// Token: 0x06001245 RID: 4677 RVA: 0x00039AC8 File Offset: 0x00037CC8 public override string GetMembershipId(SenderInfo senderInfo) { ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorization.GetMembershipId] Enter."); string result; try { string name = senderInfo.Principal.Identity.Name; ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>((long)this.GetHashCode(), "[PswsAuthorization.GetMembershipId] membershipId = \"{0}\".", name); result = name; } catch (Exception ex) { ExTraceGlobals.PublicPluginAPITracer.TraceError <Exception>((long)this.GetHashCode(), "[PswsAuthorization.GetMembershipId] Exception: {0}", ex); AuthZLogger.SafeAppendGenericError("PswsAuthorization.GetMembershipId", ex, new Func <Exception, bool>(KnownException.IsUnhandledException)); TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_PswsPublicAPIFailed, null, new object[] { "PswsAuthorization.GetMembershipId", ex.ToString() }); PswsErrorHandling.SendErrorToClient(PswsErrorCode.MemberShipIdError, ex, null); throw; } finally { ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorization.GetMembershipId] Exit."); } return(result); }
private void CheckSessionOverBudget() { OverBudgetException exception; if (WSManBudgetManager.Instance.CheckOverBudget(this.currentAuthZUserToken, CostType.ActiveRunspace, out exception)) { LocalizedString message = AuthZPluginHelper.HandleUserOverBudgetException(exception, this.currentAuthZUserToken); throw new AuthorizationException(message); } if (this.currentAuthZUserToken.OrgId != null && WSManTenantBudgetManager.Instance.CheckOverBudget(this.currentAuthZUserToken, CostType.ActiveRunspace, out exception)) { LocalizedString message2 = AuthZPluginHelper.HandleTenantOverBudgetException(exception, this.currentAuthZUserToken); throw new AuthorizationException(message2); } if (AppSettings.Current.MaxPowershellAppPoolConnections > 0 && WSManBudgetManager.Instance.TotalActiveRunspaces >= AppSettings.Current.MaxPowershellAppPoolConnections) { string windowsLiveId = this.currentAuthZUserToken.WindowsLiveId; if (!string.IsNullOrEmpty(windowsLiveId)) { FailFastUserCache.Instance.AddUserToCache(windowsLiveId, BlockedType.NewSession, TimeSpan.Zero); } AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-Machine", LoggerHelper.GetContributeToFailFastValue("AllUsers", "-1", "NewSesion", -1.0)); FailFastUserCache.Instance.AddAllUsersToCache(BlockedType.NewSession, TimeSpan.Zero); LocalizedString localizedString = Strings.ErrorMaxConnectionLimit(AppSettings.Current.VDirName); ExTraceGlobals.RunspaceConfigTracer.TraceError(0L, localizedString); TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxPSConnectionLimit, null, new object[] { AppSettings.Current.VDirName, AppSettings.Current.MaxPowershellAppPoolConnections }); throw new AuthorizationException(localizedString); } }
private static void ValidateQueryString(string httpURL, ADRawEntry userEntry) { string text; string tenantOrganization = ExchangeRunspaceConfigurationSettings.FromUriConnectionString(httpURL, out text).TenantOrganization; string value = tenantOrganization; if (string.IsNullOrEmpty(tenantOrganization)) { return; } AuthZLogger.SafeSetLogger(ConfigurationCoreMetadata.ManagedOrganization, value); OrganizationId organizationId = userEntry[ADObjectSchema.OrganizationId] as OrganizationId; if (organizationId != null && !ExchangeRunspaceConfiguration.IsAllowedOrganizationForPartnerAccounts(organizationId)) { AuthZLogger.SafeAppendGenericError("ValidateQueryString", string.Format("Organization {0} not allowed for partner account.", organizationId.ToString()), false); ExTraceGlobals.AccessDeniedTracer.TraceError <ADObjectId>(0L, "EAP.ValidateQueryString returns AccessDenied because user {0} does not belong to the appropriate organization", userEntry.Id); throw new NotAllowedForPartnerAccessException(Strings.ErrorNotAllowedForPartnerAccess); } Uri uri; if (!Uri.TryCreate(httpURL, UriKind.Absolute, out uri)) { AuthZLogger.SafeAppendGenericError("ValidateQueryString", string.Format("Url {0} Incorrect.", httpURL), false); ExTraceGlobals.AccessDeniedTracer.TraceError <ADObjectId, string, string>(0L, "EAP.ValidateQueryString returns AccessDenied because tenant user {0} requested partner access to {1} which is not found in the local forest and URL {2} is invalid", userEntry.Id, tenantOrganization, httpURL); throw new UrlInValidException(Strings.ErrorUrlInValid); } ExTraceGlobals.ADConfigTracer.TraceDebug(0L, "EAP.ValidateQueryString returns Success."); }
private void RunspacesLeakDetected(string key, string relatedBudgetKey) { int num = 0; IPowerShellBudget powerShellBudget = null; if (this.budgets.TryGetValue(key, out powerShellBudget)) { num = powerShellBudget.TotalActiveRunspacesCount; } if (powerShellBudget != null) { ExTraceGlobals.PublicPluginAPITracer.TraceError <string, string, int>(0L, "Connection leak detected for Key {0} in class {1}. Leaked value {2}.", key, base.GetType().ToString(), num); if (num > 0) { AuthZLogger.SafeAppendGenericError("WSManBudgetManagerBase.RunspacesLeakDetected", string.Format("Connection leak detected for Key {0} in class {1}. Leaked value {2}.", key, base.GetType(), num), false); TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_PSConnectionLeakDetected, null, new object[] { key, base.GetType().ToString(), num }); this.UpdateConnectionLeakPerfCounter(num); } powerShellBudget.Dispose(); } if (num > 0 && relatedBudgetKey != null) { this.CorrectRelatedBudgetWhenLeak(relatedBudgetKey, num); } }
