public async Task SovereignUserWorldWideAuthorityIntegrationTest()
{
// creating AuthenticationContext with common Authority
var authenticationContext =
new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, false, new TokenCache());
// mock value for authentication returnedUriInput, with cloud_instance_name claim
var authReturnedUriInputMock = TestConstants.DefaultRedirectUri + "?code=some-code" + "&" +
TokenResponseClaim.CloudInstanceHost + "=" + SovereignAuthorityHost;
MockHelpers.ConfigureMockWebUI(
new AuthorizationResult(AuthorizationStatus.Success, authReturnedUriInputMock),
// validate that authorizationUri passed to WebUi contains instance_aware query parameter
new Dictionary <string, string> {
{ "instance_aware", "true" }
});
HttpMessageHandlerFactory.AddMockHandler(MockHelpers.CreateInstanceDiscoveryMockHandler(TestConstants.GetDiscoveryEndpoint(TestConstants.DefaultAuthorityCommonTenant)));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityBlackforestTenant))
{
Method = HttpMethod.Post,
ResponseMessage =
MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.DefaultUniqueId,
TestConstants.DefaultDisplayableId, TestConstants.DefaultResource),
AdditionalRequestValidation = request =>
{
// make sure that Sovereign authority was used for Authorization request
Assert.AreEqual(SovereignAuthorityHost, request.RequestUri.Authority);
}
});
var authenticationResult = await authenticationContext.AcquireTokenAsync(TestConstants.DefaultResource,
TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, _platformParameters, UserIdentifier.AnyUser, "instance_aware=true");
// make sure that tenant specific sovereign Authority returned to the app in AuthenticationResult
Assert.AreEqual(_sovereignTenantSpecificAuthority, authenticationResult.Authority);
// make sure that AuthenticationContext Authority was updated
Assert.AreEqual(_sovereignTenantSpecificAuthority, authenticationContext.Authority);
// make sure AT was stored in the cache with tenant specific Sovereign Authority in the key
Assert.AreEqual(1, authenticationContext.TokenCache.tokenCacheDictionary.Count);
Assert.AreEqual(_sovereignTenantSpecificAuthority,
authenticationContext.TokenCache.tokenCacheDictionary.Keys.FirstOrDefault()?.Authority);
// all mocks are consumed
Assert.AreEqual(0, HttpMessageHandlerFactory.MockHandlersCount());
}
public void Initialize()
{
HttpMessageHandlerFactory.InitializeMockProvider();
InstanceDiscovery.InstanceCache.Clear();
HttpMessageHandlerFactory.AddMockHandler(MockHelpers.CreateInstanceDiscoveryMockHandler(TestConstants.GetDiscoveryEndpoint(TestConstants.DefaultAuthorityCommonTenant)));
}
public async Task AuthorityNotInInstanceCache_InstanceDiscoverCallMadeTestAsync()
{
const string content = @"{
""tenant_discovery_endpoint"":""https://login.microsoftonline.com/tenant/.well-known/openid-configuration"",
""api-version"":""1.1"",
""metadata"":[{
""preferred_network"":""login.microsoftonline.com"",
""preferred_cache"":""login.windows.net"",
""aliases"":[
""login.microsoftonline.com"",
""login.windows.net"",
""login.microsoft.com"",
""sts.windows.net""]}]}";
// creating AuthenticationContext with common Authority
var authenticationContext =
new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, false, new TokenCache());
// mock value for authentication returnedUriInput, with cloud_instance_name claim
var authReturnedUriInputMock = TestConstants.DefaultRedirectUri + "?code=some-code" + "&" +
TokenResponseClaim.CloudInstanceHost + "=" + SovereignAuthorityHost;
MockHelpers.ConfigureMockWebUI(
new AuthorizationResult(AuthorizationStatus.Success, authReturnedUriInputMock),
// validate that authorizationUri passed to WebUi contains instance_aware query parameter
new Dictionary <string, string> {
{ "instance_aware", "true" }
});
HttpMessageHandlerFactory.AddMockHandler(MockHelpers.CreateInstanceDiscoveryMockHandler(TestConstants.GetDiscoveryEndpoint(TestConstants.DefaultAuthorityCommonTenant), content));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetDiscoveryEndpoint(TestConstants.DefaultAuthorityBlackforestTenant))
{
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(content)
}
});
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityBlackforestTenant))
{
Method = HttpMethod.Post,
ResponseMessage =
MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.DefaultUniqueId,
TestConstants.DefaultDisplayableId, TestConstants.DefaultResource)
});
// Assure instance cache is empty
Assert.AreEqual(0, InstanceDiscovery.InstanceCache.Count());
await authenticationContext.AcquireTokenAsync(TestConstants.DefaultResource,
TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, _platformParameters, UserIdentifier.AnyUser, "instance_aware=true");
// make sure AT was stored in the cache with tenant specific Sovereign Authority in the key
Assert.AreEqual(1, authenticationContext.TokenCache.tokenCacheDictionary.Count);
Assert.AreEqual(_sovereignTenantSpecificAuthority,
authenticationContext.TokenCache.tokenCacheDictionary.Keys.FirstOrDefault()?.Authority);
// DE cloud authority now included in instance cache
Assert.AreEqual(5, InstanceDiscovery.InstanceCache.Count());
Assert.AreEqual(true, InstanceDiscovery.InstanceCache.Keys.Contains("login.microsoftonline.de"));
Assert.AreEqual(true, InstanceDiscovery.InstanceCache.Keys.Contains("login.windows.net"));
Assert.AreEqual(false, InstanceDiscovery.InstanceCache.Keys.Contains("login.partner.microsoftonline.cn"));
// all mocks are consumed
Assert.AreEqual(0, HttpMessageHandlerFactory.MockHandlersCount());
}
