public void AcquireTokenByIntegratedWindowsAuthTest_ManagedUser() { // Arrange using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityHomeTenant); AddMockHandlerDefaultUserRealmDiscovery_ManagedUser(httpManager); var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority); // Act var exception = AssertException.TaskThrows <MsalClientException>( async() => await app.AcquireTokenByIntegratedWindowsAuthAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username) .ConfigureAwait(false)); // Assert Assert.AreEqual(MsalError.IntegratedWindowsAuthNotSupportedForManagedUser, exception.ErrorCode); } }
public async Task AcquireTokenByIntegratedWindowsAuthTest_ManagedUserAsync() { // Arrange using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant); AddMockHandlerDefaultUserRealmDiscovery_ManagedUser(httpManager); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); // Act MsalClientException exception = await AssertException.TaskThrowsAsync <MsalClientException>( async() => await app .AcquireTokenByIntegratedWindowsAuth(TestConstants.s_scope) .WithUsername(TestConstants.s_user.Username) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false)).ConfigureAwait(false); // Assert Assert.AreEqual(MsalError.IntegratedWindowsAuthNotSupportedForManagedUser, exception.ErrorCode); } }
public async Task FederatedUsernameNullPasswordTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); // Mex does not return integrated auth endpoint (.../13/windowstransport) httpManager.AddMockHandlerContentNotFound(HttpMethod.Post, "https://msft.sts.microsoft.com/adfs/services/trust/13/windowstransport"); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); SecureString str = null; // Call acquire token MsalClientException result = await AssertException.TaskThrowsAsync <MsalClientException>( async() => await app.AcquireTokenByUsernamePassword( TestConstants.s_scope, TestConstants.s_user.Username, str).ExecuteAsync(CancellationToken.None).ConfigureAwait(false)).ConfigureAwait(false); // Check inner exception Assert.AreEqual(MsalError.ParsingWsTrustResponseFailed, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); } }
public async Task GetAuthorizationRequestUrlNoRedirectUriTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); var app = ConfidentialClientApplicationBuilder.Create(MsalTestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithRedirectUri(MsalTestConstants.RedirectUri) .WithClientSecret(MsalTestConstants.ClientSecret) .WithHttpManager(httpManager) .BuildConcrete(); httpManager.AddMockHandlerForTenantEndpointDiscovery(app.Authority); var uri = await app .GetAuthorizationRequestUrl(MsalTestConstants.Scope) .WithLoginHint(MsalTestConstants.DisplayableId) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsNotNull(uri); Dictionary <string, string> qp = CoreHelpers.ParseKeyValueList(uri.Query.Substring(1), '&', true, null); ValidateCommonQueryParams(qp); Assert.AreEqual("offline_access openid profile r1/scope1 r1/scope2", qp["scope"]); } }
public async Task ConfidentialClientUsingSecretNoCacheProvidedTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); var app = ConfidentialClientApplicationBuilder.Create(MsalTestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithRedirectUri(MsalTestConstants.RedirectUri) .WithClientSecret(MsalTestConstants.ClientSecret) .WithHttpManager(httpManager) .BuildConcrete(); httpManager.AddMockHandlerForTenantEndpointDiscovery(app.Authority); httpManager.AddMockHandlerSuccessfulClientCredentialTokenResponseMessage(); var result = await app.AcquireTokenForClient(MsalTestConstants.Scope.ToArray()).ExecuteAsync(CancellationToken.None).ConfigureAwait(false); Assert.IsNotNull(result); Assert.IsNotNull("header.payload.signature", result.AccessToken); Assert.AreEqual(MsalTestConstants.Scope.AsSingleString(), result.Scopes.AsSingleString()); Assert.IsNotNull(app.UserTokenCache); Assert.IsNotNull(app.AppTokenCache); } }
public async Task AcquireTokenByIntegratedWindowsAuthTestAsync() { var ui = new MockWebUI { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityHomeTenant + "?code=some-code") }; using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityHomeTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); AddMockHandlerWsTrustWindowsTransport(httpManager); AddMockHandlerAadSuccess(httpManager, MsalTestConstants.AuthorityHomeTenant); var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority); var result = await app .AcquireTokenByIntegratedWindowsAuthAsync(MsalTestConstants.Scope, MsalTestConstants.User.Username) .ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); Assert.IsNotNull(result.Account); Assert.AreEqual(MsalTestConstants.DisplayableId, result.Account.Username); } }