private static void RemoveCmdletParams(RoleEntryInfo entry, IList <string> paramList, IList <RoleEntryInfo> cmdletTobeRemoved, IList <RoleEntryInfo> cmdletTobeAdded, bool fNewCmdlet) { if (paramList == null || paramList.Count == 0) { return; } if (cmdletTobeRemoved == null) { return; } if (cmdletTobeAdded == null) { return; } cmdletTobeRemoved.Add(entry); IEnumerable <string> source = entry.RoleEntry.Parameters.Except(paramList); RoleEntryInfo roleEntryInfo; if (entry.RoleAssignment == null) { roleEntryInfo = new RoleEntryInfo(entry.RoleEntry.Clone(source.ToList <string>())); } else { roleEntryInfo = new RoleEntryInfo(entry.RoleEntry.Clone(source.ToList <string>()), entry.RoleAssignment); } roleEntryInfo.ScopeSet = entry.ScopeSet; cmdletTobeAdded.Add(roleEntryInfo); if (fNewCmdlet) { AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.CmdletFlightDisabled, entry.RoleEntry.Name, string.Join(" ", paramList)); } }
// Token: 0x060012B2 RID: 4786 RVA: 0x0003C778 File Offset: 0x0003A978 internal void StartRunspace(AuthZPluginUserToken userToken) { string runspaceCacheKey = this.GetRunspaceCacheKey(userToken); if (string.IsNullOrEmpty(runspaceCacheKey)) { AuthZLogger.SafeAppendGenericError("NullOrEmptyRunspaceCacheKey", "User token have an empty ExecutingUserName", false); return; } lock (base.InstanceLock) { RunspaceCacheValue runspaceCacheValue; if (this.runspaceCache.TryGetValue(runspaceCacheKey, out runspaceCacheValue)) { ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>((long)this.GetHashCode(), "[PswsBudgetManager.StartRunspace] item {0} is removed explicitly", runspaceCacheKey); if (runspaceCacheValue != null && runspaceCacheValue.CostHandle != null) { runspaceCacheValue.CostHandle.Dispose(); } this.runspaceCache.Remove(runspaceCacheKey); } CostHandle costHandle = this.StartRunspaceImpl(userToken); RunspaceCacheValue value2 = new RunspaceCacheValue { CostHandle = costHandle, UserToken = (PswsAuthZUserToken)userToken }; ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, TimeSpan>((long)this.GetHashCode(), "[PswsBudgetManager.StartRunspace] Add value {0} to runspace cache. Expired time = {1}.", runspaceCacheKey, this.pswsRunspaceCacheTimeout); this.runspaceCache.InsertAbsolute(runspaceCacheKey, value2, this.pswsRunspaceCacheTimeout, new RemoveItemDelegate <string, RunspaceCacheValue>(this.OnRunspaceCacheItemExpired)); } ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>((long)this.GetHashCode(), "[PswsBudgetManager.StartRunspace] Add/Update value {0} to connectedUser cache.", runspaceCacheKey); this.connectedUsers.AddOrUpdate(runspaceCacheKey, ExDateTime.Now, (string key, ExDateTime value) => ExDateTime.Now); AuthZPluginHelper.UpdateAuthZPluginPerfCounters(this); }
// Token: 0x06001277 RID: 4727 RVA: 0x0003B964 File Offset: 0x00039B64 internal static bool TryParseCultureInfo(NameValueCollection headers, out CultureInfo cultureInfo) { cultureInfo = null; string text = headers.Get("X-CultureInfo"); if (!string.IsNullOrWhiteSpace(text)) { try { cultureInfo = new CultureInfo(text); return(true); } catch (CultureNotFoundException ex) { ExTraceGlobals.RunspaceConfigTracer.TraceError <string, CultureNotFoundException>(0L, "[PswsAuthZHelper.TryParseCultureInfo] Invalid culture info \"{0}\". Exception: {1}", text, ex); TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_InvalidCultureInfo, text, new object[] { text, ex.ToString() }); AuthZLogger.SafeAppendGenericError("InvalidCultureInfo", text, false); } return(false); } return(false); }
private static void RemoveCmdlet(RoleEntryInfo entry, IList <RoleEntryInfo> cmdletTobeRemoved, bool fNewCmdlet) { cmdletTobeRemoved.Add(entry); if (fNewCmdlet) { AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.CmdletFlightDisabled, entry.RoleEntry.Name, "*"); } }
// Token: 0x060012E8 RID: 4840 RVA: 0x0003D98F File Offset: 0x0003BB8F private static void LogException(Exception ex, string funcName, bool throwException) { if (throwException) { AuthZLogger.SafeSetLogger(RpsAuthZMetadata.IsAuthorized, false); } AuthZLogger.SafeAppendGenericError(funcName, ex, new Func <Exception, bool>(KnownException.IsUnhandledException)); }
internal static bool ValidateFilteringOnlyUser(string domain, string username) { if (string.IsNullOrEmpty(domain) || !VariantConfiguration.GetSnapshot(MachineSettingsContext.Local, null, null).CmdletInfra.ValidateFilteringOnlyUser.Enabled) { return(false); } if (username.EndsWith(".exchangemon.net", StringComparison.InvariantCultureIgnoreCase)) { AuthZLogger.SafeAppendGenericInfo("ValidateFilteringOnlyUser", string.Format("Bypass monitoring account {0} check.", username)); return(false); } bool result; try { bool flag = false; domain = domain.ToLower(); if (!UserValidationHelper.filteringOnlyCache.TryGetValue(domain, out flag)) { CustomerType customerType = CustomerType.None; Guid guid; string text; string text2; UserValidationHelper.GlsSession.GetFfoTenantSettingsByDomain(domain, out guid, out text, out text2, out customerType); flag = (customerType == CustomerType.FilteringOnly); UserValidationHelper.filteringOnlyCache.TryInsertAbsolute(domain, flag, UserValidationHelper.DefaultAbsoluteTimeout); ExTraceGlobals.PublicPluginAPITracer.TraceDebug(0L, "[UserValidationHelper.ValidateFilteringOnlyUser] Domain:{0} belongs to TenantId:{1}, Region:{2}, Version: {3}, CustomerType: {4}.", new object[] { domain, guid, text, text2, customerType }); AuthZLogger.SafeAppendGenericInfo("ValidateFilteringOnlyUser", string.Format("Domain:{0} belongs to TenantId:{1}, Region:{2}, Version: {3}, CustomerType: {4}.", new object[] { domain, guid, text, text2, customerType })); } else { AuthZLogger.SafeAppendGenericInfo("ValidateFilteringOnlyUser", string.Format("HitCache Domain: {0} is filteringOnly: {1}.", domain, flag)); } result = flag; } catch (Exception ex) { ExTraceGlobals.PublicPluginAPITracer.TraceError <Exception>(0L, "[UserValidationHelper.ValidateFilteringOnlyUser] Exception:{0}", ex); AuthZLogger.SafeAppendGenericError("ValidateFilteringOnlyUser", ex, new Func <Exception, bool>(KnownException.IsUnhandledException)); result = false; } return(result); }
// Token: 0x060012F4 RID: 4852 RVA: 0x0003E08C File Offset: 0x0003C28C internal static void TriggerFailFastForAuthZFailure(string windowsLiveId) { if (string.IsNullOrEmpty(windowsLiveId)) { return; } FailFastUserCache.Instance.AddUserToCache(windowsLiveId, BlockedType.NewSession, TimeSpan.Zero); AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-UserSelf", LoggerHelper.GetContributeToFailFastValue("User", windowsLiveId, "NewSession", -1.0)); }
// Token: 0x060012F3 RID: 4851 RVA: 0x0003DE30 File Offset: 0x0003C030 internal static LocalizedString HandleTenantOverBudgetException(OverBudgetException exception, AuthZPluginUserToken userToken) { string policyPart = exception.PolicyPart; string orgIdInString = userToken.OrgIdInString; string userName = userToken.UserName; string windowsLiveId = userToken.WindowsLiveId; ExTraceGlobals.PublicPluginAPITracer.TraceError <string, string, string>(0L, "Get Tenant OverBudgetException for user {0}, Organization {1}. Message: {2}", userName, orgIdInString, exception.ToString()); AuthZLogger.SafeAppendGenericError("Tenant_OverBudgetException", exception.ToString(), false); TimeSpan blockedTime = TimeSpan.FromMilliseconds((double)exception.BackoffTime); if (windowsLiveId != null) { FailFastUserCache.Instance.AddUserToCache(windowsLiveId, BlockedType.NewSession, blockedTime); AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-UserOrg", LoggerHelper.GetContributeToFailFastValue("User", windowsLiveId, "NewSession", blockedTime.TotalMilliseconds)); } if (!string.IsNullOrEmpty(orgIdInString)) { FailFastUserCache.Instance.AddTenantToCache(orgIdInString, BlockedType.NewSession, blockedTime); AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-Org", LoggerHelper.GetContributeToFailFastValue("Tenant", orgIdInString, "NewSession", blockedTime.TotalMilliseconds)); foreach (string text in userToken.DomainsToBlockTogether) { FailFastUserCache.Instance.AddTenantToCache(text, BlockedType.NewSession, blockedTime); AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-AcceptedDomain-" + text, LoggerHelper.GetContributeToFailFastValue("Tenant", text, "NewSession", blockedTime.TotalMilliseconds)); } } IThrottlingPolicy throttlingPolicy = userToken.GetThrottlingPolicy(); LocalizedString value; if (policyPart == "MaxTenantConcurrency") { value = Strings.ErrorMaxTenantPSConnectionLimit(orgIdInString); TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxTenantPSConnectionLimit, null, new object[] { userName, orgIdInString, throttlingPolicy.PowerShellMaxTenantConcurrency }); } else { if (!(policyPart == "MaxTenantRunspaces")) { throw new NotSupportedException(string.Format("DEV bug. The exception policy part {0} is not expected.", policyPart)); } value = Strings.ErrorTenantMaxRunspacesTarpitting(orgIdInString, exception.BackoffTime / 1000); TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxTenantPSRunspaceInTimePeriodLimit, null, new object[] { userName, orgIdInString, throttlingPolicy.PowerShellMaxTenantRunspaces, throttlingPolicy.PowerShellMaxRunspacesTimePeriod, exception.BackoffTime }); } return(new LocalizedString(value + string.Format("{2}Policy: {0}; {2}Snapshot: {1}", exception.ThrottlingPolicyDN, exception.Snapshot, Environment.NewLine))); }
// Token: 0x060012EA RID: 4842 RVA: 0x0003D9DC File Offset: 0x0003BBDC private static T HandleExceptionAndRetry <T>(string methodName, Func <T> func, bool throwException, T defaultReturnValue) { for (int i = 0; i < 2; i++) { try { Microsoft.Exchange.Diagnostics.Components.Authorization.ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, int>(0L, "Retry function {0} the {1} times.", methodName, i); return(func()); } catch (Exception ex) { bool flag = ex is TransientException; bool flag2 = AuthZPluginHelper.IsFatalException(ex); bool flag3 = flag2 || AuthZLogHelper.ExceptionNoNeedToRetry(ex); Microsoft.Exchange.Diagnostics.Components.Authorization.ExTraceGlobals.PublicPluginAPITracer.TraceDebug(0L, "{0} caught Exception {1}. IsTransientException = {2}. IsFatalException = {3}. NoNeedToRetry = {4}.", new object[] { methodName, ex, flag, flag2, flag3 }); ExEventLog.EventTuple eventInfo = Microsoft.Exchange.Configuration.ObjectModel.EventLog.TaskEventLogConstants.Tuple_RBACUnavailable_UnknownError; if (flag) { eventInfo = Microsoft.Exchange.Configuration.ObjectModel.EventLog.TaskEventLogConstants.Tuple_RBACUnavailable_TransientError; } else if (flag2) { eventInfo = Microsoft.Exchange.Configuration.ObjectModel.EventLog.TaskEventLogConstants.Tuple_RBACUnavailable_FatalError; } TaskLogger.LogRbacEvent(eventInfo, null, new object[] { methodName, ex }); if (flag3 || i == 1) { if (!