// Token: 0x0600000B RID: 11 RVA: 0x0000220C File Offset: 0x0000040C
        private static CommonAccessToken CommonAccessTokenFromUrl(string user, Uri requestURI, out Exception ex)
        {
            if (requestURI == null)
            {
                throw new ArgumentNullException("requestURI");
            }
            ex = null;
            CommonAccessToken   result = null;
            NameValueCollection nameValueCollectionFromUri = LiveIdBasicAuthModule.GetNameValueCollectionFromUri(requestURI);
            string text = nameValueCollectionFromUri.Get("X-Rps-CAT");

            if (!string.IsNullOrWhiteSpace(text))
            {
                try
                {
                    result = CommonAccessToken.Deserialize(Uri.UnescapeDataString(text));
                }
                catch (Exception ex2)
                {
                    Logger.TraceError(ExTraceGlobals.RemotePowershellBackendCmdletProxyModuleTracer, "Got exception when trying to parse CommonAccessToken: {0}.", new object[]
                    {
                        ex2.ToString()
                    });
                    Logger.LogEvent(TaskEventLogConstants.Tuple_LogInvalidCommonAccessTokenReceived, text, new object[]
                    {
                        user,
                        requestURI.ToString(),
                        Strings.ErrorWhenParsingCommonAccessToken(ex2.ToString())
                    });
                    ex = ex2;
                }
            }
            return(result);
        }
Exemplo n.º 2
0
        internal static void UniformCommonAccessToken(this UserToken userToken)
        {
            CommonAccessToken commonAccessToken = userToken.CommonAccessToken;

            if (commonAccessToken == null)
            {
                return;
            }
            CommonAccessToken commonAccessToken2 = CommonAccessToken.Deserialize(commonAccessToken.Serialize());

            commonAccessToken2.Version = 0;
            commonAccessToken2.ExtensionData.Clear();
            foreach (string key in UserTokenHelper.WinRMCATExtensionDataKeys)
            {
                if (commonAccessToken.ExtensionData.ContainsKey(key))
                {
                    commonAccessToken2.ExtensionData[key] = commonAccessToken.ExtensionData[key];
                }
            }
            if (!commonAccessToken2.ExtensionData.ContainsKey("UserSid") && userToken.UserSid != null)
            {
                commonAccessToken2.ExtensionData["UserSid"] = userToken.UserSid.ToString();
            }
        }
Exemplo n.º 3
0
        // Token: 0x060000EA RID: 234 RVA: 0x00005B50 File Offset: 0x00003D50
        private static AnchorMailbox TryCreateFromCommonAccessToken(CommonAccessToken cat, IRequestContext requestContext)
        {
            AccessTokenType accessTokenType = (AccessTokenType)Enum.Parse(typeof(AccessTokenType), cat.TokenType, true);

            if (accessTokenType == 5)
            {
                requestContext.Logger.SafeSet(3, "CommonAccessToken-CompositeIdentity");
                cat             = CommonAccessToken.Deserialize(cat.ExtensionData["PrimaryIdentityToken"]);
                accessTokenType = (AccessTokenType)Enum.Parse(typeof(AccessTokenType), cat.TokenType, true);
            }
            switch (accessTokenType)
            {
            case 0:
                requestContext.Logger.SafeSet(3, "CommonAccessToken-Windows");
                return(new SidAnchorMailbox(cat.WindowsAccessToken.UserSid, requestContext));

            case 1:
            {
                LiveIdFbaTokenAccessor liveIdFbaTokenAccessor = LiveIdFbaTokenAccessor.Attach(cat);
                requestContext.Logger.SafeSet(3, "CommonAccessToken-LiveId");
                return(new SidAnchorMailbox(liveIdFbaTokenAccessor.UserSid, requestContext)
                    {
                        OrganizationId = liveIdFbaTokenAccessor.OrganizationId,
                        SmtpOrLiveId = liveIdFbaTokenAccessor.LiveIdMemberName
                    });
            }

            case 2:
            {
                LiveIdBasicTokenAccessor liveIdBasicTokenAccessor = LiveIdBasicTokenAccessor.Attach(cat);
                requestContext.Logger.SafeSet(3, "CommonAccessToken-LiveIdBasic");
                if (liveIdBasicTokenAccessor.UserSid != null)
                {
                    return(new SidAnchorMailbox(liveIdBasicTokenAccessor.UserSid, requestContext)
                        {
                            OrganizationId = liveIdBasicTokenAccessor.OrganizationId,
                            SmtpOrLiveId = liveIdBasicTokenAccessor.LiveIdMemberName
                        });
                }
                if (SmtpAddress.IsValidSmtpAddress(liveIdBasicTokenAccessor.LiveIdMemberName))
                {
                    string domain = SmtpAddress.Parse(liveIdBasicTokenAccessor.LiveIdMemberName).Domain;
                    return(new PuidAnchorMailbox(liveIdBasicTokenAccessor.Puid, domain, requestContext));
                }
                return(null);
            }

