public async Task WsFederation_signin_request_with_wfresh_user_is_authenticated_wfresh_in_time_frame_return_assertion_success()
        {
            // login user
            var subjectId     = "user1";
            var loginUrl      = string.Format("/account/login?subjectId={0}", WebUtility.UrlEncode(subjectId));
            var loginResponse = await _client.GetAsync(loginUrl);

            var authTime = DateTime.UtcNow;

            // create ws fed sigin message with wfresh=5
            var wsMessage = new WsFederationMessage
            {
                Wa            = "wsignin1.0",
                IssuerAddress = "/wsfederation",
                Wtrealm       = "urn:owinrp",
                Wreply        = "http://localhost:10313/",
                Wfresh        = "5",
            };
            var signInUrl = wsMessage.CreateSignInUrl();
            var request   = new HttpRequestMessage(HttpMethod.Get, signInUrl);

            // test server doesnt save cookies between requests,
            // so we set them explicitly for the next request
            request.SetCookiesFromResponse(loginResponse);

            var response = await _client.SendAsync(request);

            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            var contentAsText = await response.Content.ReadAsStringAsync();

            Assert.NotEqual(String.Empty, contentAsText);
            Assert.Contains("action=\"http://localhost:10313/\"", contentAsText);

            // extract wreturn to use it later to check if our token is a valid token
            var wreturn           = ExtractInBetween(contentAsText, "wresult\" value=\"", "\"");
            var wsResponseMessage = new WsFederationMessage
            {
                Wresult = WebUtility.HtmlDecode(wreturn),
            };
            var tokenString  = wsResponseMessage.GetToken();
            var handler      = new SamlSecurityTokenHandler();
            var canReadToken = handler.CanReadToken(tokenString);

            Assert.True(canReadToken);
            var token          = handler.ReadSamlToken(tokenString);
            var authStatements = token.Assertion.Statements.OfType <SamlAuthenticationStatement>();

            Assert.Equal(1, authStatements.Count());
            var authStatement = authStatements.First();

            Assert.True(authStatement.AuthenticationInstant <= authTime.AddMinutes(5));
        }
        public async Task WsFederation_signin_request_with_wfresh_set_to_0_user_is_authenticated_force_resignin_return_assertion_success()
        {
            // login user
            var subjectId     = "user1";
            var loginUrl      = string.Format("/account/login?subjectId={0}", WebUtility.UrlEncode(subjectId));
            var loginResponse = await _client.GetAsync(loginUrl);

            var authTime = DateTime.UtcNow;

            Thread.Sleep(3000); // TODO: bad workaround to sumulate login for 3 seconds

            // create ws fed sigin message with wfresh
            var wsMessage = new WsFederationMessage
            {
                Wa            = "wsignin1.0",
                IssuerAddress = "/wsfederation",
                Wtrealm       = "urn:owinrp",
                Wreply        = "http://localhost:10313/",
                Wfresh        = "0",
            };
            var uri     = wsMessage.CreateSignInUrl();
            var request = new HttpRequestMessage(HttpMethod.Get, uri);

            // test server doesnt save cookies between requests,
            // so we set them explicitly for the next request
            request.SetCookiesFromResponse(loginResponse);

            // make auth request, for allready logged in user
            var response = await _client.SendAsync(request);

            // redirect to sign in package because we enforce it with wfresh=0
            Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);

            uri     = response.Headers.Location.OriginalString + "&subjectId=" + subjectId;
            request = new HttpRequestMessage(HttpMethod.Get, uri);
            request.SetCookiesFromResponse(response);

            // login again to satisfy wfresh=0
            response = await _client.SendAsync(request);

            Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);

            uri     = response.Headers.Location.OriginalString;
            request = new HttpRequestMessage(HttpMethod.Get, uri);
            request.SetCookiesFromResponse(response);

            // do the redirect to auth endpoint
            response = await _client.SendAsync(request);

            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            var contentAsText = await response.Content.ReadAsStringAsync();

            Assert.NotEqual(String.Empty, contentAsText);
            Assert.Contains("action=\"http://localhost:10313/\"", contentAsText);

            // extract wreturn to use it later to check if our token is a valid token
            var wreturn           = ExtractInBetween(contentAsText, "wresult\" value=\"", "\"");
            var wsResponseMessage = new WsFederationMessage
            {
                Wresult = WebUtility.HtmlDecode(wreturn),
            };
            var tokenString  = wsResponseMessage.GetToken();
            var handler      = new SamlSecurityTokenHandler();
            var canReadToken = handler.CanReadToken(tokenString);

            Assert.True(canReadToken);
            var token          = handler.ReadSamlToken(tokenString);
            var authStatements = token.Assertion.Statements.OfType <SamlAuthenticationStatement>();

            Assert.Equal(1, authStatements.Count());
            var authStatement = authStatements.First();

            Assert.True(authStatement.AuthenticationInstant <= authTime.AddMinutes(5));
        }