Beispiel #1
0
        public async Task RegionNotFoundAsync()
        {
            _httpManager.AddRegionDiscoveryMockHandlerNotFound();

            var app = ConfidentialClientApplicationBuilder
                      .Create(TestConstants.ClientId)
                      .WithAuthority(new System.Uri(ClientApplicationBase.DefaultAuthority))
                      .WithRedirectUri(TestConstants.RedirectUri)
                      .WithHttpManager(_httpManager)
                      .WithClientSecret(TestConstants.ClientSecret)
                      .BuildConcrete();

            try
            {
                AuthenticationResult result = await app
                                              .AcquireTokenForClient(TestConstants.s_scope)
                                              .WithAzureRegion(true)
                                              .ExecuteAsync(CancellationToken.None)
                                              .ConfigureAwait(false);

                Assert.Fail("Exception should be thrown");
            }
            catch (MsalClientException e)
            {
                Assert.IsNotNull(e);
                Assert.AreEqual(MsalError.RegionDiscoveryFailed, e.ErrorCode);
                Assert.AreEqual(MsalErrorMessage.RegionDiscoveryFailed, e.Message);
            }
        }
        public async Task RegionFallbackToGlobalAsync()
        {
            using (var httpManager = new MockHttpManager())
            {
                httpManager.AddRegionDiscoveryMockHandlerNotFound();
                httpManager.AddInstanceDiscoveryMockHandler();
                httpManager.AddMockHandler(CreateTokenResponseHttpHandler(false));

                IConfidentialClientApplication app = CreateCca(
                    httpManager,
                    ConfidentialClientApplication.AttemptRegionDiscovery);

                try
                {
                    AuthenticationResult result = await app
                                                  .AcquireTokenForClient(TestConstants.s_scope)
                                                  .ExecuteAsync(CancellationToken.None)
                                                  .ConfigureAwait(false);

                    Assert.IsNotNull(result.AccessToken);

                    Assert.AreEqual(null, result.ApiEvent.RegionUsed);
                    Assert.AreEqual((int)RegionAutodetectionSource.FailedAutoDiscovery, result.ApiEvent.RegionAutodetectionSource);
                    Assert.AreEqual((int)RegionOutcome.FallbackToGlobal, result.ApiEvent.RegionOutcome);
                }
                catch (MsalServiceException)
                {
                    Assert.Fail("Fallback to global failed.");
                }
            }
        }
        // regression: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2686
        public async Task OtherCloudWithAuthorityValidationAsync()
        {
            using (var httpManager = new MockHttpManager())
            {
                httpManager.AddRegionDiscoveryMockHandlerNotFound();


                var discoveryHandler = MockHelpers.CreateInstanceDiscoveryMockHandler(
                    "https://login.microsoftonline.com/common/discovery/instance",
                    TestConstants.DiscoveryJsonResponse);

                var tokenHttpCallHandler = new MockHttpMessageHandler()
                {
                    ExpectedUrl     = "https://eastus.login.windows-ppe.net/17b189bc-2b81-4ec5-aa51-3e628cbc931b/oauth2/v2.0/token",
                    ExpectedMethod  = HttpMethod.Post,
                    ResponseMessage = CreateResponse(true)
                };

                httpManager.AddMockHandler(discoveryHandler);
                httpManager.AddMockHandler(tokenHttpCallHandler);

                var app = ConfidentialClientApplicationBuilder
                          .Create(TestConstants.ClientId)
                          .WithAuthority("https://login.windows-ppe.net/common", true)
                          .WithHttpManager(httpManager)
                          .WithAzureRegion("eastus")
                          .WithClientSecret(TestConstants.ClientSecret)
                          .Build();

                AuthenticationResult result = await app
                                              .AcquireTokenForClient(TestConstants.s_scope)
                                              .WithAuthority("https://login.windows-ppe.net/17b189bc-2b81-4ec5-aa51-3e628cbc931b")
                                              .ExecuteAsync()
                                              .ConfigureAwait(false);

                Assert.AreEqual("eastus", result.ApiEvent.RegionUsed);
                Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
                Assert.AreEqual(
                    "https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https%3A%2F%2Flogin.windows-ppe.net%2F17b189bc-2b81-4ec5-aa51-3e628cbc931b%2Foauth2%2Fv2.0%2Fauthorize",
                    discoveryHandler.ActualRequestMessage.RequestUri.AbsoluteUri,
                    "Authority validation is made on https://login.microsoftonline.com/ and it validates the auth_endpoint of the non-regional authority");

                result = await app
                         .AcquireTokenForClient(TestConstants.s_scope)
                         .WithAuthority("https://login.windows-ppe.net/17b189bc-2b81-4ec5-aa51-3e628cbc931b")
                         .ExecuteAsync()
                         .ConfigureAwait(false);

