private void CreateInputHtmlCollection(SecureNameValueCollection collection, SecureHttpBuffer buffer, Uri redirectUrl, int majorCasVersion) { foreach (string text in collection) { buffer.CopyAtCurrentPosition("<input type='hidden' name='"); buffer.CopyAtCurrentPosition(text); buffer.CopyAtCurrentPosition("' value='"); if (text == "password") { SecureString securePassword; collection.TryGetSecureValue(text, out securePassword); using (SecureArray <char> secureArray = securePassword.TransformToSecureCharArray(new CharTransformDelegate(FbaFormPostProxyRequestHandler.EncodeForSingleQuotedAttribute))) { buffer.CopyAtCurrentPosition(secureArray); goto IL_14B; } goto IL_72; } goto IL_72; IL_14B: buffer.CopyAtCurrentPosition("'>"); continue; IL_72: string text2; if (!(text == "destination")) { collection.TryGetUnsecureValue(text, out text2); buffer.CopyAtCurrentPosition(EncodingUtilities.HtmlEncode(text2)); goto IL_14B; } collection.TryGetUnsecureValue(text, out text2); Uri uri; if (!Uri.TryCreate(text2, UriKind.Absolute, out uri)) { throw new HttpException(400, "destination value is not valid"); } StringBuilder stringBuilder = new StringBuilder(); stringBuilder.Append(redirectUrl.Scheme); stringBuilder.Append(Uri.SchemeDelimiter); stringBuilder.Append(redirectUrl.Authority); if (FbaFormPostProxyRequestHandler.IsOwaUrl(uri, OwaUrl.AuthPost, true)) { stringBuilder.Append(OwaUrl.ApplicationRoot.ImplicitUrl); } else if (string.IsNullOrEmpty(this.explicitLogonUser)) { stringBuilder.Append(redirectUrl.PathAndQuery); } else { stringBuilder.Append(uri.PathAndQuery); } buffer.CopyAtCurrentPosition(stringBuilder.ToString()); goto IL_14B; } }
private void CreateHtmlForSsoFba(SecureHttpBuffer buffer, SecureNameValueCollection collection, Uri redirectUrl, int majorCasVersion) { string noScriptHtml = FbaFormPostProxyRequestHandler.GetNoScriptHtml(); buffer.CopyAtCurrentPosition("<html><noscript>"); buffer.CopyAtCurrentPosition(noScriptHtml.ToString()); buffer.CopyAtCurrentPosition("</noscript><head><title>Continue</title><script type='text/javascript'>function OnBack(){}function DoSubmit(){var subt=false;if(!subt){subt=true;document.logonForm.submit();}}</script></head><body onload='javascript:DoSubmit();'>"); this.CreateFormHtmlForSsoFba(buffer, collection, redirectUrl, majorCasVersion); buffer.CopyAtCurrentPosition("</body></html>"); }
private void CreateFormHtmlForSsoFba(SecureHttpBuffer buffer, SecureNameValueCollection collection, Uri redirectUrl, int majorCasVersion) { StringBuilder stringBuilder = new StringBuilder(); stringBuilder.Append(redirectUrl.Scheme); stringBuilder.Append(Uri.SchemeDelimiter); stringBuilder.Append(redirectUrl.Authority); stringBuilder.Append(OwaUrl.AuthDll.ImplicitUrl); buffer.CopyAtCurrentPosition("<form name='logonForm' id='logonForm' action='"); buffer.CopyAtCurrentPosition(stringBuilder.ToString()); buffer.CopyAtCurrentPosition("' method='post' target='_top'>"); this.CreateInputHtmlCollection(collection, buffer, redirectUrl, majorCasVersion); buffer.CopyAtCurrentPosition("</form>"); }
private void RedirectUsingSSOFBA(SecureNameValueCollection collection, Uri redirectUrl, HttpResponse response, int majorCasVersion) { response.StatusCode = 200; response.Status = "200 - OK"; response.BufferOutput = false; response.CacheControl = "no-cache"; response.Cache.SetNoStore(); HttpCookie httpCookie = new HttpCookie("PBack"); httpCookie.Value = "1"; response.Cookies.Add(httpCookie); response.Headers.Add("X-OWA-FEError", ErrorFE.FEErrorCodes.CasRedirect.ToString()); using (SecureHttpBuffer secureHttpBuffer = new SecureHttpBuffer(1000, response)) { this.CreateHtmlForSsoFba(secureHttpBuffer, collection, redirectUrl, majorCasVersion); secureHttpBuffer.Flush(); response.End(); } }