// Token: 0x0600000B RID: 11 RVA: 0x0000220C File Offset: 0x0000040C private static CommonAccessToken CommonAccessTokenFromUrl(string user, Uri requestURI, out Exception ex) { if (requestURI == null) { throw new ArgumentNullException("requestURI"); } ex = null; CommonAccessToken result = null; NameValueCollection nameValueCollectionFromUri = LiveIdBasicAuthModule.GetNameValueCollectionFromUri(requestURI); string text = nameValueCollectionFromUri.Get("X-Rps-CAT"); if (!string.IsNullOrWhiteSpace(text)) { try { result = CommonAccessToken.Deserialize(Uri.UnescapeDataString(text)); } catch (Exception ex2) { Logger.TraceError(ExTraceGlobals.RemotePowershellBackendCmdletProxyModuleTracer, "Got exception when trying to parse CommonAccessToken: {0}.", new object[] { ex2.ToString() }); Logger.LogEvent(TaskEventLogConstants.Tuple_LogInvalidCommonAccessTokenReceived, text, new object[] { user, requestURI.ToString(), Strings.ErrorWhenParsingCommonAccessToken(ex2.ToString()) }); ex = ex2; } } return(result); }
internal static void UniformCommonAccessToken(this UserToken userToken) { CommonAccessToken commonAccessToken = userToken.CommonAccessToken; if (commonAccessToken == null) { return; } CommonAccessToken commonAccessToken2 = CommonAccessToken.Deserialize(commonAccessToken.Serialize()); commonAccessToken2.Version = 0; commonAccessToken2.ExtensionData.Clear(); foreach (string key in UserTokenHelper.WinRMCATExtensionDataKeys) { if (commonAccessToken.ExtensionData.ContainsKey(key)) { commonAccessToken2.ExtensionData[key] = commonAccessToken.ExtensionData[key]; } } if (!commonAccessToken2.ExtensionData.ContainsKey("UserSid") && userToken.UserSid != null) { commonAccessToken2.ExtensionData["UserSid"] = userToken.UserSid.ToString(); } }
// Token: 0x060000EA RID: 234 RVA: 0x00005B50 File Offset: 0x00003D50 private static AnchorMailbox TryCreateFromCommonAccessToken(CommonAccessToken cat, IRequestContext requestContext) { AccessTokenType accessTokenType = (AccessTokenType)Enum.Parse(typeof(AccessTokenType), cat.TokenType, true); if (accessTokenType == 5) { requestContext.Logger.SafeSet(3, "CommonAccessToken-CompositeIdentity"); cat = CommonAccessToken.Deserialize(cat.ExtensionData["PrimaryIdentityToken"]); accessTokenType = (AccessTokenType)Enum.Parse(typeof(AccessTokenType), cat.TokenType, true); } switch (accessTokenType) { case 0: requestContext.Logger.SafeSet(3, "CommonAccessToken-Windows"); return(new SidAnchorMailbox(cat.WindowsAccessToken.UserSid, requestContext)); case 1: { LiveIdFbaTokenAccessor liveIdFbaTokenAccessor = LiveIdFbaTokenAccessor.Attach(cat); requestContext.Logger.SafeSet(3, "CommonAccessToken-LiveId"); return(new SidAnchorMailbox(liveIdFbaTokenAccessor.UserSid, requestContext) { OrganizationId = liveIdFbaTokenAccessor.OrganizationId, SmtpOrLiveId = liveIdFbaTokenAccessor.LiveIdMemberName }); } case 2: { LiveIdBasicTokenAccessor liveIdBasicTokenAccessor = LiveIdBasicTokenAccessor.Attach(cat); requestContext.Logger.SafeSet(3, "CommonAccessToken-LiveIdBasic"); if (liveIdBasicTokenAccessor.UserSid != null) { return(new SidAnchorMailbox(liveIdBasicTokenAccessor.UserSid, requestContext) { OrganizationId = liveIdBasicTokenAccessor.OrganizationId, SmtpOrLiveId = liveIdBasicTokenAccessor.LiveIdMemberName }); } if (SmtpAddress.IsValidSmtpAddress(liveIdBasicTokenAccessor.LiveIdMemberName)) { string domain = SmtpAddress.Parse(liveIdBasicTokenAccessor.LiveIdMemberName).Domain; return(new PuidAnchorMailbox(liveIdBasicTokenAccessor.Puid, domain, requestContext)); } return(null); } case 3: { string sid = cat.ExtensionData["UserSid"]; string text; cat.ExtensionData.TryGetValue("OrganizationName", out text); string smtpOrLiveId; cat.ExtensionData.TryGetValue("MemberName", out