public void B2CAcquireTokenWithValidateAuthorityTrueTest() { using (var httpManager = new MockHttpManager()) { PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(TestConstants.B2CLoginAuthority), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); MsalMockHelpers.ConfigureMockWebUI( app.ServiceBundle.PlatformProxy, AuthorizationResult.FromUri(app.AppConfig.RedirectUri + "?code=some-code")); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.B2CLoginAuthority); httpManager.AddSuccessTokenResponseMockHandlerForPost(TestConstants.B2CLoginAuthority); AuthenticationResult result = app .AcquireTokenInteractive(TestConstants.s_scope) .ExecuteAsync(CancellationToken.None) .Result; Assert.IsNotNull(result); Assert.IsNotNull(result.Account); } }
public async Task MexParsingFailsTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); // MEX httpManager.AddMockHandlerContentNotFound(HttpMethod.Get, "https://msft.sts.microsoft.com/adfs/services/trust/mex"); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); // Call acquire token MsalServiceException result = await AssertException.TaskThrowsAsync <MsalServiceException>( async() => await app.AcquireTokenByUsernamePassword( TestConstants.s_scope, TestConstants.s_user.Username, _secureString).ExecuteAsync(CancellationToken.None).ConfigureAwait(false)).ConfigureAwait(false); // Check inner exception Assert.AreEqual("Response status code does not indicate success: 404 (NotFound).", result.Message); // There should be no cached entries. Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); } }
private ConfidentialClientApplication CreateConfidentialClient( IServiceBundle serviceBundle, MockHttpManager httpManager, ClientCredential cc, int tokenResponses) { var app = new ConfidentialClientApplication( serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority, MsalTestConstants.RedirectUri, cc, new TokenCache(), new TokenCache()) { ValidateAuthority = false }; httpManager.AddMockHandlerForTenantEndpointDiscovery(app.Authority); for (int i = 0; i < tokenResponses; i++) { httpManager.AddMockHandlerSuccessfulClientCredentialTokenResponseMessage(); } return(app); }
private static void AddHttpMocks(TokenResponseType aadResponse, MockHttpManager httpManager, bool pca) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery( pca ? TestConstants.AuthorityUtidTenant : TestConstants.AadAuthorityWithTestTenantId); AddTokenResponse(aadResponse, httpManager); }
private static void AddHttpMocks(TokenResponseType aadResponse, MockHttpManager httpManager) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery( TestConstants.AuthorityUtidTenant); AddTokenResponse(aadResponse, httpManager); }
internal MockHttpMessageHandler AddMockResponseForFederatedAccounts(MockHttpManager httpManager) { httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant); MockHttpMessageHandler realmDiscoveryHandler = AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); AddMockHandlerWsTrustUserName(httpManager); AddMockHandlerAadSuccess(httpManager, TestConstants.AuthorityCommonTenant); return(realmDiscoveryHandler); }
public async Task ForceRefreshParameterTrueTestAsync() { var receiver = new MyReceiver(); using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); var app = ConfidentialClientApplicationBuilder .Create(MsalTestConstants.ClientId) .WithAuthority(new Uri(MsalTestConstants.AuthorityTestTenant), true) .WithRedirectUri(MsalTestConstants.RedirectUri) .WithClientSecret(MsalTestConstants.ClientSecret) .WithHttpManager(httpManager) .WithTelemetry(receiver.HandleTelemetryEvents) .BuildConcrete(); _tokenCacheHelper.PopulateCache(app.AppTokenCacheInternal.Accessor); httpManager.AddMockHandlerForTenantEndpointDiscovery(app.Authority); // add mock response for successful token retrieval const string TokenRetrievedFromNetCall = "token retrieved from network call"; httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessfulClientCredentialTokenResponseMessage(TokenRetrievedFromNetCall) }); var result = await app .AcquireTokenForClient(MsalTestConstants.Scope) .WithForceRefresh(true) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.AreEqual(TokenRetrievedFromNetCall, result.AccessToken); // make sure token in Cache was updated var accessTokens = await app.AppTokenCacheInternal.GetAllAccessTokensAsync(true).ConfigureAwait(false); var accessTokenInCache = accessTokens .Where(item => ScopeHelper.ScopeContains(item.ScopeSet, MsalTestConstants.Scope)) .ToList().FirstOrDefault(); Assert.AreEqual(TokenRetrievedFromNetCall, accessTokenInCache.Secret); Assert.IsNotNull( receiver.EventsReceived.Find( anEvent => // Expect finding such an event anEvent[EventBase.EventNameKey].EndsWith("api_event") && anEvent[ApiEvent.WasSuccessfulKey] == "true" && anEvent[MsalTelemetryBlobEventNames.ApiIdConstStrKey] == "1004")); } }
public async Task ConfidentialClientUsingSecretTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); var app = ConfidentialClientApplicationBuilder.Create(MsalTestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithRedirectUri(MsalTestConstants.RedirectUri) .WithClientSecret(MsalTestConstants.ClientSecret) .WithHttpManager(httpManager) .BuildConcrete(); httpManager.AddMockHandlerForTenantEndpointDiscovery(app.Authority); httpManager.AddMockHandlerSuccessfulClientCredentialTokenResponseMessage(); var appCacheAccess = app.AppTokenCache.RecordAccess(); var userCacheAccess = app.UserTokenCache.RecordAccess(); var result = await app.AcquireTokenForClient(MsalTestConstants.Scope.ToArray()).ExecuteAsync(CancellationToken.None).ConfigureAwait(false); Assert.IsNotNull(result); Assert.IsNotNull("header.payload.signature", result.AccessToken); Assert.AreEqual(MsalTestConstants.Scope.AsSingleString(), result.Scopes.AsSingleString()); // make sure user token cache is empty Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); // check app token cache count to be 1 Assert.AreEqual(1, app.AppTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(0, app.AppTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); appCacheAccess.AssertAccessCounts(1, 1); userCacheAccess.AssertAccessCounts(0, 0); // call AcquireTokenForClientAsync again to get result back from the cache result = await app.AcquireTokenForClient(MsalTestConstants.Scope.ToArray()).ExecuteAsync(CancellationToken.None).ConfigureAwait(false); Assert.IsNotNull(result); Assert.IsNotNull("header.payload.signature", result.AccessToken); Assert.AreEqual(MsalTestConstants.Scope.AsSingleString(), result.Scopes.AsSingleString()); // make sure user token cache is empty Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); // check app token cache count to be 1 Assert.AreEqual(1, app.AppTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(0, app.AppTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); appCacheAccess.AssertAccessCounts(2, 1); userCacheAccess.AssertAccessCounts(0, 0); } }
public void ManagedUsernamePasswordCommonAuthorityTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityCommonTenant); // user realm discovery httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( "{\"ver\":\"1.0\",\"account_type\":\"Managed\",\"domain_name\":\"id.com\"}") }, QueryParams = new Dictionary <string, string> { { "api-version", "1.0" } } }); httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidRequestTokenResponseMessage() }); _cache.ClientId = MsalTestConstants.ClientId; var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority) { UserTokenCache = _cache }; // Call acquire token var result = AssertException.TaskThrows <MsalException>( async() => await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, _secureString).ConfigureAwait(false)); // Check inner exception Assert.AreEqual(CoreErrorCodes.InvalidRequest, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount); } }
public async Task UsernamePasswordInvalidClientTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant); // user realm discovery httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( "{\"ver\":\"1.0\",\"account_type\":\"Managed\",\"domain_name\":\"id.com\"}") }, ExpectedQueryParams = new Dictionary <string, string> { { "api-version", "1.0" } } }); // AAD httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token", ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidClientResponseMessage() }); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); // Call acquire token MsalServiceException result = await Assert.ThrowsExceptionAsync <MsalServiceException>( () => app.AcquireTokenByUsernamePassword( TestConstants.s_scope, TestConstants.s_user.Username, _secureString).ExecuteAsync()).ConfigureAwait(false); // Check inner exception Assert.AreEqual(MsalError.InvalidClient, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); } }
public void MexEndpointFailsToResolveTest() { var ui = new MockWebUI { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code") }; using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); // MEX httpManager.AddMockHandler( new MockHttpMessageHandler { Url = "https://msft.sts.microsoft.com/adfs/services/trust/mex", Method = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("TestMex.xml")) .Replace("<wsp:All>", " ")) } }); _cache.ClientId = MsalTestConstants.ClientId; var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority) { UserTokenCache = _cache }; // Call acquire token, Mex parser fails var result = AssertException.TaskThrows <MsalException>( async() => await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, _secureString).ConfigureAwait(false)); // Check exception message Assert.AreEqual("Parsing WS metadata exchange failed", result.Message); Assert.AreEqual("parsing_ws_metadata_exchange_failed", result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount); } }
