private void prepareRequest(IAuthenticationRequest request) {
// Collect the PAPE policies requested by the user.
List<string> policies = new List<string>();
foreach (ListItem item in this.papePolicies.Items) {
if (item.Selected) {
policies.Add(item.Value);
}
}
// Add the PAPE extension if any policy was requested.
var pape = new PolicyRequest();
if (policies.Count > 0) {
foreach (string policy in policies) {
pape.PreferredPolicies.Add(policy);
}
}
if (this.maxAuthTimeBox.Text.Length > 0) {
pape.MaximumAuthenticationAge = TimeSpan.FromSeconds(double.Parse(this.maxAuthTimeBox.Text));
}
if (pape.PreferredPolicies.Count > 0 || pape.MaximumAuthenticationAge.HasValue) {
request.AddExtension(pape);
}
}
/// <summary>
/// Called when an authentication request is about to be sent.
/// </summary>
/// <param name="request">The request.</param>
void IRelyingPartyBehavior.OnOutgoingAuthenticationRequest(RelyingParty.IAuthenticationRequest request) {
RelyingParty.AuthenticationRequest requestInternal = (RelyingParty.AuthenticationRequest)request;
ErrorUtilities.VerifyProtocol(string.Equals(request.Realm.Scheme, Uri.UriSchemeHttps, StringComparison.Ordinal) || DisableSslRequirement, BehaviorStrings.RealmMustBeHttps);
var pape = requestInternal.AppliedExtensions.OfType<PolicyRequest>().SingleOrDefault();
if (pape == null) {
request.AddExtension(pape = new PolicyRequest());
}
if (!pape.PreferredPolicies.Contains(AuthenticationPolicies.PrivatePersonalIdentifier)) {
pape.PreferredPolicies.Add(AuthenticationPolicies.PrivatePersonalIdentifier);
}
if (!pape.PreferredPolicies.Contains(AuthenticationPolicies.USGovernmentTrustLevel1)) {
pape.PreferredPolicies.Add(AuthenticationPolicies.USGovernmentTrustLevel1);
}
if (!AllowPersonallyIdentifiableInformation && !pape.PreferredPolicies.Contains(AuthenticationPolicies.NoPersonallyIdentifiableInformation)) {
pape.PreferredPolicies.Add(AuthenticationPolicies.NoPersonallyIdentifiableInformation);
}
if (pape.PreferredPolicies.Contains(AuthenticationPolicies.NoPersonallyIdentifiableInformation)) {
ErrorUtilities.VerifyProtocol(
(!requestInternal.AppliedExtensions.OfType<ClaimsRequest>().Any() &&
!requestInternal.AppliedExtensions.OfType<FetchRequest>().Any()),
BehaviorStrings.PiiIncludedWithNoPiiPolicy);
}
Reporting.RecordEventOccurrence(this, "RP");
}
public void AddPolicies() {
PolicyRequest resp = new PolicyRequest();
resp.PreferredPolicies.Add(AuthenticationPolicies.MultiFactor);
resp.PreferredPolicies.Add(AuthenticationPolicies.PhishingResistant);
Assert.AreEqual(2, resp.PreferredPolicies.Count);
Assert.AreEqual(AuthenticationPolicies.MultiFactor, resp.PreferredPolicies[0]);
Assert.AreEqual(AuthenticationPolicies.PhishingResistant, resp.PreferredPolicies[1]);
}
public void MaximumAuthenticationAgeTest() {
PolicyRequest req = new PolicyRequest();
req.MaximumAuthenticationAge = TimeSpan.FromHours(1);
Assert.IsNotNull(req.MaximumAuthenticationAge);
Assert.AreEqual(TimeSpan.FromHours(1), req.MaximumAuthenticationAge);
req.MaximumAuthenticationAge = null;
Assert.IsNull(req.MaximumAuthenticationAge);
}
public void AddPolicyMultipleTimes() {
// Although this isn't really the desired behavior (we'd prefer to see an
// exception thrown), since we're using a List<string> internally we can't
// expect anything better (for now). But if this is ever fixed, by all means
// change this test to expect an exception or something else.
