int offset; int count; if (num3 >= 0) { text = HttpUtility.UrlDecode(array, num2, num3 - num2, this.request.ContentEncoding); offset = num3 + 1; count = i - num3 - 1; } else { text = string.Empty; offset = num2; count = i - num2; } if (this.sensitiveKeys.ContainsKey(text)) { SecureString secureString; using (SecureArray <byte> secureArray = new SecureArray <byte>(HttpUtility.UrlDecodeToBytes(array, offset, count))) { using (SecureArray <char> secureArray2 = new SecureArray <char>(this.request.ContentEncoding.GetChars(secureArray.ArrayValue))) { try { secureString = secureArray2.ArrayValue.ConvertToSecureString(); } catch (ArgumentOutOfRangeException) { return(false); } } } if (formCollection.ContainsSecureValue(text)) { secureString.Dispose(); return(false); } formCollection.AddSecureNameValue(text, secureString); } else { string value = HttpUtility.UrlDecode(array, offset, count, this.request.ContentEncoding); if (formCollection.ContainsUnsecureValue(text)) { return(false); } formCollection.AddUnsecureNameValue(text, value); } } flag = true; result = true; } } finally { if (!flag && formCollection != null) { formCollection.Dispose(); formCollection = null; } } return(result); }