private static void AddHttpMocks_BadTokenError(MockHttpManager httpManager) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery( TestConstants.AuthorityUtidTenant); var handler = new MockHttpMessageHandler() { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage(MsalError.BadToken) }; httpManager.AddMockHandler(handler); }
public async Task ManagedUsernamePasswordCommonAuthorityTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityCommonTenant); // user realm discovery httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( "{\"ver\":\"1.0\",\"account_type\":\"Managed\",\"domain_name\":\"id.com\"}") }, ExpectedQueryParams = new Dictionary <string, string> { { "api-version", "1.0" } } }); httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidRequestTokenResponseMessage() }); var app = PublicClientApplicationBuilder.Create(MsalTestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .BuildConcrete(); // Call acquire token var result = await AssertException.TaskThrowsAsync <MsalServiceException>( async() => await app.AcquireTokenByUsernamePassword( MsalTestConstants.Scope, MsalTestConstants.User.Username, _secureString).ExecuteAsync(CancellationToken.None).ConfigureAwait(false)).ConfigureAwait(false); // Check inner exception Assert.AreEqual(MsalError.InvalidRequest, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); } }
internal void AddMockResponseForFederatedAccounts(MockHttpManager httpManager) { var ui = new MockWebUI { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code") }; httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); AddMockHandlerWsTrustUserName(httpManager); AddMockHandlerAadSuccess(httpManager, MsalTestConstants.AuthorityOrganizationsTenant); }
public void FederatedUsernamePasswordCommonAuthorityTest() { var ui = new MockWebUI { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityCommonTenant + "?code=some-code") }; using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityCommonTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); AddMockHandlerWsTrustUserName(httpManager); // AAD httpManager.AddMockHandler( new MockHttpMessageHandler { Url = "https://login.microsoftonline.com/common/oauth2/v2.0/token", Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidRequestTokenResponseMessage() }); _cache.ClientId = MsalTestConstants.ClientId; var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority) { UserTokenCache = _cache }; // Call acquire token var result = AssertException.TaskThrows <MsalException>( async() => await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, _secureString).ConfigureAwait(false)); // Check inner exception Assert.AreEqual(CoreErrorCodes.InvalidRequest, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount); } }
public void AcquireTokenSilentScopeAndUserOverloadTenantSpecificAuthorityTest() { using (var httpManager = new MockHttpManager()) { PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(TestConstants.AuthorityGuestTenant), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); var tokenCacheHelper = new TokenCacheHelper(); tokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor); app.UserTokenCacheInternal.Accessor.DeleteAccessToken( new MsalAccessTokenCacheKey( TestConstants.ProductionPrefNetworkEnvironment, TestConstants.Utid, TestConstants.s_userIdentifier, TestConstants.ClientId, TestConstants.ScopeForAnotherResourceStr, TestConstants.Bearer)); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityGuestTenant); httpManager.AddMockHandler( new MockHttpMessageHandler() { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage( TestConstants.UniqueId, TestConstants.DisplayableId, TestConstants.s_scope.ToArray()) }); Task <AuthenticationResult> task = app .AcquireTokenSilent( TestConstants.s_scope.ToArray(), new Account(TestConstants.s_userIdentifier, TestConstants.DisplayableId, null)) .ExecuteAsync(CancellationToken.None); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(TestConstants.DisplayableId, result.Account.Username); Assert.AreEqual(TestConstants.s_scope.AsSingleString(), result.Scopes.AsSingleString()); } }
