public void RequireSslPrependsHttpsScheme() { MockHttpRequest.Reset(); OpenIdRelyingParty rp = TestSupport.CreateRelyingParty(null); rp.Settings.RequireSsl = true; Identifier mockId = TestSupport.GetMockIdentifier(TestSupport.Scenarios.AutoApproval, ProtocolVersion.V20, true); string noSchemeId = stripScheme(mockId); var request = rp.CreateRequest(noSchemeId, TestSupport.Realm, TestSupport.ReturnTo); Assert.IsTrue(request.ClaimedIdentifier.ToString().StartsWith("https://", StringComparison.OrdinalIgnoreCase)); }
public void DiscoverRequireSslWithSecureRedirects() { MockHttpRequest.Reset(); Identifier claimedId = TestSupport.GetMockIdentifier(TestSupport.Scenarios.AutoApproval, ProtocolVersion.V20, true); // Add a couple of chained redirect pages that lead to the claimedId. // All redirects should be secure. Uri userSuppliedUri = TestSupport.GetFullUrl("/someSecurePage", null, true); Uri secureMidpointUri = TestSupport.GetFullUrl("/secureStop", null, true); MockHttpRequest.RegisterMockRedirect(userSuppliedUri, secureMidpointUri); MockHttpRequest.RegisterMockRedirect(secureMidpointUri, new Uri(claimedId.ToString())); Identifier userSuppliedIdentifier = new UriIdentifier(userSuppliedUri, true); Assert.AreEqual(1, userSuppliedIdentifier.Discover().Count()); }
public void DiscoveryWithRedirects() { MockHttpRequest.Reset(); Identifier claimedId = TestSupport.GetMockIdentifier(TestSupport.Scenarios.AutoApproval, ProtocolVersion.V20); // Add a couple of chained redirect pages that lead to the claimedId. Uri userSuppliedUri = TestSupport.GetFullUrl("/someSecurePage", null, true); Uri insecureMidpointUri = TestSupport.GetFullUrl("/insecureStop"); MockHttpRequest.RegisterMockRedirect(userSuppliedUri, insecureMidpointUri); MockHttpRequest.RegisterMockRedirect(insecureMidpointUri, new Uri(claimedId.ToString())); // don't require secure SSL discovery for this test. Identifier userSuppliedIdentifier = new UriIdentifier(userSuppliedUri, false); Assert.AreEqual(1, userSuppliedIdentifier.Discover().Count()); }
public void DiscoverRequireSslWithInsecureRedirect() { MockHttpRequest.Reset(); Identifier claimedId = TestSupport.GetMockIdentifier(TestSupport.Scenarios.AutoApproval, ProtocolVersion.V20, true); // Add a couple of chained redirect pages that lead to the claimedId. // Include an insecure HTTP jump in those redirects to verify that // the ultimate endpoint is never found as a result of high security profile. Uri userSuppliedUri = TestSupport.GetFullUrl("/someSecurePage", null, true); Uri insecureMidpointUri = TestSupport.GetFullUrl("/insecureStop"); MockHttpRequest.RegisterMockRedirect(userSuppliedUri, insecureMidpointUri); MockHttpRequest.RegisterMockRedirect(insecureMidpointUri, new Uri(claimedId.ToString())); Identifier userSuppliedIdentifier = new UriIdentifier(userSuppliedUri, true); userSuppliedIdentifier.Discover(); }
public void UnsolicitedAssertionWithRequireSslWithoutSecureIdentityUrl() { MockHttpRequest.Reset(); Mocks.MockHttpRequest.RegisterMockRPDiscovery(); TestSupport.Scenarios scenario = TestSupport.Scenarios.AutoApproval; Identifier claimedId = TestSupport.GetMockIdentifier(scenario, ProtocolVersion.V20); Identifier localId = TestSupport.GetDelegateUrl(scenario); OpenIdProvider op = TestSupport.CreateProvider(null); IResponse assertion = op.PrepareUnsolicitedAssertion(TestSupport.Realm, claimedId, localId); var opAuthWebResponse = (Response)assertion; var opAuthResponse = (DotNetOpenId.Provider.EncodableResponse)opAuthWebResponse.EncodableMessage; var rp = TestSupport.CreateRelyingParty(TestSupport.RelyingPartyStore, opAuthResponse.RedirectUrl, opAuthResponse.EncodedFields.ToNameValueCollection()); rp.Settings.RequireSsl = true; Assert.AreEqual(AuthenticationStatus.Failed, rp.Response.Status); Assert.IsNull(rp.Response.ClaimedIdentifier); }
public void TearDown() { MockHttpRequest.Reset(); }