示例#1
0
        private ADObjectId FindUserObjectId()
        {
            ADRecipient       adrecipient      = null;
            IRecipientSession recipientSession = AccessingUserInfo.GetRecipientSession(this.organizationId);

            ArgumentValidator.ThrowIfNull("recipientSession", recipientSession);
            if (this.LegacyExchangeDN != null)
            {
                adrecipient = recipientSession.FindByLegacyExchangeDN(this.LegacyExchangeDN);
            }
            else if (this.ExternalDirectoryObjectId != null)
            {
                adrecipient = recipientSession.FindADUserByExternalDirectoryObjectId(this.ExternalDirectoryObjectId);
            }
            if (adrecipient == null)
            {
                return(null);
            }
            return(adrecipient.Id);
        }
示例#2
0
        public UnifiedGroupMemberType GetMembershipType()
        {
            if (this.DenyCurrentLogon())
            {
                GroupMailboxAuthorizationHandler.Tracer.TraceWarning <string>(0L, "Not OWA logon and flight not enabled for group. ClientInfoString:{0} ", this.clientInfoString);
                return(UnifiedGroupMemberType.Unknown);
            }
            IRecipientSession recipientSession = AccessingUserInfo.GetRecipientSession(this.organizationId);

            ArgumentValidator.ThrowIfNull("recipientSession", recipientSession);
            ArgumentValidator.ThrowIfInvalidValue <IRecipientSession>("recipientSession.ReadOnly", recipientSession, (IRecipientSession x) => x.ReadOnly);
            if (this.accessingUserInfo.UserObjectId != null)
            {
                ADRecipient adrecipient = recipientSession.FindByExchangeGuid(this.groupMailboxToLogon.MailboxInfo.MailboxGuid);
                if (adrecipient != null)
                {
                    recipientSession.DomainController = adrecipient.OriginatingServer;
                    MultiValuedProperty <ADObjectId> multiValuedProperty = (MultiValuedProperty <ADObjectId>)adrecipient[ADUserSchema.Owners];
                    if (multiValuedProperty.Contains(this.accessingUserInfo.UserObjectId))
                    {
                        this.TraceMembershipType(UnifiedGroupMemberType.Owner);
                        return(UnifiedGroupMemberType.Owner);
                    }
                }
                if (this.groupMailboxToLogon.ModernGroupType == ModernGroupObjectType.Public)
                {
                    this.TraceMembershipType(UnifiedGroupMemberType.Member);
                    return(UnifiedGroupMemberType.Member);
                }
                if (this.groupMailboxToLogon.ModernGroupType == ModernGroupObjectType.Private)
                {
                    QueryFilter  queryFilter  = new ComparisonFilter(ComparisonOperator.Equal, IUnifiedGroupMailboxSchema.UnifiedGroupMembersLink, this.accessingUserInfo.UserObjectId);
                    QueryFilter  queryFilter2 = new ComparisonFilter(ComparisonOperator.Equal, ADObjectSchema.Id, this.groupMailboxToLogon.ObjectId);
                    ADRawEntry[] array        = recipientSession.Find(null, QueryScope.SubTree, new AndFilter(new QueryFilter[]
                    {
                        queryFilter2,
                        queryFilter
                    }), null, 0, GroupMailboxAuthorizationHandler.PropertiesToReturnForGroupQuery);
                    if (array != null && array.Length == 1)
                    {
                        this.TraceMembershipType(UnifiedGroupMemberType.Member);
                        return(UnifiedGroupMemberType.Member);
                    }
                }
            }
            else
            {
                GroupMailboxAuthorizationHandler.Tracer.TraceError <string>((long)this.GetHashCode(), "Unable to retrieve object identity of user {0} from AD", this.accessingUserInfo.Identity);
            }
            if (this.groupMailboxToLogon.ModernGroupType == ModernGroupObjectType.Public)
            {
                this.TraceMembershipType(UnifiedGroupMemberType.Member);
                return(UnifiedGroupMemberType.Member);
            }
            if (this.groupMailboxToLogon.ModernGroupType == ModernGroupObjectType.Private && this.IsGroupMemberInMailboxAssociation())
            {
                this.TraceMembershipType(UnifiedGroupMemberType.Member);
                return(UnifiedGroupMemberType.Member);
            }
            this.TraceMembershipType(UnifiedGroupMemberType.None);
            return(UnifiedGroupMemberType.None);
        }
示例#3
0
 public GroupMailboxAuthorizationHandler(IExchangePrincipal groupMailboxToLogon, AccessingUserInfo accessingUserInfo, string clientInfoString, ClientSecurityContext clientSecurityContext, VariantConfigurationSnapshot variantConfig)
 {
     ArgumentValidator.ThrowIfNull("groupMailboxToLogon", groupMailboxToLogon);
     ArgumentValidator.ThrowIfInvalidValue <IExchangePrincipal>("groupMailboxToLogon.ModernGroupType", groupMailboxToLogon, (IExchangePrincipal x) => x.ModernGroupType != ModernGroupObjectType.None);
     ArgumentValidator.ThrowIfNull("accessingUserInfo", accessingUserInfo);
     ArgumentValidator.ThrowIfNullOrEmpty("clientInfoString", clientInfoString);
     ArgumentValidator.ThrowIfNull("clientSecurityContext", clientSecurityContext);
     this.accessingUserInfo          = accessingUserInfo;
     this.groupMailboxToLogon        = groupMailboxToLogon;
     this.clientInfoString           = clientInfoString;
     this.IsOnGroupAuthForOlkDesktop = (variantConfig != null && variantConfig.DataStorage.GroupsForOlkDesktop.Enabled);
     this.clientSecurityContext      = clientSecurityContext;
     this.organizationId             = groupMailboxToLogon.MailboxInfo.OrganizationId;
 }