            case 3:
            {
                string sid = cat.ExtensionData["UserSid"];
                string text;
                cat.ExtensionData.TryGetValue("OrganizationName", out text);
                string smtpOrLiveId;
                cat.ExtensionData.TryGetValue("MemberName", out smtpOrLiveId);
                if (!string.IsNullOrEmpty(text) && requestContext.Logger != null)
                {
                    requestContext.Logger.ActivityScope.SetProperty(5, text);
                }
                requestContext.Logger.SafeSet(3, "CommonAccessToken-LiveIdNego2");
                return(new SidAnchorMailbox(sid, requestContext)
                    {
                        SmtpOrLiveId = smtpOrLiveId
                    });
            }

            case 4:
                return(null);

            case 6:
                return(null);

            case 7:
            {
                ADRawEntry httpContextADRawEntry = AuthCommon.GetHttpContextADRawEntry(requestContext.HttpContext);
                if (httpContextADRawEntry != null)
                {
                    requestContext.Logger.SafeSet(3, "CommonAccessToken-CertificateSid");
                    return(new UserADRawEntryAnchorMailbox(httpContextADRawEntry, requestContext));
                }
                CertificateSidTokenAccessor certificateSidTokenAccessor = CertificateSidTokenAccessor.Attach(cat);
                requestContext.Logger.SafeSet(3, "CommonAccessToken-CertificateSid");
                return(new SidAnchorMailbox(certificateSidTokenAccessor.UserSid, requestContext)
                    {
                        PartitionId = certificateSidTokenAccessor.PartitionId
                    });
            }

            case 8:
                return(null);
            }
            return(null);
        }
Exemplo n.º 4
0
 // Token: 0x06000058 RID: 88 RVA: 0x00003368 File Offset: 0x00001568
 private void Deserialize(Stream stream)
 {
     using (BinaryReader binaryReader = new BinaryReader(stream))
     {
         this.ReadAndValidateFieldType(binaryReader, 'V', Strings.MissingVersion);
         this.Version = this.BinaryRead <ushort>(new Func <ushort>(binaryReader.ReadUInt16), Strings.MissingVersion);
         this.ReadAndValidateFieldType(binaryReader, 'A', Strings.MissingAuthenticationType);
         string             value = this.BinaryRead <string>(new Func <string>(binaryReader.ReadString), Strings.MissingAuthenticationType);
         AuthenticationType authenticationType;
         if (!Enum.TryParse <AuthenticationType>(value, out authenticationType))
         {
             ExTraceGlobals.UserTokenTracer.TraceError <AuthenticationType>(0L, "Invalid authentication type {0}", authenticationType);
             throw new UserTokenException(Strings.InvalidDelegatedPrincipal(value));
         }
         this.AuthenticationType = authenticationType;
         this.ReadAndValidateFieldType(binaryReader, 'D', Strings.MissingDelegatedPrincipal);
         string             text = this.ReadNullableString(binaryReader, Strings.MissingDelegatedPrincipal);
         DelegatedPrincipal delegatedPrincipal = null;
         if (text != null && !DelegatedPrincipal.TryParseDelegatedString(text, out delegatedPrincipal))
         {
             ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid delegated principal {0}", text);
             throw new UserTokenException(Strings.InvalidDelegatedPrincipal(text));
         }
         this.DelegatedPrincipal = delegatedPrincipal;
         this.ReadAndValidateFieldType(binaryReader, 'L', Strings.MissingWindowsLiveId);
         this.WindowsLiveId = this.ReadNullableString(binaryReader, Strings.MissingWindowsLiveId);
         this.ReadAndValidateFieldType(binaryReader, 'N', Strings.MissingUserName);
         this.UserName = this.ReadNullableString(binaryReader, Strings.MissingUserName);
         this.ReadAndValidateFieldType(binaryReader, 'U', Strings.MissingUserSid);
         string text2 = this.ReadNullableString(binaryReader, Strings.MissingUserSid);
         if (text2 != null)
         {
             try
             {
                 this.UserSid = new SecurityIdentifier(text2);
             }
             catch (ArgumentException innerException)
             {
                 ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid user sid {0}", text2);
                 throw new UserTokenException(Strings.InvalidUserSid(text2), innerException);
             }
         }
         this.ReadAndValidateFieldType(binaryReader, 'P', Strings.MissingPartitionId);
         string      text3       = this.ReadNullableString(binaryReader, Strings.MissingPartitionId);
         PartitionId partitionId = null;
         if (text3 != null && !PartitionId.TryParse(text3, out partitionId))
         {
             ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid partition id {0}", text3);
             throw new UserTokenException(Strings.InvalidPartitionId(text3));
         }
         this.PartitionId = partitionId;
         this.ReadAndValidateFieldType(binaryReader, 'O', Strings.MissingOrganization);
         string text4 = this.ReadNullableString(binaryReader, Strings.MissingOrganization);
         if (text4 != null)
         {
             byte[] bytes;
             try
             {
                 bytes = Convert.FromBase64String(text4);
             }
             catch (FormatException innerException2)
             {
                 ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid organization id {0}", text4);
                 throw new UserTokenException(Strings.InvalidOrganization(text4), innerException2);
             }
             OrganizationId organization;
             if (!OrganizationId.TryCreateFromBytes(bytes, Encoding.UTF8, out organization))
             {
                 ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid organization id {0}", text4);
                 throw new UserTokenException(Strings.InvalidOrganization(text4));
             }
             this.Organization = organization;
         }
         this.ReadAndValidateFieldType(binaryReader, 'M', Strings.MissingManagedOrganization);
         this.ManagedOrganization = this.ReadNullableString(binaryReader, Strings.MissingManagedOrganization);
         this.ReadAndValidateFieldType(binaryReader, 'W', Strings.MissingAppPasswordUsed);
         this.AppPasswordUsed = this.BinaryRead <bool>(new Func <bool>(binaryReader.ReadBoolean), Strings.MissingAppPasswordUsed);
         int num = (int)(binaryReader.BaseStream.Length - binaryReader.BaseStream.Position);
         if (num > 0)
         {
             byte[] array = binaryReader.ReadBytes(num);
             array = this.Decompress(array);
             this.CommonAccessToken = CommonAccessToken.Deserialize(Encoding.UTF8.GetString(array));
         }
         else
         {
             this.CommonAccessToken = null;
         }
     }
 }
Exemplo n.º 5
0
        private IAuthenticationInfo GetPrincipal(OperationContext operationContext)
        {
            MRSProxyAuthorizationManager.AuthenticationData authenticationData = this.GetAuthenticationData(operationContext);
            if (authenticationData.AuthenticationInfo != null)
            {
                return(authenticationData.AuthenticationInfo);
            }
            IAuthenticationInfo authenticationInfo = base.Authenticate(operationContext);