(ex is ADTransientException) && (flag2 || throwException)) { throw; } AuthZLogHelper.LogException(ex, methodName, false); break; } else { AuthZLogger.SafeAppendGenericInfo(methodName + "-" + ex.GetType().Name + "-Retried", ex.Message); } } } Microsoft.Exchange.Diagnostics.Components.Authorization.ExTraceGlobals.PublicPluginAPITracer.TraceError <string, T>(0L, "{0} returns default value {1}.", methodName, defaultReturnValue); return(defaultReturnValue); }
// Token: 0x060012F2 RID: 4850 RVA: 0x0003DC08 File Offset: 0x0003BE08 internal static LocalizedString HandleUserOverBudgetException(OverBudgetException exception, AuthZPluginUserToken userToken) { string policyPart = exception.PolicyPart; string userName = userToken.UserName; string windowsLiveId = userToken.WindowsLiveId; ExTraceGlobals.PublicPluginAPITracer.TraceError <string, string>(0L, "Get User OverBudgetException for user {0}. Message: {1}", userName, exception.ToString()); AuthZLogger.SafeAppendGenericError("User_OverBudgetException", exception.ToString(), false); if (!string.IsNullOrEmpty(windowsLiveId)) { BlockedType blockedType = (policyPart == "PowerShellMaxCmdlets") ? BlockedType.NewRequest : BlockedType.NewSession; FailFastUserCache.Instance.AddUserToCache(userToken.WindowsLiveId, blockedType, TimeSpan.Zero); AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-UserSelf", LoggerHelper.GetContributeToFailFastValue("User", userToken.WindowsLiveId, blockedType.ToString(), -1.0)); } IThrottlingPolicy throttlingPolicy = userToken.GetThrottlingPolicy(); LocalizedString value; if (policyPart == "MaxConcurrency") { value = Strings.ErrorMaxRunspacesLimit(throttlingPolicy.PowerShellMaxConcurrency.ToString(), policyPart); TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxUserPSConnectionLimit, null, new object[] { userName, throttlingPolicy.PowerShellMaxConcurrency }); } else if (policyPart == "MaxRunspacesTimePeriod") { value = Strings.ErrorMaxRunspacesTarpitting(exception.BackoffTime / 1000); TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxPSRunspaceInTimePeriodLimit, null, new object[] { userName, throttlingPolicy.PowerShellMaxRunspaces, throttlingPolicy.PowerShellMaxRunspacesTimePeriod, exception.BackoffTime }); } else { if (!(policyPart == "PowerShellMaxCmdlets")) { throw new NotSupportedException(string.Format("DEV bug. The exception policy part {0} is not expected.", policyPart)); } value = Strings.ErrorOperationTarpitting(exception.BackoffTime / 1000); TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxPowershellCmdletLimit, null, new object[] { userName, throttlingPolicy.PowerShellMaxCmdlets, throttlingPolicy.PowerShellMaxCmdletsTimePeriod, exception.BackoffTime }); } return(new LocalizedString(value + string.Format("{2}Policy: {0}; {2}Snapshot: {1}", exception.ThrottlingPolicyDN, exception.Snapshot, Environment.NewLine))); }
// Token: 0x060012E7 RID: 4839 RVA: 0x0003D8FC File Offset: 0x0003BAFC internal static void LogAuthZUserToken(AuthZPluginUserToken userToken) { if (userToken == null) { AuthZLogger.SafeSetLogger(RpsAuthZMetadata.IsAuthorized, false); return; } AuthZLogger.SafeSetLogger(RpsAuthZMetadata.IsAuthorized, true); AuthZLogger.SafeSetLogger(ServiceCommonMetadata.AuthenticatedUser, userToken.UserNameForLogging); AuthZLogger.SafeSetLogger(ActivityStandardMetadata.AuthenticationType, userToken.AuthenticationType); AuthZLogger.SafeSetLogger(ActivityStandardMetadata.TenantId, userToken.OrgIdInString); if (userToken.DelegatedPrincipal != null) { AuthZLogger.SafeSetLogger(ConfigurationCoreMetadata.ManagedOrganization, "Delegate:" + userToken.DelegatedPrincipal.DelegatedOrganization); } }
internal static VariantConfigurationSnapshot GetSnapshot(ADRawEntry executingUser, IEnumerable <KeyValuePair <string, string> > additionalConstraints) { if (executingUser == null) { return(null); } VariantConfigurationSnapshot variantConfigurationSnapshot = null; MiniRecipient miniRecipient = new MiniRecipient(); try { try { miniRecipient[MiniRecipientSchema.UserPrincipalName] = executingUser[ADUserSchema.UserPrincipalName]; miniRecipient[ADObjectSchema.OrganizationId] = executingUser[ADObjectSchema.OrganizationId]; miniRecipient[MiniRecipientSchema.ExternalDirectoryObjectId] = executingUser[ADRecipientSchema.ExternalDirectoryObjectId]; miniRecipient[MiniRecipientSchema.Languages] = executingUser[ADOrgPersonSchema.Languages]; } catch (DataValidationException ex) { AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.VariantConfigurationSnapshot, "DataValidationException", ex.Message); } ConstraintCollection constraintCollection = null; if (additionalConstraints != null) { constraintCollection = ConstraintCollection.CreateEmpty(); foreach (KeyValuePair <string, string> keyValuePair in