예제 #1
0
        private static ADUser ResolveCertificateFromCacheOrAD(HttpClientCertificate certificate, string orgName)
        {
            Logger.EnterFunction(ExTraceGlobals.CertAuthTracer, "ResolveCertificateFromCacheOrAD");
            X509Identifier x509Identifier = CertificateAuthenticationModule.CreateCertificateIdentity(certificate);
            ADUser         aduser         = CertificateAuthenticationModule.GetUserFromCache(x509Identifier);

            if (aduser == null)
            {
                aduser = CertificateAuthenticationModule.ResolveCertificate(x509Identifier, orgName);
                if (aduser != null)
                {
                    CertificateAuthenticationModule.AddUserToCache(x509Identifier, aduser);
                }
            }
            else
            {
                HttpLogger.SafeAppendGenericInfo("ResolveCertificateFromCacheOrAD", "Cache");
            }
            if (aduser == null)
            {
                Logger.LogEvent(CertificateAuthenticationModule.eventLogger, TaskEventLogConstants.Tuple_CertAuth_UserNotFound, certificate.Subject, new object[]
                {
                    certificate.Subject
                });
                Logger.LogVerbose("Found no user by certificate {0}", new object[]
                {
                    certificate.Subject
                });
            }
            else
            {
                Logger.LogVerbose("Found user {0} by certificate {1}", new object[]
                {
                    aduser.Name,
                    certificate.Subject
                });
            }
            Logger.ExitFunction(ExTraceGlobals.CertAuthTracer, "ResolveCertificateFromCacheOrAD");
            return(aduser);
        }
예제 #2
0
        private static void InternalOnAuthenticate(HttpContext context)
        {
            Logger.EnterFunction(ExTraceGlobals.CertAuthTracer, "InternalOnAuthenticate");
            HttpRequest request = context.Request;

            Logger.LogVerbose("Request of Authentication for certificate {0}.", new object[]
            {
                request.ClientCertificate.Subject
            });
            int    i      = 0;
            ADUser aduser = null;
            NameValueCollection urlProperties = RedirectionHelper.GetUrlProperties(request.Url);
            string orgName = urlProperties[CertificateAuthenticationModule.OrganizationDomain];

            while (i < CertificateAuthenticationModule.maxRetryForADTransient)
            {
                try
                {
                    aduser = CertificateAuthenticationModule.ResolveCertificateFromCacheOrAD(request.ClientCertificate, orgName);
                    if (aduser != null && !string.IsNullOrEmpty(aduser.UserPrincipalName))
                    {
                        CertificateAuthenticationFaultInjection.FaultInjectionTracer.TraceTest <string>(3745918269U, aduser.UserPrincipalName);
                    }
                    break;
                }
                catch (ADTransientException ex)
                {
                    if (i == 0)
                    {
                        Logger.LogEvent(CertificateAuthenticationModule.eventLogger, TaskEventLogConstants.Tuple_CertAuth_TransientError, null, new object[]
                        {
                            ex,
                            request.ClientCertificate.Subject
                        });
                        HttpLogger.SafeAppendGenericInfo("ResolveCertificateFromCacheOrAD-TransientException", ex.Message);
                    }
                    if (i == CertificateAuthenticationModule.maxRetryForADTransient - 1)
                    {
                        HttpLogger.SafeAppendGenericError("ResolveCertificateFromCacheOrAD", ex, new Func <Exception, bool>(KnownException.IsUnhandledException));
                    }
                    Logger.LogError(string.Format("AD Transient Error when processing certificate authentication {0}.", request.ClientCertificate.Subject), ex);
                }
                catch (Exception ex2)
                {
                    HttpLogger.SafeAppendGenericError("CertAuthNModule.InternalOnAuthenticate", ex2, new Func <Exception, bool>(KnownException.IsUnhandledException));
                    Logger.LogEvent(CertificateAuthenticationModule.eventLogger, TaskEventLogConstants.Tuple_CertAuth_ServerError, null, new object[]
                    {
                        ex2,
                        request.ClientCertificate.Subject
                    });
                    Logger.LogError(string.Format("Unknown error when processing certificate authentication {0}.", request.ClientCertificate.Subject), ex2);
                    if (GrayException.IsGrayException(ex2))
                    {
                        ExWatson.SendReport(ex2, ReportOptions.DoNotCollectDumps, null);
                    }
                    CertificateAuthenticationModule.ReportCustomError(context.Response, HttpStatusCode.InternalServerError, 200, Strings.UnknownInternalError(request.ClientCertificate.Subject));
                }
                i++;
            }
            if (i > 0)
            {
                HttpLogger.SafeAppendGenericInfo("ResolveCertificateFromCacheOrAD-Retry", i.ToString());
            }
            if (i >= CertificateAuthenticationModule.maxRetryForADTransient)
            {
                CertificateAuthenticationModule.ReportCustomError(context.Response, HttpStatusCode.InternalServerError, 201, Strings.ADTransientError(request.ClientCertificate.Subject));
            }
            else if (aduser == null)
            {
                HttpLogger.SafeAppendGenericError("ResolveCertificateFromCacheOrAD-ResolvedUser", "null", false);
                if (request.Headers["Authorization"] == "http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/https/mutual")
                {
                    CertificateAuthenticationModule.ReportCustomError(context.Response, HttpStatusCode.BadRequest, 102, Strings.UserNotFound(request.ClientCertificate.Subject));
                }
            }
            else
            {
                Logger.LogVerbose("User correctly authenticated and linked to Certificate {0}.", new object[]
                {
                    request.ClientCertificate.Subject
                });
                if (i > 0)
                {
                    Logger.LogEvent(CertificateAuthenticationModule.eventLogger, TaskEventLogConstants.Tuple_CertAuth_TransientRecovery, null, new object[]
                    {
                        request.ClientCertificate.Subject,
                        i
                    });
                }
                X509Identifier certId = CertificateAuthenticationModule.CreateCertificateIdentity(request.ClientCertificate);
                CertificateAuthenticationModule.SetAuthenticatedInfo(context, aduser, certId);
            }
            Logger.ExitFunction(ExTraceGlobals.CertAuthTracer, "InternalOnAuthenticate");
        }