            if (authenticationInfo == null)
            {
                return(null);
            }
            if (operationContext.Channel.LocalAddress.Uri.Scheme == "net.tcp" || this.TestIntegration.UseHttpsForLocalMoves)
            {
                return(authenticationInfo);
            }
            WindowsPrincipal windowsPrincipal = authenticationInfo.WindowsPrincipal;
            WindowsIdentity  windowsIdentity  = windowsPrincipal.Identity as WindowsIdentity;

            using (ClientSecurityContext clientSecurityContext = new ClientSecurityContext(windowsIdentity))
            {
                if (!LocalServer.AllowsTokenSerializationBy(clientSecurityContext))
                {
                    MrsTracer.ProxyService.Debug("MRSProxyAuthorizationManager: User {0} does not have the permission to serialize security token.", new object[]
                    {
                        authenticationInfo.PrincipalName
                    });
                    return(null);
                }
            }
            object obj;

            if (!OperationContext.Current.IncomingMessageProperties.TryGetValue(HttpRequestMessageProperty.Name, out obj))
            {
                return(null);
            }
            HttpRequestMessageProperty httpRequestMessageProperty = obj as HttpRequestMessageProperty;

            if (httpRequestMessageProperty == null)
            {
                return(null);
            }
            string[] values = httpRequestMessageProperty.Headers.GetValues("X-CommonAccessToken");
            if (values == null || values.Length != 1)
            {
                return(null);
            }
            string text = values[0];

            if (string.IsNullOrEmpty(text))
            {
                return(null);
            }
            using (ClientSecurityContext clientSecurityContext2 = new ClientSecurityContext(windowsIdentity))
            {
                if (!LocalServer.AllowsTokenSerializationBy(clientSecurityContext2))
                {
                    MrsTracer.ProxyService.Debug("MRSProxyAuthorizationManager: User {0} does not have the permission to serialize security token.", new object[]
                    {
                        windowsIdentity
                    });
                    return(null);
                }
            }
            CommonAccessToken  commonAccessToken  = CommonAccessToken.Deserialize(text);
            SecurityIdentifier securityIdentifier = new SecurityIdentifier(commonAccessToken.WindowsAccessToken.UserSid);
            IRootOrganizationRecipientSession rootOrganizationRecipientSession = DirectorySessionFactory.Default.CreateRootOrgRecipientSession(true, ConsistencyMode.PartiallyConsistent, ADSessionSettings.FromRootOrgScopeSet(), 300, "GetPrincipal", "f:\\15.00.1497\\sources\\dev\\mrs\\src\\ProxyService\\MRSProxyAuthorizationManager.cs");
            ADRawEntry adrawEntry = rootOrganizationRecipientSession.FindADRawEntryBySid(securityIdentifier, MRSProxyAuthorizationManager.userPrincipalName);

