private ADObjectId FindUserObjectId() { ADRecipient adrecipient = null; IRecipientSession recipientSession = AccessingUserInfo.GetRecipientSession(this.organizationId); ArgumentValidator.ThrowIfNull("recipientSession", recipientSession); if (this.LegacyExchangeDN != null) { adrecipient = recipientSession.FindByLegacyExchangeDN(this.LegacyExchangeDN); } else if (this.ExternalDirectoryObjectId != null) { adrecipient = recipientSession.FindADUserByExternalDirectoryObjectId(this.ExternalDirectoryObjectId); } if (adrecipient == null) { return(null); } return(adrecipient.Id); }
public UnifiedGroupMemberType GetMembershipType() { if (this.DenyCurrentLogon()) { GroupMailboxAuthorizationHandler.Tracer.TraceWarning <string>(0L, "Not OWA logon and flight not enabled for group. ClientInfoString:{0} ", this.clientInfoString); return(UnifiedGroupMemberType.Unknown); } IRecipientSession recipientSession = AccessingUserInfo.GetRecipientSession(this.organizationId); ArgumentValidator.ThrowIfNull("recipientSession", recipientSession); ArgumentValidator.ThrowIfInvalidValue <IRecipientSession>("recipientSession.ReadOnly", recipientSession, (IRecipientSession x) => x.ReadOnly); if (this.accessingUserInfo.UserObjectId != null) { ADRecipient adrecipient = recipientSession.FindByExchangeGuid(this.groupMailboxToLogon.MailboxInfo.MailboxGuid); if (adrecipient != null) { recipientSession.DomainController = adrecipient.OriginatingServer; MultiValuedProperty <ADObjectId> multiValuedProperty = (MultiValuedProperty <ADObjectId>)adrecipient[ADUserSchema.Owners]; if (multiValuedProperty.Contains(this.accessingUserInfo.UserObjectId)) { this.TraceMembershipType(UnifiedGroupMemberType.Owner); return(UnifiedGroupMemberType.Owner); } } if (this.groupMailboxToLogon.ModernGroupType == ModernGroupObjectType.Public) { this.TraceMembershipType(UnifiedGroupMemberType.Member); return(UnifiedGroupMemberType.Member); } if (this.groupMailboxToLogon.ModernGroupType == ModernGroupObjectType.Private) { QueryFilter queryFilter = new ComparisonFilter(ComparisonOperator.Equal, IUnifiedGroupMailboxSchema.UnifiedGroupMembersLink, this.accessingUserInfo.UserObjectId); QueryFilter queryFilter2 = new ComparisonFilter(ComparisonOperator.Equal, ADObjectSchema.Id, this.groupMailboxToLogon.ObjectId); ADRawEntry[] array = recipientSession.Find(null, QueryScope.SubTree, new AndFilter(new QueryFilter[] { queryFilter2, queryFilter }), null, 0, GroupMailboxAuthorizationHandler.PropertiesToReturnForGroupQuery); if (array != null && array.Length == 1) { this.TraceMembershipType(UnifiedGroupMemberType.Member); return(UnifiedGroupMemberType.Member); } } } else { GroupMailboxAuthorizationHandler.Tracer.TraceError <string>((long)this.GetHashCode(), "Unable to retrieve object identity of user {0} from AD", this.accessingUserInfo.Identity); } if (this.groupMailboxToLogon.ModernGroupType == ModernGroupObjectType.Public) { this.TraceMembershipType(UnifiedGroupMemberType.Member); return(UnifiedGroupMemberType.Member); } if (this.groupMailboxToLogon.ModernGroupType == ModernGroupObjectType.Private && this.IsGroupMemberInMailboxAssociation()) { this.TraceMembershipType(UnifiedGroupMemberType.Member); return(UnifiedGroupMemberType.Member); } this.TraceMembershipType(UnifiedGroupMemberType.None); return(UnifiedGroupMemberType.None); }
public GroupMailboxAuthorizationHandler(IExchangePrincipal groupMailboxToLogon, AccessingUserInfo accessingUserInfo, string clientInfoString, ClientSecurityContext clientSecurityContext, VariantConfigurationSnapshot variantConfig) { ArgumentValidator.ThrowIfNull("groupMailboxToLogon", groupMailboxToLogon); ArgumentValidator.ThrowIfInvalidValue <IExchangePrincipal>("groupMailboxToLogon.ModernGroupType", groupMailboxToLogon, (IExchangePrincipal x) => x.ModernGroupType != ModernGroupObjectType.None); ArgumentValidator.ThrowIfNull("accessingUserInfo", accessingUserInfo); ArgumentValidator.ThrowIfNullOrEmpty("clientInfoString", clientInfoString); ArgumentValidator.ThrowIfNull("clientSecurityContext", clientSecurityContext); this.accessingUserInfo = accessingUserInfo; this.groupMailboxToLogon = groupMailboxToLogon; this.clientInfoString = clientInfoString; this.IsOnGroupAuthForOlkDesktop = (variantConfig != null && variantConfig.DataStorage.GroupsForOlkDesktop.Enabled); this.clientSecurityContext = clientSecurityContext; this.organizationId = groupMailboxToLogon.MailboxInfo.OrganizationId; }