additionalConstraints) { constraintCollection.Add(keyValuePair.Key, keyValuePair.Value); } } variantConfigurationSnapshot = VariantConfiguration.GetSnapshot(miniRecipient.GetContext(null), constraintCollection, null); AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.VariantConfigurationSnapshot, "Flights", string.Join(" ", variantConfigurationSnapshot.Flights)); } catch (Exception ex2) { AuthZLogger.SafeAppendGenericError("VariantConfigurationSnapshot.Exception", ex2.Message, false); } finally { AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.VariantConfigurationSnapshot, "User", executingUser[ADUserSchema.UserPrincipalName].ToString()); AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.VariantConfigurationSnapshot, "Org", executingUser[ADObjectSchema.OrganizationId].ToString()); } return(variantConfigurationSnapshot); }
private static void BuildParamFlightingList(RoleEntryInfo entry, ICmdletSettings cmdletSettings, ref IList <string> paramFlightingList) { IEnumerable <string> enumerable = cmdletSettings.Params0.Union(cmdletSettings.Params1); enumerable = enumerable.Union(cmdletSettings.Params2); enumerable = enumerable.Union(cmdletSettings.Params3); enumerable = enumerable.Union(cmdletSettings.Params4); enumerable = enumerable.Union(cmdletSettings.Params5); enumerable = enumerable.Union(cmdletSettings.Params6); enumerable = enumerable.Union(cmdletSettings.Params7); enumerable = enumerable.Union(cmdletSettings.Params8); enumerable = enumerable.Union(cmdletSettings.Params9); if (enumerable != null) { paramFlightingList = enumerable.ToList <string>(); AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.CmdletFlightEnabled, entry.RoleEntry.Name, string.Join(" ", paramFlightingList)); } }
// Token: 0x06001273 RID: 4723 RVA: 0x0003B5D8 File Offset: 0x000397D8 internal static IIdentity GetExecutingAuthZUser(UserToken userToken) { Microsoft.Exchange.Configuration.Core.AuthenticationType authenticationType = userToken.AuthenticationType; ExTraceGlobals.PublicPluginAPITracer.TraceDebug <Microsoft.Exchange.Configuration.Core.AuthenticationType>(0L, "[PswsAuthZHelper.GetExecutingAuthZUser] authenticationType = \"{0}\".", authenticationType); IIdentity identity = HttpContext.Current.Items["X-Psws-CurrentLogonUser"] as IIdentity; if (identity is SidOAuthIdentity) { AuthZLogger.SafeAppendGenericInfo("PswsLogonUser", "SidOAuthIdentity"); return(identity); } if (identity is WindowsTokenIdentity) { AuthZLogger.SafeAppendGenericInfo("PswsLogonUser", "WindowsTokenIdentity"); return(((WindowsTokenIdentity)identity).ToSerializedIdentity()); } return(AuthZPluginHelper.ConstructAuthZUser(userToken, authenticationType)); }
// Token: 0x06000080 RID: 128 RVA: 0x00004400 File Offset: 0x00002600 public WinRMDataReceiver(string connectionUrl, string userName, string authenticationType, LatencyTracker latencyTracker) { WinRMDataReceiver < > 4__this = this; if (!WinRMDataExchangeHelper.IsExchangeDataUseAuthenticationType() && !WinRMDataExchangeHelper.IsExchangeDataUseNamedPipe()) { throw new InvalidFlightingException(); } CoreLogger.ExecuteAndLog("WinRMDataReceiver.Ctor", true, latencyTracker, delegate(Exception ex) { AuthZLogger.SafeAppendGenericError("WinRMDataReceiver.Ctor", ex.ToString(), false); }, delegate() { < > 4__this.latencyTracker = latencyTracker; if (WinRMDataExchangeHelper.IsExchangeDataUseAuthenticationType()) { WinRMDataExchangeHelper.DehydrateAuthenticationType(authenticationType, out < > 4__this.authenticationType, out < > 4__this.serializedData); } else {
private void IncreasePowershellConnections() { ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>(0L, "Increase PowershellConnections for {0}.", this.currentAuthZUserToken.UserName); if (this.connCounterStatus != ExchangeAuthorizationPlugin.ConnCounterStatus.WaitingIncreasement) { ExTraceGlobals.PublicPluginAPITracer.TraceError <ExchangeAuthorizationPlugin.ConnCounterStatus>(0L, "Try to increase the powershell connection counter, but connCounterStatus is NOT WaitingIncreasement, instead it is {0}.", this.connCounterStatus); this.connCounterStatus = ExchangeAuthorizationPlugin.ConnCounterStatus.Error; return; } this.activeRunSpaceCostHandle = WSManBudgetManager.Instance.StartRunspace(this.currentAuthZUserToken); if (this.currentAuthZUserToken.OrgId != null) { this.tenantActiveRunspaceCostHandle = WSManTenantBudgetManager.Instance.StartRunspace(this.currentAuthZUserToken); } this.connCounterStatus = ExchangeAuthorizationPlugin.ConnCounterStatus.Increased; AuthZLogger.SafeSetLogger(RpsAuthZMetadata.ServerActiveRunspaces, WSManBudgetManager.Instance.TotalActiveRunspaces); AuthZLogger.SafeSetLogger(RpsAuthZMetadata.ServerActiveUsers, WSManBudgetManager.Instance.TotalActiveUsers); AuthZLogger.SafeSetLogger(RpsAuthZMetadata.UserBudgetOnStart, WSManBudgetManager.Instance.GetWSManBudgetUsage(this.currentAuthZUserToken)); AuthZLogger.SafeSetLogger(RpsAuthZMetadata.TenantBudgetOnStart, WSManTenantBudgetManager.Instance.GetWSManBudgetUsage(this.currentAuthZUserToken)); AuthZPluginHelper.UpdateAuthZPluginPerfCounters(WSManBudgetManager.Instance); }