smtpOrLiveId); if (!string.IsNullOrEmpty(text) && requestContext.Logger != null) { requestContext.Logger.ActivityScope.SetProperty(5, text); } requestContext.Logger.SafeSet(3, "CommonAccessToken-LiveIdNego2"); return(new SidAnchorMailbox(sid, requestContext) { SmtpOrLiveId = smtpOrLiveId }); } case 4: return(null); case 6: return(null); case 7: { ADRawEntry httpContextADRawEntry = AuthCommon.GetHttpContextADRawEntry(requestContext.HttpContext); if (httpContextADRawEntry != null) { requestContext.Logger.SafeSet(3, "CommonAccessToken-CertificateSid"); return(new UserADRawEntryAnchorMailbox(httpContextADRawEntry, requestContext)); } CertificateSidTokenAccessor certificateSidTokenAccessor = CertificateSidTokenAccessor.Attach(cat); requestContext.Logger.SafeSet(3, "CommonAccessToken-CertificateSid"); return(new SidAnchorMailbox(certificateSidTokenAccessor.UserSid, requestContext) { PartitionId = certificateSidTokenAccessor.PartitionId }); } case 8: return(null); } return(null); }
// Token: 0x06000058 RID: 88 RVA: 0x00003368 File Offset: 0x00001568 private void Deserialize(Stream stream) { using (BinaryReader binaryReader = new BinaryReader(stream)) { this.ReadAndValidateFieldType(binaryReader, 'V', Strings.MissingVersion); this.Version = this.BinaryRead <ushort>(new Func <ushort>(binaryReader.ReadUInt16), Strings.MissingVersion); this.ReadAndValidateFieldType(binaryReader, 'A', Strings.MissingAuthenticationType); string value = this.BinaryRead <string>(new Func <string>(binaryReader.ReadString), Strings.MissingAuthenticationType); AuthenticationType authenticationType; if (!Enum.TryParse <AuthenticationType>(value, out authenticationType)) { ExTraceGlobals.UserTokenTracer.TraceError <AuthenticationType>(0L, "Invalid authentication type {0}", authenticationType); throw new UserTokenException(Strings.InvalidDelegatedPrincipal(value)); } this.AuthenticationType = authenticationType; this.ReadAndValidateFieldType(binaryReader, 'D', Strings.MissingDelegatedPrincipal); string text = this.ReadNullableString(binaryReader, Strings.MissingDelegatedPrincipal); DelegatedPrincipal delegatedPrincipal = null; if (text != null && !DelegatedPrincipal.TryParseDelegatedString(text, out delegatedPrincipal)) { ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid delegated principal {0}", text); throw new UserTokenException(Strings.InvalidDelegatedPrincipal(text)); } this.DelegatedPrincipal = delegatedPrincipal; this.ReadAndValidateFieldType(binaryReader, 'L', Strings.MissingWindowsLiveId); this.WindowsLiveId = this.ReadNullableString(binaryReader, Strings.MissingWindowsLiveId); this.ReadAndValidateFieldType(binaryReader, 'N', Strings.MissingUserName); this.UserName = this.ReadNullableString(binaryReader, Strings.MissingUserName); this.ReadAndValidateFieldType(binaryReader, 'U', Strings.MissingUserSid); string text2 = this.ReadNullableString(binaryReader, Strings.MissingUserSid); if (text2 != null) { try { this.UserSid = new SecurityIdentifier(text2); } catch (ArgumentException innerException) { ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid user sid {0}", text2); throw new UserTokenException(Strings.InvalidUserSid(text2), innerException); } } this.ReadAndValidateFieldType(binaryReader, 'P', Strings.MissingPartitionId); string text3 = this.ReadNullableString(binaryReader, Strings.MissingPartitionId); PartitionId partitionId = null; if (text3 != null && !PartitionId.TryParse(text3, out partitionId)) { ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid partition id {0}", text3); throw new UserTokenException(Strings.InvalidPartitionId(text3)); } this.PartitionId = partitionId; this.ReadAndValidateFieldType(binaryReader, 'O', Strings.MissingOrganization); string text4 = this.ReadNullableString(binaryReader, Strings.MissingOrganization); if (text4 != null) { byte[] bytes; try { bytes = Convert.FromBase64String(text4); } catch (FormatException innerException2) { ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid organization id {0}", text4); throw new UserTokenException(Strings.InvalidOrganization(text4), innerException2); } OrganizationId organization; if (!OrganizationId.TryCreateFromBytes(bytes, Encoding.UTF8, out organization)) { ExTraceGlobals.UserTokenTracer.TraceError <string>(0L, "Invalid organization id {0}", text4); throw new UserTokenException(Strings.InvalidOrganization(text4)); } this.Organization = organization; } this.ReadAndValidateFieldType(binaryReader, 'M', Strings.MissingManagedOrganization); this.ManagedOrganization = this.ReadNullableString(binaryReader, Strings.MissingManagedOrganization); this.ReadAndValidateFieldType(binaryReader, 'W', Strings.MissingAppPasswordUsed); this.AppPasswordUsed = this.BinaryRead <bool>(new Func <bool>(binaryReader.ReadBoolean), Strings.MissingAppPasswordUsed); int num = (int)(binaryReader.BaseStream.Length - binaryReader.BaseStream.Position); if (num > 0) { byte[] array = binaryReader.ReadBytes(num); array = this.Decompress(array); this.CommonAccessToken = CommonAccessToken.Deserialize(Encoding.UTF8.GetString(array)); } else { this.CommonAccessToken = null; } } }
private IAuthenticationInfo GetPrincipal(OperationContext operationContext) { MRSProxyAuthorizationManager.AuthenticationData authenticationData = this.GetAuthenticationData(operationContext); if (authenticationData.AuthenticationInfo != null) { return(authenticationData.AuthenticationInfo); } IAuthenticationInfo authenticationInfo = base.Authenticate(operationContext); if (authenticationInfo == null) { return(null); } if (operationContext.Channel.LocalAddress.Uri.Scheme == "net.tcp" || this.TestIntegration.UseHttpsForLocalMoves) { return(authenticationInfo); } WindowsPrincipal windowsPrincipal = authenticationInfo.WindowsPrincipal; WindowsIdentity windowsIdentity = windowsPrincipal.Identity as WindowsIdentity; using (ClientSecurityContext clientSecurityContext = new ClientSecurityContext(windowsIdentity)) { if (!LocalServer.AllowsTokenSerializationBy(clientSecurityContext)) { MrsTracer.ProxyService.Debug("MRSProxyAuthorizationManager: User {0} does not have the permission to serialize security token.", new object[] { authenticationInfo.PrincipalName }); return(null); } } object obj; if (!OperationContext.Current.IncomingMessageProperties.TryGetValue(HttpRequestMessageProperty.Name, out obj)) { return(null); } HttpRequestMessageProperty httpRequestMessageProperty = obj as HttpRequestMessageProperty; if (httpRequestMessageProperty == null) { return(null); } string[] values = httpRequestMessageProperty.Headers.GetValues("X-CommonAccessToken"); if (values == null || values.Length != 1) { return(null); } string text = values[0]; if (string.IsNullOrEmpty(text)) { return(null); } using (ClientSecurityContext clientSecurityContext2 = new ClientSecurityContext(windowsIdentity)) { if (!LocalServer.AllowsTokenSerializationBy(clientSecurityContext2)) { MrsTracer.ProxyService.Debug("MRSProxyAuthorizationManager: User {0} does not have the permission to serialize security token.", new object[] { windowsIdentity }); return(null); } } CommonAccessToken commonAccessToken = CommonAccessToken.Deserialize(text); SecurityIdentifier securityIdentifier = new SecurityIdentifier(commonAccessToken.WindowsAccessToken.UserSid); IRootOrganizationRecipientSession rootOrganizationRecipientSession = DirectorySessionFactory.Default.CreateRootOrgRecipientSession(true, ConsistencyMode.PartiallyConsistent, ADSessionSettings.FromRootOrgScopeSet(), 