public void AcquireTokenSilentServiceErrorTest() { using (var httpManager = new MockHttpManager()) { PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityUtidTenant); //populate cache var tokenCacheHelper = new TokenCacheHelper(); tokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor); httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage() }); try { Task <AuthenticationResult> task = app .AcquireTokenSilent( TestConstants.s_cacheMissScope, new Account(TestConstants.s_userIdentifier, TestConstants.DisplayableId, null)) .WithAuthority(app.Authority) .WithForceRefresh(false) .ExecuteAsync(CancellationToken.None); AuthenticationResult result = task.Result; Assert.Fail("MsalUiRequiredException was expected"); } catch (AggregateException ex) { Assert.IsNotNull(ex.InnerException); Assert.IsTrue(ex.InnerException is MsalUiRequiredException); var msalExc = (MsalUiRequiredException)ex.InnerException; Assert.AreEqual(msalExc.ErrorCode, MsalError.InvalidGrantError); } } }
[WorkItem(695)] // Fix for https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/695 public void AcquireTokenSilentForceRefreshTest() { using (var httpManager = new MockHttpManager()) { PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); var tokenCacheHelper = new TokenCacheHelper(); tokenCacheHelper.PopulateCacheWithOneAccessToken(app.UserTokenCacheInternal.Accessor); var cacheAccess = app.UserTokenCache.RecordAccess(); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityUtidTenant); httpManager.AddMockHandler( new MockHttpMessageHandler() { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage( TestConstants.UniqueId, TestConstants.DisplayableId, TestConstants.s_scope.ToArray()) }); Task <AuthenticationResult> task = app .AcquireTokenSilent( TestConstants.s_scope.ToArray(), new Account(TestConstants.s_userIdentifier, TestConstants.DisplayableId, null)) .WithForceRefresh(true) .ExecuteAsync(CancellationToken.None); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(TestConstants.DisplayableId, result.Account.Username); Assert.AreEqual(TestConstants.s_scope.ToArray().AsSingleString(), result.Scopes.AsSingleString()); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); cacheAccess.AssertAccessCounts(1, 1); } }
public void FederatedUsernameNullPasswordTest() { var ui = new MockWebUI { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code") }; using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); // Mex does not return integrated auth endpoint (.../13/windowstransport) httpManager.AddMockHandlerContentNotFound(HttpMethod.Post, "https://msft.sts.microsoft.com/adfs/services/trust/13/windowstransport"); _cache.ClientId = MsalTestConstants.ClientId; var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority) { UserTokenCache = _cache }; SecureString str = null; // Call acquire token var result = AssertException.TaskThrows <MsalException>( async() => await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, str).ConfigureAwait(false)); // Check inner exception Assert.AreEqual(CoreErrorCodes.ParsingWsTrustResponseFailed, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount); } }
public async Task AcquireTokenByIntegratedWindowsAuthTestAsync() { IDictionary <string, string> extraQueryParamsAndClaims = TestConstants.s_extraQueryParams.ToDictionary(e => e.Key, e => e.Value); extraQueryParamsAndClaims.Add(OAuth2Parameter.Claims, TestConstants.Claims); using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant); MockHttpMessageHandler realmDiscoveryHandler = AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); AddMockHandlerWsTrustWindowsTransport(httpManager); MockHttpMessageHandler mockTokenRequestHttpHandler = AddMockHandlerAadSuccess(httpManager, TestConstants.AuthorityCommonTenant); mockTokenRequestHttpHandler.ExpectedQueryParams = extraQueryParamsAndClaims; PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .WithExtraQueryParameters(TestConstants.s_extraQueryParams) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); AuthenticationResult result = await app .AcquireTokenByIntegratedWindowsAuth(TestConstants.s_scope) .WithClaims(TestConstants.Claims) .WithUsername(TestConstants.s_user.Username) .ExecuteAsync().ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); Assert.IsNotNull(result.Account); Assert.AreEqual(TestConstants.DisplayableId, result.Account.Username); Assert.IsNotNull(realmDiscoveryHandler.ActualRequestMessage.Headers); StringAssert.Contains(realmDiscoveryHandler.ActualRequestMessage.Headers.ToString(), TestConstants.XClientSku, "Client info header should contain " + TestConstants.XClientSku, StringComparison.OrdinalIgnoreCase); StringAssert.Contains(realmDiscoveryHandler.ActualRequestMessage.Headers.ToString(), TestConstants.XClientVer, "Client info header should contain " + TestConstants.XClientVer, StringComparison.OrdinalIgnoreCase); } }
public async Task MexEndpointFailsToResolveTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityOrganizationsTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); // MEX httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedUrl = "https://msft.sts.microsoft.com/adfs/services/trust/mex", ExpectedMethod = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("TestMex.xml")) .Replace("<wsp:All>", " ")) } }); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); // Call acquire token, Mex parser fails MsalClientException result = await AssertException.TaskThrowsAsync <MsalClientException>( async() => await app.AcquireTokenByUsernamePassword( TestConstants.s_scope, TestConstants.s_user.Username, _secureString).ExecuteAsync(CancellationToken.None).ConfigureAwait(false)).ConfigureAwait(false); // Check exception message Assert.AreEqual("Parsing WS metadata exchange failed", result.Message); Assert.AreEqual("parsing_ws_metadata_exchange_failed", result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); } }
public async Task AcquireTokenByIntegratedWindowsAuthInvalidClientTestAsync() { IDictionary <string, string> extraQueryParamsAndClaims = TestConstants.s_extraQueryParams.ToDictionary(e => e.Key, e => e.Value); extraQueryParamsAndClaims.Add(OAuth2Parameter.Claims, TestConstants.Claims); using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant); MockHttpMessageHandler realmDiscoveryHandler = AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); AddMockHandlerWsTrustWindowsTransport(httpManager); httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token", ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidClientResponseMessage() }); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .WithExtraQueryParameters(TestConstants.s_extraQueryParams) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); MsalServiceException result = await AssertException.TaskThrowsAsync <MsalServiceException>( async() => await app.AcquireTokenByIntegratedWindowsAuth(TestConstants.s_scope) .WithClaims(TestConstants.Claims) .WithUsername(TestConstants.s_user.Username) .ExecuteAsync().ConfigureAwait(false)).ConfigureAwait(false); // Check inner exception Assert.AreEqual(MsalError.InvalidClient, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); } }
[Ignore] // This B2C scenario needs some rethinking public async Task AuthorizationCodeRequestTestAsync() { using (var httpManager = new MockHttpManager()) { var app = ConfidentialClientApplicationBuilder .Create(MsalTestConstants.ClientId) .WithAuthority(new Uri("https://" + MsalTestConstants.ProductionPrefNetworkEnvironment + "/tfp/home/policy"), true) .WithRedirectUri(MsalTestConstants.RedirectUri) .WithClientSecret("secret") .WithHttpManager(httpManager) .BuildConcrete(); app.UserTokenCache.SetBeforeAccess(BeforeCacheAccess); app.UserTokenCache.SetAfterAccess(AfterCacheAccess); httpManager.AddMockHandlerForTenantEndpointDiscovery("https://" + MsalTestConstants.ProductionPrefNetworkEnvironment + "/tfp/home/policy/", "p=policy"); httpManager.AddSuccessTokenResponseMockHandlerForPost("https://" + MsalTestConstants.ProductionPrefNetworkEnvironment + "/tfp/home/policy/"); var result = await app .AcquireTokenByAuthorizationCode(MsalTestConstants.Scope, "some-code") .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); app = ConfidentialClientApplicationBuilder.Create(MsalTestConstants.ClientId) .WithAuthority(new Uri("https://" + MsalTestConstants.ProductionPrefNetworkEnvironment + "/tfp/home/policy"), true) .WithRedirectUri(MsalTestConstants.RedirectUri) .WithClientSecret("secret") .WithHttpManager(httpManager) .BuildConcrete(); app.UserTokenCache.SetBeforeAccess(BeforeCacheAccess); app.UserTokenCache.SetAfterAccess(AfterCacheAccess); IEnumerable <IAccount> users = await app.GetAccountsAsync().ConfigureAwait(false); Assert.AreEqual(1, users.Count()); } }
public void MexParsingFailsTest() { var ui = new MockWebUI { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code") }; using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); // MEX httpManager.AddMockHandlerContentNotFound(HttpMethod.Get, "https://msft.sts.microsoft.com/adfs/services/trust/mex"); _cache.ClientId = MsalTestConstants.ClientId; var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority) { UserTokenCache = _cache }; // Call acquire token var result = AssertException.TaskThrows <MsalException>( async() => await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, _secureString).ConfigureAwait(false)); // Check inner exception Assert.AreEqual("Response status code does not indicate success: 404 (NotFound).", result.Message); // There should be no cached entries. Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount); } }