public static void AddValidateAudienceTheoryData(List <TokenTheoryData> theoryData)
{
theoryData.Add(new TokenTheoryData
{
Audiences = new List <string>(),
First = true,
ExpectedException = ExpectedException.ArgumentNullException("IDX10000:"),
TestId = "TokenValidationParameters null",
ValidationParameters = null,
});
theoryData.Add(new TokenTheoryData
{
Audiences = new List <string>(),
TestId = "ValidateAudience = false",
ValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
},
});
theoryData.Add(new TokenTheoryData
{
Audiences = new List <string>(),
ExpectedException = ExpectedException.SecurityTokenInvalidAudienceException("IDX10208:"),
TestId = "no audiences in validationParameters",
ValidationParameters = new TokenValidationParameters
{
ValidateAudience = true,
},
});
theoryData.Add(new TokenTheoryData
{
Audiences = new List <string> {
"John"
},
ExpectedException = ExpectedException.SecurityTokenInvalidAudienceException("IDX10208:"),
TestId = "audience has value, tvp has no values",
ValidationParameters = new TokenValidationParameters
{
ValidateAudience = true,
},
});
theoryData.Add(new TokenTheoryData
{
Audiences = new List <string> {
"John"
},
ExpectedException = ExpectedException.SecurityTokenInvalidAudienceException("IDX10214:"),
TestId = "audience not matched",
ValidationParameters = new TokenValidationParameters
{
ValidateAudience = true,
ValidAudience = "frank"
},
});
theoryData.Add(new TokenTheoryData
{
Audiences = new List <string> {
"John"
},
TestId = "AudienceValidator returns true",
ValidationParameters = new TokenValidationParameters
{
AudienceValidator = (aud, token, type) =>
{
return(true);
},
ValidateAudience = true,
ValidAudience = "frank"
},
});
theoryData.Add(new TokenTheoryData
{
Audiences = new List <string> {
"John"
},
TestId = "AudienceValidator throws, validateAudience false",
ValidationParameters = new TokenValidationParameters
{
AudienceValidator = ValidationDelegates.AudienceValidatorThrows,
ValidateAudience = false,
ValidAudience = "frank"
},
});
}
private void ValidateAudience()
{
Saml2SecurityTokenHandler tokenHandler = new Saml2SecurityTokenHandler();
ExpectedException expectedException;
string samlString = IdentityUtilities.CreateSaml2Token();
TokenValidationParameters validationParameters =
new TokenValidationParameters
{
IssuerSigningKey = IdentityUtilities.DefaultAsymmetricSigningKey,
RequireExpirationTime = false,
RequireSignedTokens = false,
ValidIssuer = IdentityUtilities.DefaultIssuer,
};
// Do not validate audience
validationParameters.ValidateAudience = false;
expectedException = ExpectedException.NoExceptionExpected;
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
// no valid audiences
validationParameters.ValidateAudience = true;
expectedException = ExpectedException.SecurityTokenInvalidAudienceException("IDX10208");
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
validationParameters.ValidateAudience = true;
validationParameters.ValidAudience = "John";
expectedException = new ExpectedException(typeExpected: typeof(SecurityTokenInvalidAudienceException), substringExpected: "IDX10214");
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
// UriKind.Absolute, no match.
validationParameters.ValidateAudience = true;
validationParameters.ValidAudience = IdentityUtilities.NotDefaultAudience;
expectedException = new ExpectedException(typeExpected: typeof(SecurityTokenInvalidAudienceException), substringExpected: "IDX10214");
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
expectedException = ExpectedException.NoExceptionExpected;
validationParameters.ValidAudience = IdentityUtilities.DefaultAudience;
validationParameters.ValidAudiences = null;
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
// !UriKind.Absolute
List <string> audiences = new List <string> {
"John", "Paul", "George", "Ringo"
};
validationParameters.ValidAudience = null;
validationParameters.ValidAudiences = audiences;
validationParameters.ValidateAudience = false;
expectedException = ExpectedException.NoExceptionExpected;
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
// UriKind.Absolute, no match
audiences = new List <string> {
"http://www.John.com", "http://www.Paul.com", "http://www.George.com", "http://www.Ringo.com", " "
};
validationParameters.ValidAudience = null;
validationParameters.ValidAudiences = audiences;
validationParameters.ValidateAudience = false;
expectedException = ExpectedException.NoExceptionExpected;
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
validationParameters.ValidateAudience = true;
expectedException = new ExpectedException(typeExpected: typeof(SecurityTokenInvalidAudienceException), substringExpected: "IDX10214");
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
validationParameters.ValidateAudience = true;
expectedException = ExpectedException.NoExceptionExpected;
audiences.Add(IdentityUtilities.DefaultAudience);
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
validationParameters.AudienceValidator =
(aud, token, tvp) =>
{
return(false);
};
expectedException = new ExpectedException(typeExpected: typeof(SecurityTokenInvalidAudienceException), substringExpected: "IDX10231:");
audiences.Add(IdentityUtilities.DefaultAudience);
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
validationParameters.ValidateAudience = false;
validationParameters.AudienceValidator = IdentityUtilities.AudienceValidatorThrows;
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: ExpectedException.NoExceptionExpected);
}