// Token: 0x0600126E RID: 4718 RVA: 0x0003B46C File Offset: 0x0003966C protected override void PreGetInitialSessionState(PSSenderInfo senderInfo) { ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorizationPlugin.PreGetInitialSessionState] Enter."); UserToken userToken = HttpContext.Current.CurrentUserToken(); PswsAuthZUserToken authZPluginUserToken = PswsAuthZHelper.GetAuthZPluginUserToken(userToken); OverBudgetException ex; if (PswsBudgetManager.Instance.CheckOverBudget(authZPluginUserToken, CostType.ActiveRunspace, out ex)) { ExTraceGlobals.PublicPluginAPITracer.TraceError <OverBudgetException>((long)this.GetHashCode(), "[PswsAuthorizationPlugin.PreGetInitialSessionState] OverBudgetException: {0}.", ex); TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_PswsOverBudgetException, null, new object[] { HttpContext.Current.User.Identity.Name, ex.ToString(), PswsBudgetManager.Instance.GetConnectedUsers() }); PswsErrorHandling.SendErrorToClient(PswsErrorCode.OverBudgetException, ex, ex.Snapshot); AuthZLogger.SafeAppendGenericError("OverBudgetException", ex.ToString(), false); throw ex; } ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorizationPlugin.PreGetInitialSessionState] Exit."); }
internal static bool TryFindOrganizationIdForDelegatedPrincipal(DelegatedPrincipal principal, out OrganizationId orgId) { orgId = null; ExchangeConfigurationUnit exchangeConfigurationUnit = null; Exception ex = null; try { exchangeConfigurationUnit = ExchangeAuthorizationPlugin.GetExchangeConfigurationUnitByNameOrAcceptedDomain(principal.DelegatedOrganization); } catch (CannotResolveTenantNameException ex2) { ex = ex2; } catch (DataSourceOperationException ex3) { ex = ex3; } catch (TransientException ex4) { ex = ex4; } catch (DataValidationException ex5) { ex = ex5; } if (ex != null) { AuthZLogger.SafeAppendGenericError("TryFindOrganizationIdForDelegatedPrincipal", ex, new Func <Exception, bool>(KnownException.IsUnhandledException)); TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_FailedToResolveOrganizationIdForDelegatedPrincipal, null, new object[] { principal.DelegatedOrganization, ex }); return(false); } orgId = exchangeConfigurationUnit.OrganizationId; return(true); }
// Token: 0x060012E1 RID: 4833 RVA: 0x0003D75C File Offset: 0x0003B95C internal static void EndLogging(bool shouldCommit) { Microsoft.Exchange.Diagnostics.Components.Configuration.Core.ExTraceGlobals.InstrumentationTracer.TraceDebug(0L, "[AuthZLogHelper.EndLogging] End logging."); try { if (AuthZLogHelper.latencyTracker != null) { long num = Diagnostics.ExecuteAndLog <long>("AuthZLogHelper.StopLatencyTracker", false, null, Constants.CoreEventLogger, Microsoft.Exchange.Configuration.Core.EventLog.TaskEventLogConstants.Tuple_NonCrashingException, Microsoft.Exchange.Diagnostics.Components.Configuration.Core.ExTraceGlobals.InstrumentationTracer, null, delegate(Exception ex) { AuthZLogHelper.LogException(ex, "AuthZLogHelper.StopLatencyTracker", false); }, -1L, new Func <long>(AuthZLogHelper.StopLatencyTracker)); AuthZLogger.SafeSetLogger(ConfigurationCoreMetadata.TotalTime, num); AuthZLogHelper.latencyTracker.PushLatencyDetailsToLog(AuthZLogHelper.funcNameToLogMetadataDic, new Action <Enum, double>(AuthZLogger.UpdateLatency), delegate(string funcName, string totalLatency) { AuthZLogger.SafeAppendColumn(RpsCommonMetadata.GenericLatency, funcName, totalLatency); }); } else { AuthZLogger.SafeAppendColumn(RpsCommonMetadata.GenericLatency, "LatencyMissed", "AuthZLogHelper.latencyTracker is null"); } } finally { try { if (shouldCommit) { AuthZLogger.AsyncCommit(true); } } finally { AuthZLogHelper.latencyTracker = null; } } }
internal void CorrectRunspacesLeakPassively(string key, int leakedValue) { lock (this.instanceLock) { IPowerShellBudget powerShellBudget; if (this.budgets.TryGetValue(key, out powerShellBudget)) { int totalActiveRunspacesCount = powerShellBudget.TotalActiveRunspacesCount; if (totalActiveRunspacesCount > 0) { ExTraceGlobals.PublicPluginAPITracer.TraceError(0L, "Correct runspaces leak passively for Key {0} in class {1}. Current Value {2}, Leaked value {3}.", new object[] { key, base.GetType().ToString(), totalActiveRunspacesCount, leakedValue }); AuthZLogger.SafeAppendGenericError("WSManBudgetManagerBase.CorrectRunspacesLeakPassively", string.Format("Correct runspaces leak passively for Key {0} in class {1}. Current Value {2}, Leaked value {3}.", new object[] { key, base.GetType(), totalActiveRunspacesCount, leakedValue }), false); TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_PSConnectionLeakPassivelyCorrected, null, new object[] { key, base.GetType().ToString(), totalActiveRunspacesCount, leakedValue }); powerShellBudget.CorrectRunspacesLeak(leakedValue); } } } }
