public EcpIdentity(EcpLogonInformation identity, string cacheKeySuffix) : this(identity.LogonUser, cacheKeySuffix, identity.Impersonated) { this.logonUserSid = identity.LogonMailboxSid; if (identity.Impersonated) { this.accessedUserIdentity = identity.ImpersonatedUser; this.accessedUserSid = identity.ImpersonatedUser.GetSecurityIdentifier(); } else { this.accessedUserIdentity = this.LogonUserIdentity; this.accessedUserSid = this.logonUserSid; } this.UserName = identity.Name; }
public RbacSettings(HttpContext context) { ExTraceGlobals.RBACTracer.TraceInformation <string>(0, 0L, "Extracting RBAC settings from {0}.", context.GetRequestUrlForLog()); Guid vdirId = Guid.Empty; Guid.TryParse(HttpContext.Current.Request.Headers["X-vDirObjectId"], out vdirId); this.ecpService = new Lazy <EcpService>(delegate() { if (vdirId == Guid.Empty) { return(null); } ServiceTopology currentServiceTopology = ServiceTopology.GetCurrentServiceTopology("f:\\15.00.1497\\sources\\dev\\admin\\src\\ecp\\RBAC\\RbacSettings.cs", ".ctor", 707); return(currentServiceTopology.FindAnyCafeService <EcpService>((EcpService service) => service.ADObjectId.ObjectGuid == vdirId, "f:\\15.00.1497\\sources\\dev\\admin\\src\\ecp\\RBAC\\RbacSettings.cs", ".ctor", 708)); }); this.LogonUserIdentity = context.User.Identity; this.OriginalUser = context.User; this.IsProxyLogon = context.Request.FilePath.EndsWith("/proxyLogon.ecp", StringComparison.OrdinalIgnoreCase); bool flag = context.IsAcsOAuthRequest(); if (this.IsProxyLogon) { this.ProxySecurityAccessToken = new SerializedAccessToken(context.Request.InputStream); } else { this.ProxySecurityAccessToken = null; } string logonAccountSddlSid = context.Request.Headers["msExchLogonAccount"]; string text = context.Request.Headers["msExchLogonMailbox"]; string targetMailboxSddlSid = context.Request.Headers["msExchTargetMailbox"]; Server inboundProxyCaller = RbacSettings.GetInboundProxyCaller(text, this.LogonUserIdentity as WindowsIdentity); if (inboundProxyCaller != null) { this.IsInboundProxyRequest = true; this.InboundProxyCallerName = inboundProxyCaller.Name; EcpLogonInformation identity = EcpLogonInformation.Create(logonAccountSddlSid, text, targetMailboxSddlSid, this.ProxySecurityAccessToken); this.EcpIdentity = new EcpIdentity(identity, "-ProxySession"); } else { this.IsInboundProxyRequest = false; this.InboundProxyCallerName = string.Empty; string explicitUser = context.GetExplicitUser(); string targetTenant = context.GetTargetTenant(); string text2 = string.IsNullOrEmpty(targetTenant) ? "-RbacSession" : ("-RbacSession-@" + targetTenant); if (flag) { text2 += "-OAuthACS"; } if (!string.IsNullOrEmpty(explicitUser)) { this.EcpIdentity = new EcpIdentity(context.User, explicitUser, text2); } else { this.EcpIdentity = new EcpIdentity(this.LogonUserIdentity, text2); } } this.UserUniqueKeyForCanary = this.GetUserUniqueKey(); this.IsExplicitSignOn = this.EcpIdentity.IsExplicitSignon; bool flag2 = null == context.Request.Cookies[RbacModule.SessionStateCookieName]; if (flag2 && !flag) { context.Response.Cookies.Add(new HttpCookie(RbacModule.SessionStateCookieName, Guid.NewGuid().ToString()) { HttpOnly = true }); this.CacheKey = this.GetCacheKey(); this.ExpireSession(); } else { this.CacheKey = this.GetCacheKey(); } ExTraceGlobals.RBACTracer.TraceInformation(0, 0L, "RBAC Settings for {0}: UserName: {1}, IsNewBrowserWindow={2}, IsInboundProxyRequest={3}, InboundProxyCallerName={4}, HasCachedSession={5}", new object[] { context.GetRequestUrlForLog(), this.UserName, flag2, this.IsInboundProxyRequest, this.InboundProxyCallerName, this.CachedSession != null }); }