300, "GetPrincipal", "f:\\15.00.1497\\sources\\dev\\mrs\\src\\ProxyService\\MRSProxyAuthorizationManager.cs"); ADRawEntry adrawEntry = rootOrganizationRecipientSession.FindADRawEntryBySid(securityIdentifier, MRSProxyAuthorizationManager.userPrincipalName); if (adrawEntry == null) { authenticationData.AuthenticationInfo = new AuthenticationInfo(securityIdentifier); } else { string sUserPrincipalName = (string)adrawEntry[ADUserSchema.UserPrincipalName]; windowsIdentity = new WindowsIdentity(sUserPrincipalName); authenticationData.AuthenticationInfo = new AuthenticationInfo(windowsIdentity, windowsIdentity.Name); } return(authenticationData.AuthenticationInfo); }
private static AnchorMailbox TryCreateFromCommonAccessToken(CommonAccessToken cat, IRequestContext requestContext) { AccessTokenType accessTokenType = (AccessTokenType)Enum.Parse(typeof(AccessTokenType), cat.TokenType, true); if (accessTokenType == AccessTokenType.CompositeIdentity) { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-CompositeIdentity"); cat = CommonAccessToken.Deserialize(cat.ExtensionData["PrimaryIdentityToken"]); accessTokenType = (AccessTokenType)Enum.Parse(typeof(AccessTokenType), cat.TokenType, true); } switch (accessTokenType) { case AccessTokenType.Windows: requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-Windows"); return(new SidAnchorMailbox(cat.WindowsAccessToken.UserSid, requestContext)); case AccessTokenType.LiveId: { LiveIdFbaTokenAccessor liveIdFbaTokenAccessor = LiveIdFbaTokenAccessor.Attach(cat); requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-LiveId"); return(new SidAnchorMailbox(liveIdFbaTokenAccessor.UserSid, requestContext) { OrganizationId = liveIdFbaTokenAccessor.OrganizationId, SmtpOrLiveId = liveIdFbaTokenAccessor.LiveIdMemberName }); } case AccessTokenType.LiveIdBasic: { LiveIdBasicTokenAccessor liveIdBasicTokenAccessor = LiveIdBasicTokenAccessor.Attach(cat); requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-LiveIdBasic"); if (liveIdBasicTokenAccessor.UserSid != null) { return(new SidAnchorMailbox(liveIdBasicTokenAccessor.UserSid, requestContext) { OrganizationId = liveIdBasicTokenAccessor.OrganizationId, SmtpOrLiveId = liveIdBasicTokenAccessor.LiveIdMemberName }); } return(new PuidAnchorMailbox(liveIdBasicTokenAccessor.Puid, liveIdBasicTokenAccessor.LiveIdMemberName, requestContext)); } case AccessTokenType.LiveIdNego2: { string sid = cat.ExtensionData["UserSid"]; string value; cat.ExtensionData.TryGetValue("OrganizationName", out value); string smtpOrLiveId; cat.ExtensionData.TryGetValue("MemberName", out smtpOrLiveId); if (!string.IsNullOrEmpty(value) && requestContext.Logger != null) { requestContext.Logger.ActivityScope.SetProperty(ActivityStandardMetadata.TenantId, value); } requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-LiveIdNego2"); return(new SidAnchorMailbox(sid, requestContext) { SmtpOrLiveId = smtpOrLiveId }); } case AccessTokenType.OAuth: return(null); case AccessTokenType.Adfs: return(null); case AccessTokenType.CertificateSid: { ADRawEntry httpContextADRawEntry = AuthCommon.GetHttpContextADRawEntry(requestContext.HttpContext); if (httpContextADRawEntry != null) { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-CertificateSid"); return(new UserADRawEntryAnchorMailbox(httpContextADRawEntry, requestContext)); } CertificateSidTokenAccessor certificateSidTokenAccessor = CertificateSidTokenAccessor.Attach(cat); requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "CommonAccessToken-CertificateSid"); return(new SidAnchorMailbox(certificateSidTokenAccessor.UserSid, requestContext) { PartitionId = certificateSidTokenAccessor.PartitionId }); } case AccessTokenType.RemotePowerShellDelegated: return(null); } return(null); }