// Token: 0x06000280 RID: 640 RVA: 0x0001142C File Offset: 0x0000F62C
private static bool RedirectCaller(OperationContext operationContext, string smtpAddress)
{
string redirectServer = MServe.GetRedirectServer(smtpAddress);
if (!string.IsNullOrEmpty(redirectServer))
{
return(AutodiscoverAuthorizationManager.BuildRedirectUrlAndRedirectCaller(operationContext, redirectServer));
}
string reason = string.Format("No redirection server for Identity: {0}; ", smtpAddress.ToString());
return(AutodiscoverAuthorizationManager.Return403UnauthorizedResponse(operationContext, reason));
}
// Token: 0x0600027D RID: 637 RVA: 0x00010D88 File Offset: 0x0000EF88
private static bool CheckClaimSets(OperationContext operationContext, ReadOnlyCollection <ClaimSet> claimSets)
{
HttpContext.Current.Items["AuthType"] = "LiveIdToken";
claimSets.TraceClaimSets();
bool flag = false;
bool flag2 = false;
bool flag3 = false;
string text = null;
string text2 = null;
foreach (ClaimSet claimSet in claimSets)
{
foreach (Claim claim in claimSet)
{
if (AutodiscoverAuthorizationManager.DoesClaimMatch(claim, "http://schemas.xmlsoap.org/claims/PUID", Rights.PossessProperty))
{
flag = AutodiscoverAuthorizationManager.DoesClaimHaveProperResource <string>(claim, out text);
}
else if (AutodiscoverAuthorizationManager.DoesClaimMatch(claim, "http://schemas.xmlsoap.org/claims/ConsumerPUID", Rights.PossessProperty))
{
flag2 = AutodiscoverAuthorizationManager.DoesClaimHaveProperResource <string>(claim, out text2);
}
else if (AutodiscoverAuthorizationManager.DoesClaimMatch(claim, ClaimTypes.Authentication, Rights.PossessProperty))
{
flag3 = true;
}
if (flag && flag2 && flag3)
{
break;
}
}
if (flag && flag2 && flag3)
{
break;
}
}
if (!flag3 || (text == null && text2 == null))
{
string reason = string.Format("Did not find all necessary claims. PUID: {0}; ConsumerPUID: {1}; Auth/Possess: {2}", flag, flag2, flag3);
return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, reason));
}
string userId = (text2 == null) ? text : text2;
RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericInfo("UserPUID", userId);
SmtpAddress smtpAddress;
if (!AutodiscoverAuthorizationManager.TryGetEmailAddressInClaimSets(claimSets, out smtpAddress))
{
string reason2 = string.Format("Did not find EmailAddress claim for PUID: {0}; ", userId);
return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, reason2));
}
PropertyDefinition[] propertyDefinitionArrayUPN = new PropertyDefinition[]
{
ADUserSchema.UserPrincipalName,
ADMailboxRecipientSchema.SamAccountName,
ADObjectSchema.OrganizationId
};
ADRawEntry adRawEntry = null;
try
{
bool isRootOrgLookup = false;
RequestDetailsLoggerBase <RequestDetailsLogger> .Current.TrackLatency(ServiceLatencyMetadata.CallerADLatency, delegate()
{
DateTime utcNow = DateTime.UtcNow;
ADSessionSettings adsessionSettings = Common.SessionSettingsFromAddress(smtpAddress.ToString());
RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericInfo("CheckClaimSets_SmtpAddress", smtpAddress.ToString());
RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericInfo("AD_ChkClaim_SessionSettingsFromAddress", (DateTime.UtcNow - utcNow).TotalMilliseconds);
utcNow = DateTime.UtcNow;
isRootOrgLookup = OrganizationId.ForestWideOrgId.Equals(adsessionSettings.CurrentOrganizationId);
if (!isRootOrgLookup)
{
ITenantRecipientSession tenantRecipientSession = DirectorySessionFactory.Default.CreateTenantRecipientSession(true, ConsistencyMode.IgnoreInvalid, adsessionSettings, 596, "CheckClaimSets", "f:\\15.00.1497\\sources\\dev\\autodisc\\src\\WCF\\AutodiscoverAuthorizationManager.cs");
RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericInfo("AD_TenantRecipientSession", (DateTime.UtcNow - utcNow).TotalMilliseconds);