PolicyRequest resp = new PolicyRequest();
resp.PreferredPolicies.Add(AuthenticationPolicies.MultiFactor);
resp.PreferredPolicies.Add(AuthenticationPolicies.MultiFactor);
Assert.AreEqual(2, resp.PreferredPolicies.Count);
}
public void Full() {
var request = new PolicyRequest();
request.MaximumAuthenticationAge = TimeSpan.FromMinutes(10);
request.PreferredAuthLevelTypes.Add(Constants.AssuranceLevels.NistTypeUri);
request.PreferredAuthLevelTypes.Add("customAuthLevel");
request.PreferredPolicies.Add(AuthenticationPolicies.MultiFactor);
request.PreferredPolicies.Add(AuthenticationPolicies.PhishingResistant);
var response = new PolicyResponse();
response.ActualPolicies.Add(AuthenticationPolicies.MultiFactor);
response.ActualPolicies.Add(AuthenticationPolicies.PhishingResistant);
response.AuthenticationTimeUtc = DateTime.UtcNow - TimeSpan.FromMinutes(5);
response.AssuranceLevels[Constants.AssuranceLevels.NistTypeUri] = "1";
response.AssuranceLevels["customlevel"] = "ABC";
response.NistAssuranceLevel = NistAssuranceLevel.Level2;
ExtensionTestUtilities.Roundtrip(Protocol.Default, new[] { request }, new[] { response });
}
/// <summary>
/// Determines whether the specified <see cref="T:System.Object"/> is equal to the current <see cref="T:System.Object"/>.
/// </summary>
/// <param name="obj">The <see cref="T:System.Object"/> to compare with the current <see cref="T:System.Object"/>.</param>
/// <returns>
/// true if the specified <see cref="T:System.Object"/> is equal to the current <see cref="T:System.Object"/>; otherwise, false.
/// </returns>
/// <exception cref="T:System.NullReferenceException">
/// The <paramref name="obj"/> parameter is null.
/// </exception>
public override bool Equals(object obj)
{
PolicyRequest other = obj as PolicyRequest;
if (other == null)
{
return(false);
}
if (this.MaximumAuthenticationAge != other.MaximumAuthenticationAge)
{
return(false);
}
if (this.PreferredPolicies.Count != other.PreferredPolicies.Count)
{
return(false);
}
foreach (string policy in this.PreferredPolicies)
{
if (!other.PreferredPolicies.Contains(policy))
{
return(false);
}
}
if (this.PreferredAuthLevelTypes.Count != other.PreferredAuthLevelTypes.Count)
{
return(false);
}
foreach (string authLevel in this.PreferredAuthLevelTypes)
{
if (!other.PreferredAuthLevelTypes.Contains(authLevel))
{
return(false);
}
}
return(true);
}
private void prepareRequest(IAuthenticationRequest request)
{
// Collect the PAPE policies requested by the user.
List<string> policies = new List<string>();
foreach (ListItem item in this.papePolicies.Items) {
if (item.Selected) {
policies.Add(item.Value);
}
}
// Add the PAPE extension if any policy was requested.
if (policies.Count > 0) {
var pape = new PolicyRequest();
foreach (string policy in policies) {
pape.PreferredPolicies.Add(policy);
}
request.AddExtension(pape);
}
}
public void EqualsTest() {
PolicyRequest req = new PolicyRequest();
PolicyRequest req2 = new PolicyRequest();
Assert.AreEqual(req, req2);
Assert.AreNotEqual(req, null);
Assert.AreNotEqual(null, req);
// Test PreferredPolicies list comparison
req.PreferredPolicies.Add(AuthenticationPolicies.PhishingResistant);
Assert.AreNotEqual(req, req2);
req2.PreferredPolicies.Add(AuthenticationPolicies.MultiFactor);
Assert.AreNotEqual(req, req2);
req2.PreferredPolicies.Clear();
req2.PreferredPolicies.Add(AuthenticationPolicies.PhishingResistant);
Assert.AreEqual(req, req2);
// Test PreferredPolicies list comparison when that list is not in the same order.
req.PreferredPolicies.Add(AuthenticationPolicies.MultiFactor);
Assert.AreNotEqual(req, req2);
req2.PreferredPolicies.Insert(0, AuthenticationPolicies.MultiFactor);
Assert.AreEqual(req, req2);
// Test MaximumAuthenticationAge comparison.
