public AuthorizationContext GetContext(IUser user, SecurityIdentifier resourceDomain, AuthorizationContextDomainDetails domainDetails)
{
AuthorizationServer server = domainDetails.GetServer(false);
Exception lastException = null;
HashSet <string> attemptedServers = new HashSet <string>(StringComparer.OrdinalIgnoreCase);
while (attemptedServers.Add(server.Name))
{
try
{
this.logger.LogTrace("Attempting to create AuthorizationContext against server {server} in domain {domain} for user {user} requesting access to resource in domain {domain} ", server.Name, domainDetails.DomainDnsName, user.MsDsPrincipalName, resourceDomain);
return(new AuthorizationContext(user.Sid, server.Name, domainDetails.Mapping.DoNotRequireS4U ? AuthzInitFlags.Default : AuthzInitFlags.RequireS4ULogon));
}
catch (AuthorizationContextException ex) when(ex.InnerException is Win32Exception we && we.HResult == -2147467259) //RPC_NOT_AVAILABLE
{
lastException = ex;
this.logger.LogWarning(EventIDs.AuthZContextServerCantConnect, ex, "Unable to connect to server {server}", server.Name);
server = domainDetails.GetServer(true);
}
catch (Exception ex)
{
lastException = ex;
this.logger.LogError(EventIDs.AuthZContextCreateError, ex, "Unable to create AuthorizationContext against server {server} in domain {domain}", server.Name, domainDetails.DomainDnsName);
}
}
throw lastException ?? new Exception("Unable to create authorization context");
}