utcNow = DateTime.UtcNow;
adRawEntry = tenantRecipientSession.FindUniqueEntryByNetID(userId, propertyDefinitionArrayUPN);
RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericInfo("AD_FindUniqueEntryByNetID", (DateTime.UtcNow - utcNow).TotalMilliseconds);
}
});
if (isRootOrgLookup)
{
return(AutodiscoverAuthorizationManager.Return403UnauthorizedResponse(operationContext, "NetID lookup for root org user is not allowed"));
}
}
catch (NonUniqueRecipientException arg)
{
ExTraceGlobals.AuthenticationTracer.TraceDebug <NonUniqueRecipientException>(0L, "FindUniqueEntryByNetId threw exception: {0}", arg);
return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Found more than 1 user by NetID in AD"));
}
if (adRawEntry == null)
{
RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericError("Redirect as we are unable to find user:.", userId);
return(AutodiscoverAuthorizationManager.RedirectCaller(operationContext, smtpAddress.ToString()));
}
string arg2 = (string)adRawEntry[ADMailboxRecipientSchema.SamAccountName];
string text3 = string.Format("{0}@{1}", arg2, adRawEntry.Id.GetPartitionId().ForestFQDN);
string text4 = (string)adRawEntry[ADUserSchema.UserPrincipalName];
OrganizationId organizationId = (OrganizationId)adRawEntry[ADObjectSchema.OrganizationId];
HttpContext.Current.Items["UserOrganizationId"] = organizationId;
OrganizationProperties organizationProperties;
if (!OrganizationPropertyCache.TryGetOrganizationProperties(organizationId, out organizationProperties))
{
ExTraceGlobals.AuthenticationTracer.TraceError <OrganizationId, string>(0L, "[AutodiscoverAuthorizationManager::CheckClaimSets] Logon failed: could not locate org info for organization {0} even though user from this org was found {1}", organizationId, text4);
return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Could not find organization info via OrganizationPropertyCache"));
}
if (!organizationProperties.SkipToUAndParentalControlCheck && !AutodiscoverAuthorizationManager.CheckClaimSetsForTOUClaims(operationContext, claimSets, true) && !AutodiscoverAuthorizationManager.CheckClaimSetsForTOUClaims(operationContext, claimSets, false))
{
return(false);
}
WindowsIdentity windowsIdentity = null;
try
{
windowsIdentity = new WindowsIdentity(text3);
}
catch (UnauthorizedAccessException ex)
{
RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendAuthError("WindowsIdentity_UnauthorizedAccessException", ex.ToString());
ExTraceGlobals.AuthenticationTracer.TraceError <string, string, object>(0L, "[AutodiscoverAuthorizationManager::CheckClaimSets] UnauthorizedAccessException encountered. UPN: {0}, Exception message: {1}, Identity: {2}", text3, ex.Message, (windowsIdentity == null) ? "<NULL>" : windowsIdentity.User);
return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Creating WindowsIdentity from UPN failed with a UnauthorizedAccessException"));
}
catch (SecurityException ex2)
{
RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendAuthError("WindowsIdentity_SecurityException", ex2.ToString());
ExTraceGlobals.AuthenticationTracer.TraceError <string, string, object>(0L, "[AutodiscoverAuthorizationManager::CheckClaimSets] SecurityException encountered. UPN: {0}, Exception message: {1}, Identity: {2}", text3, ex2.Message, (windowsIdentity == null) ? "<NULL>" : windowsIdentity.User);
return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Creating WindowsIdentity from UPN failed with a SecurityException"));
}
string org = null;
if (organizationId != null && organizationId.OrganizationalUnit != null)
{
org = organizationId.OrganizationalUnit.Name;
}
AutodiscoverAuthorizationManager.PushUserAndOrgInfoToContext(text4, org);
HttpContext.Current.User = new WindowsPrincipal(windowsIdentity);
return(true);
}