req.MaximumAuthenticationAge = TimeSpan.FromHours(1);
Assert.AreNotEqual(req, req2);
req2.MaximumAuthenticationAge = req.MaximumAuthenticationAge;
Assert.AreEqual(req, req2);
// Test PreferredAuthLevelTypes comparison.
req.PreferredAuthLevelTypes.Add("authlevel1");
Assert.AreNotEqual(req, req2);
req2.PreferredAuthLevelTypes.Add("authlevel2");
Assert.AreNotEqual(req, req2);
req.PreferredAuthLevelTypes.Add("authlevel2");
req2.PreferredAuthLevelTypes.Add("authlevel1");
Assert.AreEqual(req, req2);
}
public void AddAuthLevelTypes() {
PolicyRequest req = new PolicyRequest();
req.PreferredAuthLevelTypes.Add(Constants.AssuranceLevels.NistTypeUri);
Assert.AreEqual(1, req.PreferredAuthLevelTypes.Count);
Assert.IsTrue(req.PreferredAuthLevelTypes.Contains(Constants.AssuranceLevels.NistTypeUri));
}
public void Ctor() {
PolicyRequest req = new PolicyRequest();
Assert.IsNull(req.MaximumAuthenticationAge);
Assert.IsNotNull(req.PreferredPolicies);
Assert.AreEqual(0, req.PreferredPolicies.Count);
}
public void Serialize() {
PolicyRequest req = new PolicyRequest();
IMessageWithEvents reqEvents = req;
var fields = this.MessageDescriptions.GetAccessor(req);
reqEvents.OnSending();
Assert.AreEqual(1, fields.Count);
Assert.IsTrue(fields.ContainsKey("preferred_auth_policies"));
Assert.AreEqual(string.Empty, fields["preferred_auth_policies"]);
req.MaximumAuthenticationAge = TimeSpan.FromHours(1);
reqEvents.OnSending();
Assert.AreEqual(2, fields.Count);
Assert.IsTrue(fields.ContainsKey("max_auth_age"));
Assert.AreEqual(TimeSpan.FromHours(1).TotalSeconds.ToString(CultureInfo.InvariantCulture), fields["max_auth_age"]);
req.PreferredPolicies.Add("http://pol1/");
reqEvents.OnSending();
Assert.AreEqual("http://pol1/", fields["preferred_auth_policies"]);
req.PreferredPolicies.Add("http://pol2/");
reqEvents.OnSending();
Assert.AreEqual("http://pol1/ http://pol2/", fields["preferred_auth_policies"]);
req.PreferredAuthLevelTypes.Add("http://authtype1/");
reqEvents.OnSending();
Assert.AreEqual(4, fields.Count);
Assert.IsTrue(fields.ContainsKey("auth_level.ns.alias1"));
Assert.AreEqual("http://authtype1/", fields["auth_level.ns.alias1"]);
Assert.IsTrue(fields.ContainsKey("preferred_auth_level_types"));
Assert.AreEqual("alias1", fields["preferred_auth_level_types"]);
req.PreferredAuthLevelTypes.Add(Constants.AssuranceLevels.NistTypeUri);
reqEvents.OnSending();
Assert.AreEqual(5, fields.Count);
Assert.IsTrue(fields.ContainsKey("auth_level.ns.alias2"));
Assert.AreEqual("http://authtype1/", fields["auth_level.ns.alias2"]);
Assert.IsTrue(fields.ContainsKey("auth_level.ns.nist"));
Assert.AreEqual(Constants.AssuranceLevels.NistTypeUri, fields["auth_level.ns.nist"]);
Assert.AreEqual("alias2 nist", fields["preferred_auth_level_types"]);
}
public void Trivial() {
var request = new PolicyRequest();
var response = new PolicyResponse();
ExtensionTestUtilities.Roundtrip(Protocol.Default, new[] { request }, new[] { response });
}
public async Task Trivial() {
var request = new PolicyRequest();
var response = new PolicyResponse();
await this.RoundtripAsync(Protocol.Default, new[] { request }, new[] { response });
}