Ejemplo n.º 1
0
        public void AddGoogleAndYahooIdentityProviders()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);
            acsNamespace
                .AddGoogleIdentityProvider()
                .AddYahooIdentityProvider();

            acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));

            Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Google"));
            Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Yahoo!"));
        }
Ejemplo n.º 2
0
        public void AddFacebookIdentityProvider()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);
            acsNamespace
                .AddFacebookIdentityProvider(
                    ip => ip
                        .AppId(facebookAppId)
                        .AppSecret(facebookAppSecret)
                );

            acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));

            Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Facebook"));
        }
Ejemplo n.º 3
0
        public void AddMyCoolWebsiteLinkedToExistingRuleGroup()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);
            acsNamespace.AddRelyingParty(
                rp => rp
                    .Name("MyCoolWebsite")
                    .RealmAddress("http://mycoolwebsite.com/")
                    .ReplyAddress("http://mycoolwebsite.com/")
                    .AllowGoogleIdentityProvider()
                    .LinkToRuleGroup("Rule Group for MyCoolWebsite Relying Party"));

            acsNamespace.SaveChanges();

            Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite"));
        }
Ejemplo n.º 4
0
        public void AddFacebookIdentityProviderWithAdditionalPermissions()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);
            acsNamespace
                .AddFacebookIdentityProvider(
                    ip => ip
                        .AppId(facebookAppId)
                        .AppSecret(facebookAppSecret)
                        .WithApplicationPermission(FacebookApplicationPermission.UserPhotos)
                        .WithApplicationPermission(FacebookApplicationPermission.PublishStream)
                );

            acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));

            Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Facebook"));
        }
Ejemplo n.º 5
0
        static void Main(string[] args)
        {
            var namespaceDesc = new AcsNamespaceDescription(
                ConfigurationManager.AppSettings["acsNamespace"],
                ConfigurationManager.AppSettings["acsUserName"],
                ConfigurationManager.AppSettings["acsPassword"]);

            var encryptionCert = new X509Certificate(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer"));
            var signingCertBytes = ReadBytesFromPfxFile(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx"));
            var temp = new X509Certificate2(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx"), "xyz");
            var startDate = temp.NotBefore.ToUniversalTime();
            var endDate = temp.NotAfter.ToUniversalTime();

            var acsNamespace = new AcsNamespace(namespaceDesc);

            acsNamespace
                .AddGoogleIdentityProvider()
                .AddYahooIdentityProvider()
                .AddServiceIdentity(
                    si => si
                        .Name("Vandelay Industries")
                        .Password("Passw0rd!"))
                .AddRelyingParty(
                    rp => rp
                        .Name("MyCoolWebsite")
                        .RealmAddress("http://mycoolwebsite.com/")
                        .ReplyAddress("http://mycoolwebsite.com/")
                        .AllowGoogleIdentityProvider()
                        .AllowWindowsLiveIdentityProvider()
                        .SamlToken()
                        .TokenLifetime(120)
                        .SigningCertificate(sc => sc.Bytes(signingCertBytes).Password("xyz").StartDate(startDate).EndDate(endDate))
                        .EncryptionCertificate(encryptionCert.GetRawCertData())
                        .RemoveRelatedRuleGroups()
                        .AddRuleGroup(rg => rg
                            .Name("Rule Group for MyCoolWebsite Relying Party")
                            .AddRule(
                                rule => rule
                                    .Description("Google Passthrough")
                                    .IfInputClaimIssuer().Is("Google")
                                    .AndInputClaimType().IsOfType(ClaimTypes.Email)
                                    .AndInputClaimValue().IsAny()
                                    .ThenOutputClaimType().ShouldBe(ClaimTypes.Name)
                                    .AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())
                            .AddRule(
                                rule => rule
                                    .Description("Yahoo! Passthrough")
                                    .IfInputClaimIssuer().Is("Yahoo!")
                                    .AndInputClaimType().IsAny()
                                    .AndInputClaimValue().IsAny()
                                    .ThenOutputClaimType().ShouldPassthroughFirstInputClaimType()
                                    .AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())
                            .AddRule(
                                rule => rule
                                    .Description("Windows Live ID rule")
                                    .IfInputClaimIssuer().Is("Windows Live ID")
                                    .AndInputClaimType().IsOfType(ClaimTypes.Email)
                                    .AndInputClaimValue().Is("*****@*****.**")
                                    .ThenOutputClaimType().ShouldBe(ClaimTypes.NameIdentifier)
                                    .AndOutputClaimValue().ShouldBe("John Doe"))
                            .AddRule(
                                rule => rule
                                    .Description("ACS rule")
                                    .IfInputClaimIssuer().IsAcs()
                                    .AndInputClaimType().IsAny()
                                    .AndInputClaimValue().IsAny()
                                    .ThenOutputClaimType().ShouldPassthroughFirstInputClaimType()
                                    .AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())));

            acsNamespace.SaveChanges(logInfo => Console.WriteLine(logInfo.Message));

