public void WsFederationAuthenticationMessage_Publics() { string issuerAdderss = @"http://www.gotjwt.com"; string wreply = @"http://www.relyingparty.com"; string wct = Guid.NewGuid().ToString(); WsFederationMessage wsFederationMessage = new WsFederationMessage { IssuerAddress = issuerAdderss, Wreply = wreply, Wct = wct, }; wsFederationMessage.SetParameter("bob", null); wsFederationMessage.Parameters.Add("bob", null); string uriString = wsFederationMessage.BuildRedirectUrl(); Uri uri = new Uri(uriString); WsFederationMessage wsFederationMessageReturned = WsFederationMessage.FromQueryString(uri.Query); wsFederationMessageReturned.IssuerAddress = issuerAdderss; wsFederationMessageReturned.Parameters.Add("bob", null); Assert.IsTrue(MessageComparer.AreEqual(wsFederationMessage, wsFederationMessageReturned)); wsFederationMessageReturned = WsFederationMessage.FromUri(uri); wsFederationMessageReturned.IssuerAddress = issuerAdderss; wsFederationMessageReturned.Parameters.Add("bob", null); Assert.IsTrue(MessageComparer.AreEqual(wsFederationMessage, wsFederationMessageReturned)); }
public void WaSignIn(WsFederationSigninMessageTheoryData theoryData) { var context = TestUtilities.WriteHeader($"{this}.WaSignIn", theoryData); try { var fedMessage = WsFederationMessage.FromQueryString(theoryData.QueryString); var token = fedMessage.GetToken(); if (theoryData.TokenValidationParameters != null) { theoryData.SecurityTokenHandler.ValidateToken(token, theoryData.TokenValidationParameters, out SecurityToken validatedToken); if (theoryData.SecurityToken != null) { IdentityComparer.AreEqual(theoryData.SecurityToken, validatedToken, context); } } theoryData.ExpectedException.ProcessNoException(context); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } TestUtilities.AssertFailIfErrors(context); }
public void ParametersTest(WsFederationMessageTheoryData theoryData) { TestUtilities.WriteHeader($"{this}.ParametersTest", theoryData); try { var wsFederationMessage = new WsFederationMessage { IssuerAddress = theoryData.IssuerAddress, Wreply = theoryData.Wreply, Wct = theoryData.Wct }; Assert.Equal(theoryData.IssuerAddress, wsFederationMessage.IssuerAddress); Assert.Equal(theoryData.Wreply, wsFederationMessage.Wreply); Assert.Equal(theoryData.Wct, wsFederationMessage.Wct); // add parameter wsFederationMessage.SetParameter(theoryData.Parameter1.Key, theoryData.Parameter1.Value); // add parameters var nameValueCollection = new NameValueCollection { { theoryData.Parameter2.Key, theoryData.Parameter2.Value }, { theoryData.Parameter3.Key, theoryData.Parameter3.Value } }; wsFederationMessage.SetParameters(nameValueCollection); // validate the parameters are added Assert.Equal(theoryData.Parameter1.Value, wsFederationMessage.Parameters[theoryData.Parameter1.Key]); Assert.Equal(theoryData.Parameter2.Value, wsFederationMessage.Parameters[theoryData.Parameter2.Key]); Assert.Equal(theoryData.Parameter3.Value, wsFederationMessage.Parameters[theoryData.Parameter3.Key]); // remove parameter wsFederationMessage.SetParameter(theoryData.Parameter1.Key, null); // validate the parameter is removed Assert.False(wsFederationMessage.Parameters.ContainsKey(theoryData.Parameter1.Key)); // create redirectUri var uriString = wsFederationMessage.BuildRedirectUrl(); Uri uri = new Uri(uriString); // convert query back to WsFederationMessage var wsFederationMessageReturned = WsFederationMessage.FromQueryString(uri.Query); // validate the parameters in the returned wsFederationMessage Assert.Equal(theoryData.Parameter2.Value, wsFederationMessageReturned.Parameters[theoryData.Parameter2.Key]); Assert.Equal(theoryData.Parameter3.Value, wsFederationMessageReturned.Parameters[theoryData.Parameter3.Key]); theoryData.ExpectedException.ProcessNoException(); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex); } }
private WsFederationMessage GetSignInRequestMessage(string returnUrl) { var decoded = WebUtility.UrlDecode(returnUrl); WsFederationMessage message = WsFederationMessage.FromQueryString(decoded); if (message.IsSignInMessage) { return(message); } return(null); }
