// Token: 0x06000280 RID: 640 RVA: 0x0001142C File Offset: 0x0000F62C private static bool RedirectCaller(OperationContext operationContext, string smtpAddress) { string redirectServer = MServe.GetRedirectServer(smtpAddress); if (!string.IsNullOrEmpty(redirectServer)) { return(AutodiscoverAuthorizationManager.BuildRedirectUrlAndRedirectCaller(operationContext, redirectServer)); } string reason = string.Format("No redirection server for Identity: {0}; ", smtpAddress.ToString()); return(AutodiscoverAuthorizationManager.Return403UnauthorizedResponse(operationContext, reason)); }
// Token: 0x0600027D RID: 637 RVA: 0x00010D88 File Offset: 0x0000EF88 private static bool CheckClaimSets(OperationContext operationContext, ReadOnlyCollection <ClaimSet> claimSets) { HttpContext.Current.Items["AuthType"] = "LiveIdToken"; claimSets.TraceClaimSets(); bool flag = false; bool flag2 = false; bool flag3 = false; string text = null; string text2 = null; foreach (ClaimSet claimSet in claimSets) { foreach (Claim claim in claimSet) { if (AutodiscoverAuthorizationManager.DoesClaimMatch(claim, "http://schemas.xmlsoap.org/claims/PUID", Rights.PossessProperty)) { flag = AutodiscoverAuthorizationManager.DoesClaimHaveProperResource <string>(claim, out text); } else if (AutodiscoverAuthorizationManager.DoesClaimMatch(claim, "http://schemas.xmlsoap.org/claims/ConsumerPUID", Rights.PossessProperty)) { flag2 = AutodiscoverAuthorizationManager.DoesClaimHaveProperResource <string>(claim, out text2); } else if (AutodiscoverAuthorizationManager.DoesClaimMatch(claim, ClaimTypes.Authentication, Rights.PossessProperty)) { flag3 = true; } if (flag && flag2 && flag3) { break; } } if (flag && flag2 && flag3) { break; } } if (!flag3 || (text == null && text2 == null)) { string reason = string.Format("Did not find all necessary claims. PUID: {0}; ConsumerPUID: {1}; Auth/Possess: {2}", flag, flag2, flag3); return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, reason)); } string userId = (text2 == null) ? text : text2; RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericInfo("UserPUID", userId); SmtpAddress smtpAddress; if (!AutodiscoverAuthorizationManager.TryGetEmailAddressInClaimSets(claimSets, out smtpAddress)) { string reason2 = string.Format("Did not find EmailAddress claim for PUID: {0}; ", userId); return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, reason2)); } PropertyDefinition[] propertyDefinitionArrayUPN = new PropertyDefinition[] { ADUserSchema.UserPrincipalName, ADMailboxRecipientSchema.SamAccountName, ADObjectSchema.OrganizationId }; ADRawEntry adRawEntry = null; try { bool isRootOrgLookup = false; RequestDetailsLoggerBase <RequestDetailsLogger> .Current.TrackLatency(ServiceLatencyMetadata.CallerADLatency, delegate() { DateTime utcNow = DateTime.UtcNow; ADSessionSettings adsessionSettings = Common.SessionSettingsFromAddress(smtpAddress.ToString()); RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericInfo("CheckClaimSets_SmtpAddress", smtpAddress.ToString()); RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericInfo("AD_ChkClaim_SessionSettingsFromAddress", (DateTime.UtcNow - utcNow).TotalMilliseconds); utcNow = DateTime.UtcNow; isRootOrgLookup = OrganizationId.ForestWideOrgId.Equals(adsessionSettings.CurrentOrganizationId); if (!isRootOrgLookup) { ITenantRecipientSession tenantRecipientSession = DirectorySessionFactory.Default.CreateTenantRecipientSession(true, ConsistencyMode.IgnoreInvalid, adsessionSettings, 596, "CheckClaimSets", "f:\\15.00.1497\\sources\\dev\\autodisc\\src\\WCF\\AutodiscoverAuthorizationManager.cs"); RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericInfo("AD_TenantRecipientSession", (DateTime.UtcNow - utcNow).TotalMilliseconds); utcNow = DateTime.UtcNow; adRawEntry = tenantRecipientSession.FindUniqueEntryByNetID(userId, propertyDefinitionArrayUPN); RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericInfo("AD_FindUniqueEntryByNetID", (DateTime.UtcNow - utcNow).TotalMilliseconds); } }); if (isRootOrgLookup) { return(AutodiscoverAuthorizationManager.Return403UnauthorizedResponse(operationContext, "NetID lookup for root org user is not allowed")); } } catch (NonUniqueRecipientException arg) { ExTraceGlobals.AuthenticationTracer.TraceDebug <NonUniqueRecipientException>(0L, "FindUniqueEntryByNetId threw exception: {0}", arg); return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Found more than 1 user by NetID in AD")); } if (adRawEntry == null) { RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericError("Redirect as we are unable to find user:.", userId); return(AutodiscoverAuthorizationManager.RedirectCaller(operationContext, smtpAddress.ToString())); } string arg2 = (string)adRawEntry[ADMailboxRecipientSchema.SamAccountName]; string text3 = string.Format("{0}@{1}", arg2, adRawEntry.Id.GetPartitionId().ForestFQDN); string text4 = (string)adRawEntry[ADUserSchema.UserPrincipalName]; OrganizationId organizationId = (OrganizationId)adRawEntry[ADObjectSchema.OrganizationId]; HttpContext.Current.Items["UserOrganizationId"] = organizationId; OrganizationProperties organizationProperties; if (!OrganizationPropertyCache.TryGetOrganizationProperties(organizationId, out organizationProperties)) { ExTraceGlobals.AuthenticationTracer.TraceError <OrganizationId, string>(0L, "[AutodiscoverAuthorizationManager::CheckClaimSets] Logon failed: could not locate org info for organization {0} even though user from this org was found {1}", organizationId, text4); return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Could not find organization info via OrganizationPropertyCache")); } if (!organizationProperties.SkipToUAndParentalControlCheck && !AutodiscoverAuthorizationManager.CheckClaimSetsForTOUClaims(operationContext, claimSets, true) && !AutodiscoverAuthorizationManager.CheckClaimSetsForTOUClaims(operationContext, claimSets, false)) { return(false); } WindowsIdentity windowsIdentity = null; try { windowsIdentity = new WindowsIdentity(text3); } catch (UnauthorizedAccessException ex) { RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendAuthError("WindowsIdentity_UnauthorizedAccessException", ex.ToString()); ExTraceGlobals.AuthenticationTracer.TraceError <string, string, object>(0L, "[AutodiscoverAuthorizationManager::CheckClaimSets] UnauthorizedAccessException encountered. UPN: {0}, Exception message: {1}, Identity: {2}", text3, ex.Message, (windowsIdentity == null) ? "<NULL>" : windowsIdentity.User); return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Creating WindowsIdentity from UPN failed with a UnauthorizedAccessException")); } catch (SecurityException ex2) { RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendAuthError("WindowsIdentity_SecurityException", ex2.ToString()); ExTraceGlobals.AuthenticationTracer.TraceError <string, string, object>(0L, "[AutodiscoverAuthorizationManager::CheckClaimSets] SecurityException encountered. UPN: {0}, Exception message: {1}, Identity: {2}", text3, ex2.Message, (windowsIdentity == null) ? "<NULL>" : windowsIdentity.User); return(AutodiscoverAuthorizationManager.Return401UnauthorizedResponse(operationContext, "Creating WindowsIdentity from UPN failed with a SecurityException")); } string org = null; if (organizationId != null && organizationId.OrganizationalUnit != null) { org = organizationId.OrganizationalUnit.Name; } AutodiscoverAuthorizationManager.PushUserAndOrgInfoToContext(text4, org); HttpContext.Current.User = new WindowsPrincipal(windowsIdentity); return(true); }