            Console.ReadKey();
        }
Ejemplo n.º 6
0
        public void AddVandelayIndustriesServiceIdentityWithX509FromStore()
        {
            var acsNamespace = new AcsNamespace(namespaceDesc);
            var name = "Vandelay Industries X509";

            acsNamespace.AddServiceIdentityWithX509Certificate(
                si => si
                    .Name(name).EncryptionCertificateIdentifiedBy(thumbprint: "66e0bc68570e30fba6207b1050ac72dc5b48cf47"));

            acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));

            Assert.IsTrue(AcsHelper.CheckServiceIdentityExists(this.namespaceDesc, name));
        }
Ejemplo n.º 7
0
        public void AddVandelayIndustriesServiceIdentityWithX509FromFile()
        {
            var encryptionCert = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer");
            var acsNamespace = new AcsNamespace(namespaceDesc);
            var name = "Vandelay Industries X509";

            acsNamespace.AddServiceIdentityWithX509Certificate(
                si => si
                    .Name(name).EncryptionCertificate(encryptionCert));

            acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));

            Assert.IsTrue(AcsHelper.CheckServiceIdentityExists(this.namespaceDesc, name));
        }
Ejemplo n.º 8
0
        public void AddVandelayIndustriesServiceIdentity()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);
            acsNamespace.AddServiceIdentity(
                si => si
                    .Name("Vandelay Industries")
                    .Password("Passw0rd!"));

            acsNamespace.SaveChanges();

            Assert.IsTrue(AcsHelper.CheckServiceIdentityExists(this.namespaceDesc, "Vandelay Industries"));
        }
Ejemplo n.º 9
0
        public void AddMyCoolWebsiteRelyingPartyWithSamlTokenDetailsWithX509CertificateFromFile()
        {
            var encryptionCert = new X509Certificate(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer"));

            var acsNamespace = new AcsNamespace(this.namespaceDesc);
            acsNamespace.AddRelyingParty(
                rp => rp
                    .Name("MyCoolWebsite with X509")
                    .RealmAddress("http://mycoolwebsitewithx509.com/")
                    .ReplyAddress("http://mycoolwebsitewithx509.com/")
                    .AllowGoogleIdentityProvider()
                    .EncryptionCertificate(encryptionCert));

            acsNamespace.SaveChanges();

            Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite with X509"));
            Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite with X509", 1));
        }
Ejemplo n.º 10
0
        public void AddMyCoolWebsiteRelyingPartyWithSwtTokenDetails()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);
            acsNamespace.AddRelyingParty(
                rp => rp
                    .Name("MyCoolWebsite")
                    .RealmAddress("http://mycoolwebsite.com/")
                    .ReplyAddress("http://mycoolwebsite.com/")
                    .AllowGoogleIdentityProvider()
                    .AllowWindowsLiveIdentityProvider()
                    .SwtToken()
                    .TokenLifetime(120)
                    .SymmetricKey(Convert.FromBase64String("yMryA5VQVmMwrtuiJBfyjMnAJwoT7//fCuM6NwaHjQ1=")));

            acsNamespace.SaveChanges();

            Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite"));
            Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite", 1));
        }
Ejemplo n.º 11
0
        public void AddMyCoolWebsiteRelyingPartyWithSamlTokenDetailsWithX509CertificateFromCertificateStore()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);
            acsNamespace.AddRelyingParty(
                rp => rp
                    .Name("MyCoolWebsite with X509")
                    .RealmAddress("http://mycoolwebsitewithx509.com/")
                    .ReplyAddress("http://mycoolwebsitewithx509.com/")
                    .AllowGoogleIdentityProvider()
                    .EncryptionCertificateIdentifiedBy(thumbprint: "66e0bc68570e30fba6207b1050ac72dc5b48cf47"));

            acsNamespace.SaveChanges();

            Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite with X509"));
            Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite with X509", 1));
        }
Ejemplo n.º 12
0
        public void AddMyCoolWebsiteRelyingPartyWithSamlTokenDetails()
        {
            var encryptionCert = new X509Certificate(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer"));
            var signingCertBytes = this.ReadBytesFromPfxFile(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx"));
            var temp = new X509Certificate2(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx"), "xyz");
            var startDate = temp.NotBefore.ToUniversalTime();
            var endDate = temp.NotAfter.ToUniversalTime();

            var acsNamespace = new AcsNamespace(this.namespaceDesc);
            acsNamespace.AddRelyingParty(
                rp => rp
                    .Name("MyCoolWebsite")
                    .RealmAddress("http://mycoolwebsite.com/")
                    .ReplyAddress("http://mycoolwebsite.com/")
                    .AllowGoogleIdentityProvider()
                    .AllowWindowsLiveIdentityProvider()
                    .SamlToken()
                    .TokenLifetime(120)
                    .SigningCertificate(sc => sc.Bytes(signingCertBytes).Password("xyz").StartDate(startDate).EndDate(endDate))
                    .EncryptionCertificate(encryptionCert.GetRawCertData()));

            acsNamespace.SaveChanges();

            Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite"));
            Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite", 2));
        }
Ejemplo n.º 13
0
        public void AddMyCoolWebsiteRelyingPartyWithRuleGroupAndRules()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);

            const string MyCoolWebsite = "MyCoolWebsite";
            const string RuleGroupForMyCoolWebsiteRelyingParty = "Rule Group for MyCoolWebsite Relying Party";

            acsNamespace.AddRelyingParty(
                rp => rp
                    .Name(MyCoolWebsite)
                    .RealmAddress("http://mycoolwebsite.com/")
                    .ReplyAddress("http://mycoolwebsite.com/")
                    .AllowGoogleIdentityProvider()
                    .AllowYahooIdentityProvider()
                    .AllowWindowsLiveIdentityProvider()
                    .RemoveRelatedRuleGroups()
                    .AddRuleGroup(rg => rg
                                .Name(RuleGroupForMyCoolWebsiteRelyingParty)
                                .AddRule(
                                    rule => rule
                                        .Description("Google Passthrough")
                                        .IfInputClaimIssuer().Is("Google")
                                        .AndInputClaimType().IsOfType(ClaimTypes.Email)
                                        .AndInputClaimValue().IsAny()
                                        .ThenOutputClaimType().ShouldBe(ClaimTypes.Name)
                                        .AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())
                                .AddRule(
                                    rule => rule
                                        .Description("Yahoo! Passthrough")
                                        .IfInputClaimIssuer().Is("Yahoo!")
                                        .AndInputClaimType().IsAny()
                                        .AndInputClaimValue().IsAny()
                                        .ThenOutputClaimType().ShouldPassthroughFirstInputClaimType()
                                        .AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())
                                .AddRule(
                                    rule => rule
                                        .Description("Windows Live ID rule")
                                        .IfInputClaimIssuer().Is("Windows Live ID")
                                        .AndInputClaimType().IsOfType(ClaimTypes.Email)
                                        .AndInputClaimValue().Is("*****@*****.**")
                                        .ThenOutputClaimType().ShouldBe(ClaimTypes.NameIdentifier)
                                        .AndOutputClaimValue().ShouldBe("John Doe"))
                                .AddRule(
                                    rule => rule
                                        .Description("ACS rule")
                                        .IfInputClaimIssuer().IsAcs()
                                        .AndInputClaimType().IsAny()
                                        .AndInputClaimValue().IsAny()
                                        .ThenOutputClaimType().ShouldPassthroughFirstInputClaimType()
                                        .AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())));

            acsNamespace.SaveChanges();

            Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, MyCoolWebsite));
            Assert.IsTrue(AcsHelper.CheckRuleGroupExists(this.namespaceDesc, MyCoolWebsite, RuleGroupForMyCoolWebsiteRelyingParty));
            Assert.IsTrue(AcsHelper.CheckRuleGroupHasRules(this.namespaceDesc, MyCoolWebsite, RuleGroupForMyCoolWebsiteRelyingParty, 4));
            Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite,
                RuleGroupForMyCoolWebsiteRelyingParty, "Google Passthrough"));
            Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite,
                RuleGroupForMyCoolWebsiteRelyingParty, "Yahoo! Passthrough"));
            Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite,
                RuleGroupForMyCoolWebsiteRelyingParty, "Windows Live ID rule"));
            Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite,
                RuleGroupForMyCoolWebsiteRelyingParty, "ACS rule"));
        }
Ejemplo n.º 14
0
        public void AddMyCoolWebsiteRelyingPartyWithRuleGroup()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);
            acsNamespace.AddRelyingParty(
                rp => rp
                    .Name("MyCoolWebsite")
                    .RealmAddress("http://mycoolwebsite.com/")
                    .ReplyAddress("http://mycoolwebsite.com/")
                    .AllowGoogleIdentityProvider()
                    .AllowWindowsLiveIdentityProvider()
                    .RemoveRelatedRuleGroups()
                    .AddRuleGroup(rg => rg.Name("Rule Group for MyCoolWebsite Relying Party")));

            acsNamespace.SaveChanges();

            Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite"));
            Assert.IsTrue(AcsHelper.CheckRuleGroupExists(this.namespaceDesc, "MyCoolWebsite", "Rule Group for MyCoolWebsite Relying Party"));
        }
Ejemplo n.º 15
0
        public void AddWsFederationIdentityProvider()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);
            acsNamespace
                .AddWsFederationIdentityProvider(
                    ip => ip
                        .MetadataUri("https://login.windows.net/fluentacs.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml")
                        .DisplayName("My WS-Fed IP")
                );

            acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));

            Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "My WS-Fed IP"));
        }