public async Task <IEndpointResult> ProcessAsync(HttpContext context) { _logger.LogDebug("Processing WsFederation request."); if (!HttpMethods.IsGet(context.Request.Method)) { _logger.LogWarning($"WsFederation endpoint only supports GET requests. Current method is {context.Request.Method}"); return(new StatusCodeResult(HttpStatusCode.MethodNotAllowed)); } var queryString = context.Request.QueryString; _logger.LogDebug($"Proccessing WsFederation signin request with QueryString: {queryString}."); var message = WsFederationMessage.FromQueryString(queryString.Value); var user = await _userSession.GetUserAsync(); if (message.IsSignOutMessage) { var signoutValidationResult = await _signoutValidator.ValidateAsync(message); return(new WsFederationSignoutResult(signoutValidationResult)); } else //Sign in validator also handles errors for unsupported wa { var validationResult = await _signinValidator.ValidateAsync(message, user); if (validationResult.IsError) { _logger.LogError("WsFederation Signin request validation failed."); return(new WsFederationSigninResult(new WsFederationSigninResponse { Request = validationResult.ValidatedRequest, Error = validationResult.Error, ErrorDescription = validationResult.ErrorDescription })); } //if needed, show login page if (IsLoginRequired(user, message)) { return(new WsFederationLoginPageResult(validationResult.ValidatedRequest)); } //Otherwise, return result var response = await _responseGenerator.GenerateResponseAsync(validationResult.ValidatedRequest); _logger.LogTrace("End get WsFederation signin request."); return(new WsFederationSigninResult(response)); } }
public void QueryStringTest(WsFederationMessageTheoryData theoryData) { var context = TestUtilities.WriteHeader($"{this}.QueryStringTest", theoryData); try { var wsFederationMessage = WsFederationMessage.FromQueryString(theoryData.WsFederationMessageTestSet.Xml); theoryData.ExpectedException.ProcessNoException(); IdentityComparer.AreWsFederationMessagesEqual(wsFederationMessage, theoryData.WsFederationMessageTestSet.WsFederationMessage, context); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex); } TestUtilities.AssertFailIfErrors(context); }
/// <summary> /// Processes the request. /// </summary> /// <param name="request">The request.</param> /// <param name="helper">The helper.</param> /// <returns></returns> public async Task <IActionResult> ProcessRequestAsync(HttpRequest request, IUrlHelper helper) { var queryString = request.QueryString; var user = await _userSession.GetUserAsync().ConfigureAwait(false); var message = WsFederationMessage.FromQueryString(queryString.ToString()); if (message.IsSignInMessage) { return(await ProcessSignInAsync(message, user, request, helper).ConfigureAwait(false)); } if (message.IsSignOutMessage) { return(new RedirectResult($"~/connect/endsession{queryString}")); } return(new BadRequestObjectResult("Invalid WS-Federation request")); }
public async Task Invoke(HttpContext context) { var segment = _options.WsFedEndpoint; if (context.Request.Path.StartsWithSegments(new PathString(segment), StringComparison.InvariantCultureIgnoreCase)) { _logger.LogInformation("Received WsFed Request. {0}", context.Request.QueryString.ToUriComponent()); if (!context.User.Identity.IsAuthenticated) { _logger.LogInformation("User is not authenticated. Redirecting to authentication provider"); var qs = context.Request.QueryString; var url = $"{context.Request.Scheme}://{context.Request.Host}{context.Request.PathBase}{segment}/{context.Request.QueryString}"; await context.ChallengeAsync(new AuthenticationProperties { RedirectUri = url }); return; } var message = WsFederationMessage.FromQueryString(context.Request.QueryString.ToUriComponent()); if (message.IsSignInMessage) { var relyingParty = await _relyingPartyStore.GetByRealm(message.Wtrealm); if (relyingParty == null) { _logger.LogWarning("No relying party found for realm {0}", message.Wtrealm); context.Response.StatusCode = (int)HttpStatusCode.BadRequest; await context.Response.WriteAsync($"The realm { message.Wtrealm} is not registered"); } _logger.LogWarning("Processing WsFed Sign In for realm {0}", message.Wtrealm); var output = await HandleSignIn(message, context, relyingParty.ReplyUrl); context.Response.ContentType = "text/html"; await context.Response.WriteAsync(output); return; } else if (message.IsSignOutMessage) { _logger.LogWarning("Processing WsFed Sign Out"); var output = await HandleSignOut(message, context); context.Response.ContentType = "text/html"; await context.Response.WriteAsync(output); return; } context.Response.StatusCode = (int)HttpStatusCode.BadRequest; await context.Response.WriteAsync($"Invalid Ws-Fed Request Message"); return; } await _next(context); }