private void SimulateBasicAuthenticationHeader(HttpContext httpContext)
{
HttpRequest request = httpContext.Request;
HttpResponse response = httpContext.Response;
SecureHtmlFormReader secureHtmlFormReader = new SecureHtmlFormReader(request);
secureHtmlFormReader.AddSensitiveInputName("password");
SecureNameValueCollection secureNameValueCollection;
if (!secureHtmlFormReader.TryReadSecureFormData(out secureNameValueCollection))
{
if (secureNameValueCollection != null)
{
secureNameValueCollection.Dispose();
}
response.Redirect(OwaUrl.ApplicationRoot.ImplicitUrl);
}
OwaContext.Current.FormNameValueCollection = secureNameValueCollection;
bool flag = true;
string text;
if (!secureNameValueCollection.TryGetUnsecureValue("username", out text))
{
flag = false;
}
SecureString secureString;
if (!secureNameValueCollection.TryGetSecureValue("password", out secureString))
{
flag = false;
}
if (!flag)
{
Utilities.EndResponse(httpContext, HttpStatusCode.BadRequest);
}
string value;
if (secureNameValueCollection.TryGetUnsecureValue("destination", out value))
{
response.AppendHeader("X-OWA-Destination", value);
}
HttpCookie httpCookie = request.Cookies["PBack"];
if (httpCookie == null || httpCookie.Value != "0")
{
Utilities.EndResponse(httpContext, HttpStatusCode.Unauthorized);
}
text += ":";
Encoding @default = Encoding.Default;
int maxByteCount = @default.GetMaxByteCount(text.Length + secureString.Length);
using (SecureArray <byte> secureArray = new SecureArray <byte>(maxByteCount))
{
int num = @default.GetBytes(text, 0, text.Length, secureArray.ArrayValue, 0);
using (SecureArray <char> secureArray2 = secureString.ConvertToSecureCharArray())
{
num += @default.GetBytes(secureArray2.ArrayValue, 0, secureArray2.Length(), secureArray.ArrayValue, num);
request.Headers["Authorization"] = "Basic " + Convert.ToBase64String(secureArray.ArrayValue, 0, num);
}
}
}
private bool HandleFbaAuthFormPost(HttpApplication httpApplication)
{
HttpContext context = httpApplication.Context;
HttpRequest request = context.Request;
HttpResponse response = context.Response;
if (request.GetHttpMethod() != HttpMethod.Post)
{
return(false);
}
string strB = request.Url.Segments[request.Url.Segments.Length - 1];
if (string.Compare("auth.owa", strB, StringComparison.OrdinalIgnoreCase) != 0 && string.Compare("owaauth.dll", strB, StringComparison.OrdinalIgnoreCase) != 0)
{
return(false);
}
if (string.IsNullOrEmpty(request.ContentType))
{
request.ContentType = "application/x-www-form-urlencoded";
}
SecureHtmlFormReader secureHtmlFormReader = new SecureHtmlFormReader(request);
secureHtmlFormReader.AddSensitiveInputName("password");
SecureNameValueCollection secureNameValueCollection = null;
try
{
if (!secureHtmlFormReader.TryReadSecureFormData(out secureNameValueCollection))
{
AspNetHelper.EndResponse(context, HttpStatusCode.BadRequest);
}
string text = null;
string text2 = null;
SecureString secureString = null;
string text3 = null;
secureNameValueCollection.TryGetUnsecureValue("username", out text2);
secureNameValueCollection.TryGetSecureValue("password", out secureString);
secureNameValueCollection.TryGetUnsecureValue("destination", out text);
secureNameValueCollection.TryGetUnsecureValue("flags", out text3);
if (text == null || text2 == null || secureString == null || text3 == null || !this.CheckPostDestination(text, context.Request))
{
AspNetHelper.EndResponse(context, HttpStatusCode.BadRequest);
}
this.password = secureString.Copy();
this.userName = text2;
this.destinationUrl = text;
int num;
if (int.TryParse(text3, NumberStyles.Integer, CultureInfo.InvariantCulture, out num))
{
this.flags = num;
}
else
{
this.flags = 0;
}
text2 += ":";
Encoding @default = Encoding.Default;
int maxByteCount = @default.GetMaxByteCount(text2.Length + secureString.Length);
using (SecureArray <byte> secureArray = new SecureArray <byte>(maxByteCount))
{
int num2 = @default.GetBytes(text2, 0, text2.Length, secureArray.ArrayValue, 0);
using (SecureArray <char> secureArray2 = secureString.ConvertToSecureCharArray())
{
num2 += @default.GetBytes(secureArray2.ArrayValue, 0, secureArray2.Length(), secureArray.ArrayValue, num2);
this.basicAuthString = "Basic " + Convert.ToBase64String(secureArray.ArrayValue, 0, num2);
request.Headers["Authorization"] = this.basicAuthString;
}
}
}
finally
{
if (secureNameValueCollection != null)
{
secureNameValueCollection.Dispose();
}
}
ExTraceGlobals.VerboseTracer.TraceDebug <Uri>(0L, "HandleFbaAuthFormPost - {0}", request.Url);
return(true);
}