private AuthorizationContextDomainDetails GetDomainDetails(SecurityIdentifier sid) { if (!domainCache.TryGetValue(sid.AccountDomainSid, out AuthorizationContextDomainDetails value)) { string domainDnsName = this.discoveryServices.GetDomainNameDns(sid); value = new AuthorizationContextDomainDetails(sid.AccountDomainSid, domainDnsName, this.discoveryServices) { Mapping = this.GetMapping(domainDnsName) }; this.domainCache.TryAdd(sid.AccountDomainSid, value); this.logger.LogTrace($"Built AuthorizationContextDomainDetails for domain {domainDnsName}. IsInCurrentForest:{value.IsInCurrentForest} IsRemoteOneWayTrust:{value.IsRemoteOneWayTrust}"); } return(value); }
protected bool Equals(AuthorizationContextDomainDetails other) { return(Equals(SecurityIdentifier, other.SecurityIdentifier)); }
public AuthorizationContext GetContext(IUser user, SecurityIdentifier resourceDomain, AuthorizationContextDomainDetails domainDetails) { AuthorizationServer server = domainDetails.GetServer(false); Exception lastException = null; HashSet <string> attemptedServers = new HashSet <string>(StringComparer.OrdinalIgnoreCase); while (attemptedServers.Add(server.Name)) { try { this.logger.LogTrace("Attempting to create AuthorizationContext against server {server} in domain {domain} for user {user} requesting access to resource in domain {domain} ", server.Name, domainDetails.DomainDnsName, user.MsDsPrincipalName, resourceDomain); return(new AuthorizationContext(user.Sid, server.Name, domainDetails.Mapping.DoNotRequireS4U ? AuthzInitFlags.Default : AuthzInitFlags.RequireS4ULogon)); } catch (AuthorizationContextException ex) when(ex.InnerException is Win32Exception we && we.HResult == -2147467259) //RPC_NOT_AVAILABLE { lastException = ex; this.logger.LogWarning(EventIDs.AuthZContextServerCantConnect, ex, "Unable to connect to server {server}", server.Name); server = domainDetails.GetServer(true); } catch (Exception ex) { lastException = ex; this.logger.LogError(EventIDs.AuthZContextCreateError, ex, "Unable to create AuthorizationContext against server {server} in domain {domain}", server.Name, domainDetails.DomainDnsName); } } throw lastException ?? new Exception("Unable to create authorization context"); }