                Assert.AreEqual("eastus", result.ApiEvent.RegionUsed);
                Assert.AreEqual(TokenSource.Cache, result.AuthenticationResultMetadata.TokenSource);
            }
        }
Beispiel #4
0
        public async Task RegionNotFoundAndFallbackToGlobalIsFalseAsync()
        {
            _httpManager.AddRegionDiscoveryMockHandlerNotFound();

            var app = CreateApp();

            try
            {
                AuthenticationResult result = await app
                                              .AcquireTokenForClient(TestConstants.s_scope)
                                              .WithPreferredAzureRegion(true, fallbackToGlobal: false)
                                              .ExecuteAsync(CancellationToken.None)
                                              .ConfigureAwait(false);

                Assert.Fail("Exception should be thrown");
            }
            catch (MsalServiceException e)
            {
                Assert.IsNotNull(e);
                Assert.AreEqual(MsalError.RegionDiscoveryFailed, e.ErrorCode);
                Assert.AreEqual(MsalErrorMessage.RegionDiscoveryFailed, e.Message);
            }
        }
Beispiel #5
0
        // regression: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2686
        public async Task OtherCloudWithAuthorityValidationAsync()
        {
            const string imdsError          = "IMDS call failed with exception";
            const string autoDiscoveryError = "Auto-discovery failed in the past. Not trying again. IMDS call failed";

            using (var httpManager = new MockHttpManager())
            {
                httpManager.AddRegionDiscoveryMockHandlerNotFound();

                var discoveryHandler = MockHelpers.CreateInstanceDiscoveryMockHandler(
                    "https://login.microsoftonline.com/common/discovery/instance",
                    TestConstants.DiscoveryJsonResponse);

                var tokenHttpCallHandler = new MockHttpMessageHandler()
                {
                    ExpectedUrl     = "https://eastus.login.windows-ppe.org/17b189bc-2b81-4ec5-aa51-3e628cbc931b/oauth2/v2.0/token",
                    ExpectedMethod  = HttpMethod.Post,
                    ResponseMessage = CreateResponse(true)
                };

                httpManager.AddMockHandler(discoveryHandler);
                httpManager.AddMockHandler(tokenHttpCallHandler);

                var app = ConfidentialClientApplicationBuilder
                          .Create(TestConstants.ClientId)
                          .WithAuthority("https://" + TestConstants.PpeOrgEnvironment + "/common", true)        //login.windows-ppe.org is not known to MSAL
                          .WithHttpManager(httpManager)
                          .WithAzureRegion(EastUsRegion)
                          .WithClientSecret(TestConstants.ClientSecret)
                          .Build();

#pragma warning disable CS0618 // Type or member is obsolete
                AuthenticationResult result = await app
                                              .AcquireTokenForClient(TestConstants.s_scope)
                                              .WithAuthority("https://" + TestConstants.PpeOrgEnvironment + "/17b189bc-2b81-4ec5-aa51-3e628cbc931b")
                                              .ExecuteAsync()
                                              .ConfigureAwait(false);

                Assert.AreEqual(EastUsRegion, result.ApiEvent.RegionUsed);
                Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
                Assert.AreEqual(
                    "https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https%3A%2F%2Flogin.windows-ppe.org%2F17b189bc-2b81-4ec5-aa51-3e628cbc931b%2Foauth2%2Fv2.0%2Fauthorize",
                    discoveryHandler.ActualRequestMessage.RequestUri.AbsoluteUri,
                    "Authority validation is made on https://login.microsoftonline.com/ and it validates the auth_endpoint of the non-regional authority");
                Assert.AreEqual(EastUsRegion, result.AuthenticationResultMetadata.RegionDetails.RegionUsed);
                Assert.AreEqual(RegionOutcome.UserProvidedAutodetectionFailed, result.AuthenticationResultMetadata.RegionDetails.RegionOutcome);
                Assert.IsTrue(result.AuthenticationResultMetadata.RegionDetails.AutoDetectionError.Contains(imdsError));

                result = await app
                         .AcquireTokenForClient(TestConstants.s_scope)
                         .WithAuthority("https://" + TestConstants.PpeOrgEnvironment + "/17b189bc-2b81-4ec5-aa51-3e628cbc931b")
                         .ExecuteAsync()
                         .ConfigureAwait(false);

#pragma warning restore CS0618 // Type or member is obsolete

                Assert.AreEqual(EastUsRegion, result.ApiEvent.RegionUsed);
                Assert.AreEqual(TokenSource.Cache, result.AuthenticationResultMetadata.TokenSource);
                Assert.AreEqual(EastUsRegion, result.AuthenticationResultMetadata.RegionDetails.RegionUsed);
                Assert.AreEqual(RegionOutcome.UserProvidedAutodetectionFailed, result.AuthenticationResultMetadata.RegionDetails.RegionOutcome);
                Assert.IsTrue(result.AuthenticationResultMetadata.RegionDetails.AutoDetectionError.Contains(autoDiscoveryError));
            }
        }