// Token: 0x06001276 RID: 4726 RVA: 0x0003B7F0 File Offset: 0x000399F0 internal static string GetPswsMembershipId(UserToken userToken, NameValueCollection collection) { ExAssert.RetailAssert(userToken != null, "[PswsAuthorization.GetPswsMembershipId] userToken can't be null."); string friendlyName = userToken.Organization.GetFriendlyName(); ExchangeRunspaceConfigurationSettings exchangeRunspaceConfigurationSettings = PswsAuthZHelper.BuildRunspaceConfigurationSettings("https://www.outlook.com/Psws/Service.svc", userToken, collection); CultureInfo cultureInfo; PswsAuthZHelper.TryParseCultureInfo(collection, out cultureInfo); string text = userToken.ManagedOrganization; if (string.IsNullOrWhiteSpace(text)) { text = exchangeRunspaceConfigurationSettings.TenantOrganization; } string result = string.Format("Name:{0};AT:{1};UserOrg:{2};ManOrg:{3};SL:{4};FSL:{5};CA:{6};EDK:{7};Cul:{8};Proxy:{9}", new object[] { PswsAuthZHelper.GetUserNameForCache(userToken), userToken.AuthenticationType, friendlyName, text, exchangeRunspaceConfigurationSettings.CurrentSerializationLevel, exchangeRunspaceConfigurationSettings.ProxyFullSerialization, exchangeRunspaceConfigurationSettings.ClientApplication, exchangeRunspaceConfigurationSettings.EncodeDecodeKey, (cultureInfo == null) ? "null" : cultureInfo.Name, exchangeRunspaceConfigurationSettings.IsProxy }); AuthZLogger.SafeSetLogger(PswsMetadata.IsProxy, exchangeRunspaceConfigurationSettings.IsProxy); AuthZLogger.SafeSetLogger(PswsMetadata.ClientApplication, exchangeRunspaceConfigurationSettings.ClientApplication); AuthZLogger.SafeSetLogger(PswsMetadata.ProxyFullSerialzation, exchangeRunspaceConfigurationSettings.ProxyFullSerialization); AuthZLogger.SafeSetLogger(PswsMetadata.SerializationLevel, exchangeRunspaceConfigurationSettings.CurrentSerializationLevel); AuthZLogger.SafeSetLogger(PswsMetadata.CultureInfo, (cultureInfo == null) ? "null" : cultureInfo.Name); AuthZLogger.SafeSetLogger(PswsMetadata.TenantOrganization, text); return(result); }
// Token: 0x060012DF RID: 4831 RVA: 0x0003D670 File Offset: 0x0003B870 internal static bool StartLogging(string funcName, out bool latencyTrackerStartedByMe) { AuthZLogger.SafeAppendColumn(RpsCommonMetadata.GenericLatency, funcName, DateTime.UtcNow.ToString()); latencyTrackerStartedByMe = false; if (AuthZLogHelper.latencyTracker == null) { Diagnostics.ExecuteAndLog("AuthZLogHelper.StartLatencyTracker", false, null, Constants.CoreEventLogger, Microsoft.Exchange.Configuration.Core.EventLog.TaskEventLogConstants.Tuple_NonCrashingException, Microsoft.Exchange.Diagnostics.Components.Configuration.Core.ExTraceGlobals.InstrumentationTracer, null, delegate(Exception ex) { AuthZLogHelper.LogException(ex, "AuthZLogHelper.StartLatencyTracker", false); }, delegate() { AuthZLogHelper.StartLatencyTracker(funcName); }); latencyTrackerStartedByMe = (AuthZLogHelper.latencyTracker != null); } if (AuthZLogger.LoggerNotDisposed) { return(false); } InitializeLoggerSettingsHelper.InitLoggerSettings(); AuthZLogger.InitializeRequestLogger(); AuthZLogger.SafeSetLogger(RpsAuthZMetadata.Function, funcName); return(true); }
// Token: 0x060012DD RID: 4829 RVA: 0x0003D4C8 File Offset: 0x0003B6C8 internal static T ExecuteWSManPluginAPI <T>(string funcName, bool throwException, bool trackLatency, T defaultReturnValue, Func <T> func) { ExWatson.IsExceptionInteresting isExceptionInteresting = null; T result; try { AuthZLogger.SafeAppendColumn(RpsCommonMetadata.GenericLatency, funcName, DateTime.UtcNow.ToString()); string funcName2 = funcName; bool throwException2 = throwException; LatencyTracker latencyTracker = trackLatency ? AuthZLogHelper.latencyTracker : null; ExEventLog rbacEventLogger = AuthZLogHelper.RbacEventLogger; ExEventLog.EventTuple tuple_RemotePSPublicAPIFailed = Microsoft.Exchange.Configuration.ObjectModel.EventLog.TaskEventLogConstants.Tuple_RemotePSPublicAPIFailed; Trace publicPluginAPITracer = Microsoft.Exchange.Diagnostics.Components.Authorization.ExTraceGlobals.PublicPluginAPITracer; if (isExceptionInteresting == null) { isExceptionInteresting = ((object ex) => AuthZPluginHelper.IsFatalException(ex as Exception)); } result = Diagnostics.ExecuteAndLog <T>(funcName2, throwException2, latencyTracker, rbacEventLogger, tuple_RemotePSPublicAPIFailed, publicPluginAPITracer, isExceptionInteresting, delegate(Exception ex) { AuthZLogHelper.LogException(ex, funcName, throwException); }, defaultReturnValue, () => AuthZLogHelper.HandleExceptionAndRetry <T>(funcName, func, throwException, defaultReturnValue)); } catch (Exception ex) { string arg = (AuthZLogger.ActivityScope != null) ? AuthZLogger.ActivityScope.ActivityId.ToString() : null; AuthZLogHelper.EndLogging(true); Exception ex3; string str = string.Format("[FailureCategory={0}] ", FailureCategory.AuthZ + "-" + ex3.GetType().Name); string str2 = string.Format("[AuthZRequestId={0}]", arg); LocalizedString message = new LocalizedString(str2 + str + ex3.Message); AuthorizationException ex2 = new AuthorizationException(message, ex3); throw ex2; } return(result); }
// Token: 0x06001246 RID: 4678 RVA: 0x00039C60 File Offset: 0x00037E60 private bool ConnectionBlockedByClientAccessRules(PswsAuthZUserToken userToken, out string blockingRuleName) { blockingRuleName = null; if (userToken.OrgId != null && VariantConfiguration.GetSnapshot(MachineSettingsContext.Local, null, null).CmdletInfra.PswsClientAccessRulesEnabled.Enabled) { string blockRuleName = null; bool result = ClientAccessRulesUtils.ShouldBlockConnection(userToken.OrgId, ClientAccessRulesUtils.GetUsernameFromADRawEntry(userToken.UserEntry), ClientAccessProtocol.PowerShellWebServices, ClientAccessRulesUtils.GetRemoteEndPointFromContext(HttpContext.Current), ClientAccessAuthenticationMethod.BasicAuthentication, userToken.UserEntry, delegate(ClientAccessRulesEvaluationContext context) { blockRuleName = context.CurrentRule.Name; AuthZLogger.SafeAppendGenericError(ClientAccessRulesConstants.ClientAccessRuleName, context.CurrentRule.Name, false); ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, string>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Blocked by Client Access Rules ({0}={1})", ClientAccessRulesConstants.ClientAccessRuleName, context.CurrentRule.Name); }, delegate(double latency) { if (latency > 50.0) { AuthZLogger.SafeAppendGenericInfo(ClientAccessRulesConstants.ClientAccessRulesLatency, latency.ToString()); ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, string>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Client Access Rules latency logger ({0}={1})", ClientAccessRulesConstants.ClientAccessRulesLatency, latency.ToString()); } }); blockingRuleName = blockRuleName; return(result); } return(false); }
// Token: 0x06001270 RID: 4720 RVA: 0x0003B59A File Offset: 0x0003979A protected override void OnGetInitialSessionStateError(PSSenderInfo senderInfo, Exception exception) { base.OnGetInitialSessionStateError(senderInfo, exception); PswsErrorHandling.SendErrorToClient(PswsErrorCode.GetISSError, exception, null); AuthZLogger.SafeAppendGenericError(exception.GetType().FullName, exception, new Func <Exception, bool>(KnownException.IsUnhandledException)); }
// Token: 0x06001244 RID: 4676 RVA: 0x00039740 File Offset: 0x00037940 public override WindowsIdentity AuthorizeUser(SenderInfo senderInfo, out UserQuota userQuota) { ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Enter."); WindowsIdentity current; try { if (this.IsBlockedPswsDirectInvocation()) { AuthZLogger.SafeAppendGenericError("PswsAuthorization.AuthorizeUser", "UnAuthorized. Blocked Psws direct invocation", false); throw new InvalidOperationException(Strings.InvalidPswsDirectInvocationBlocked); } CultureInfo cultureInfo = null; if (PswsAuthZHelper.TryParseCultureInfo(HttpContext.Current.Request.Headers, out cultureInfo)) { ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Set thread culture to be {0}", cultureInfo.Name); Thread.CurrentThread.CurrentCulture = cultureInfo; Thread.CurrentThread.CurrentUICulture = cultureInfo; } IThrottlingPolicy throttlingPolicy = null; PswsAuthZUserToken authZUserToken = null; AuthZLogHelper.ExecuteWSManPluginAPI("PswsAuthorization.AuthorizeUser", false, true, delegate() { UserToken userToken = HttpContext.Current.CurrentUserToken(); authZUserToken = PswsAuthZHelper.GetAuthZPluginUserToken(userToken); if (authZUserToken != null) { throttlingPolicy = authZUserToken.GetThrottlingPolicy(); } }); ExAssert.RetailAssert(authZUserToken != null, "UnAuthorized. The user token is invalid (null)."); ExAssert.RetailAssert(throttlingPolicy != null, "UnAuthorized. Unable to get the user quota."); PswsBudgetManager.Instance.HeartBeat(authZUserToken); AuthZLogger.SafeSetLogger(RpsAuthZMetadata.ServerActiveRunspaces, PswsBudgetManager.Instance.TotalActiveRunspaces); AuthZLogger.SafeSetLogger(RpsAuthZMetadata.ServerActiveUsers, PswsBudgetManager.Instance.TotalActiveUsers); AuthZLogger.SafeSetLogger(RpsAuthZMetadata.UserBudgetOnStart, PswsBudgetManager.Instance.GetWSManBudgetUsage(authZUserToken)); userQuota = new UserQuota((int)(throttlingPolicy.PswsMaxConcurrency.IsUnlimited ? 2147483647U : throttlingPolicy.PswsMaxConcurrency.Value), (int)(throttlingPolicy.PswsMaxRequest.IsUnlimited ? 2147483647U : throttlingPolicy.PswsMaxRequest.Value), (int)(throttlingPolicy.PswsMaxRequestTimePeriod.IsUnlimited ? 2147483647U : throttlingPolicy.PswsMaxRequestTimePeriod.Value)); ExTraceGlobals.PublicPluginAPITracer.TraceDebug <Unlimited <uint>, Unlimited <uint>, Unlimited <uint> >((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] User quota: PswsMaxConcurrenty={0}, PswsMaxRequest={1}, PswsMaxRequestTimePeriod={2}.", throttlingPolicy.PswsMaxConcurrency, throttlingPolicy.PswsMaxRequest, throttlingPolicy.PswsMaxRequestTimePeriod); AuthZLogger.SafeSetLogger(RpsAuthZMetadata.IsAuthorized, true); AuthZLogger.SafeSetLogger(RpsAuthZMetadata.AuthorizeUser, authZUserToken.UserNameForLogging); AuthZLogger.SafeSetLogger(RpsAuthZMetadata.GetQuota, string.Format("PswsMaxConcurrenty={0};PswsMaxRequest={1};PswsMaxRequestTimePeriod={2}", throttlingPolicy.PswsMaxConcurrency, throttlingPolicy.PswsMaxRequest, throttlingPolicy.PswsMaxRequestTimePeriod)); string ruleName = null; if (this.ConnectionBlockedByClientAccessRules(authZUserToken, out ruleName)) { throw new ClientAccessRulesBlockedConnectionException(ruleName); } current = WindowsIdentity.GetCurrent(); } catch (Exception ex) { ExTraceGlobals.PublicPluginAPITracer.TraceError <Exception>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Exception: {0}", ex); AuthZLogger.SafeAppendGenericError("PswsAuthorization.AuthorizeUser", ex, new Func <Exception, bool>(KnownException.IsUnhandledException)); TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_PswsPublicAPIFailed, null, new object[] { "PswsAuthorization.AuthorizeUser", ex.ToString() }); AuthZLogger.SafeSetLogger(RpsAuthZMetadata.IsAuthorized, false); PswsErrorHandling.SendErrorToClient((ex is ClientAccessRulesBlockedConnectionException) ? PswsErrorCode.ClientAccessRuleBlock : PswsErrorCode.AuthZUserError, ex, null); throw; } finally { ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Exit."); } return(current); }