            if (adrawEntry == null)
            {
                authenticationData.AuthenticationInfo = new AuthenticationInfo(securityIdentifier);
            }
            else
            {
                string sUserPrincipalName = (string)adrawEntry[ADUserSchema.UserPrincipalName];
                windowsIdentity = new WindowsIdentity(sUserPrincipalName);
                authenticationData.AuthenticationInfo = new AuthenticationInfo(windowsIdentity, windowsIdentity.Name);
            }
            return(authenticationData.AuthenticationInfo);
        }
Exemplo n.º 6
0
        private static AnchorMailbox TryCreateFromCommonAccessToken(CommonAccessToken cat, IRequestContext requestContext)
        {
            AccessTokenType accessTokenType = (AccessTokenType)Enum.Parse(typeof(AccessTokenType), cat.TokenType, true);

            if (accessTokenType == AccessTokenType.CompositeIdentity)
            {
                requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-CompositeIdentity");
                cat             = CommonAccessToken.Deserialize(cat.ExtensionData["PrimaryIdentityToken"]);
                accessTokenType = (AccessTokenType)Enum.Parse(typeof(AccessTokenType), cat.TokenType, true);
            }
            switch (accessTokenType)
            {
            case AccessTokenType.Windows:
                requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-Windows");
                return(new SidAnchorMailbox(cat.WindowsAccessToken.UserSid, requestContext));

            case AccessTokenType.LiveId:
            {
                LiveIdFbaTokenAccessor liveIdFbaTokenAccessor = LiveIdFbaTokenAccessor.Attach(cat);
                requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-LiveId");
                return(new SidAnchorMailbox(liveIdFbaTokenAccessor.UserSid, requestContext)
                    {
                        OrganizationId = liveIdFbaTokenAccessor.OrganizationId,
                        SmtpOrLiveId = liveIdFbaTokenAccessor.LiveIdMemberName
                    });
            }

            case AccessTokenType.LiveIdBasic:
            {
                LiveIdBasicTokenAccessor liveIdBasicTokenAccessor = LiveIdBasicTokenAccessor.Attach(cat);
                requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-LiveIdBasic");
                if (liveIdBasicTokenAccessor.UserSid != null)
                {
                    return(new SidAnchorMailbox(liveIdBasicTokenAccessor.UserSid, requestContext)
                        {
                            OrganizationId = liveIdBasicTokenAccessor.OrganizationId,
                            SmtpOrLiveId = liveIdBasicTokenAccessor.LiveIdMemberName
                        });
                }
                return(new PuidAnchorMailbox(liveIdBasicTokenAccessor.Puid, liveIdBasicTokenAccessor.LiveIdMemberName, requestContext));
            }

            case AccessTokenType.LiveIdNego2:
            {
                string sid = cat.ExtensionData["UserSid"];
                string value;
                cat.ExtensionData.TryGetValue("OrganizationName", out value);
                string smtpOrLiveId;
                cat.ExtensionData.TryGetValue("MemberName", out smtpOrLiveId);
                if (!string.IsNullOrEmpty(value) && requestContext.Logger != null)
                {
                    requestContext.Logger.ActivityScope.SetProperty(ActivityStandardMetadata.TenantId, value);
                }
                requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-LiveIdNego2");
                return(new SidAnchorMailbox(sid, requestContext)
                    {
                        SmtpOrLiveId = smtpOrLiveId
                    });
            }

            case AccessTokenType.OAuth:
                return(null);

            case AccessTokenType.Adfs:
                return(null);

            case AccessTokenType.CertificateSid:
            {
                ADRawEntry httpContextADRawEntry = AuthCommon.GetHttpContextADRawEntry(requestContext.HttpContext);
                if (httpContextADRawEntry != null)
                {
                    requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-CertificateSid");
                    return(new UserADRawEntryAnchorMailbox(httpContextADRawEntry, requestContext));
                }
                CertificateSidTokenAccessor certificateSidTokenAccessor = CertificateSidTokenAccessor.Attach(cat);
                requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-CertificateSid");
                return(new SidAnchorMailbox(certificateSidTokenAccessor.UserSid, requestContext)
                    {
                        PartitionId = certificateSidTokenAccessor.PartitionId
                    });
            }

            case AccessTokenType.RemotePowerShellDelegated:
                return(null);
            }
            return(null);
        }