public void SetUp() { store = new ApplicationMemoryStore(); if (!UntrustedWebRequest.WhitelistHosts.Contains("localhost")) { UntrustedWebRequest.WhitelistHosts.Add("localhost"); } }
/// <summary> /// Generates a new <see cref="OpenIdRelyingParty"/> whose direct messages /// will be automatically handled by an internal <see cref="OpenIdProvider"/> /// that uses the shared <see cref="ProviderStore"/>. /// </summary> internal static OpenIdRelyingParty CreateRelyingParty(IRelyingPartyApplicationStore store, Uri requestUrl, NameValueCollection fields) { var rp = new OpenIdRelyingParty(store, requestUrl ?? GetFullUrl(ConsumerPage), fields ?? new NameValueCollection()); if (fields == null || fields.Count == 0) { Assert.IsNull(rp.Response); } rp.DirectMessageChannel = new DirectMessageTestRedirector(ProviderStore); return(rp); }
/// <summary> /// Creates the relying party instance used to generate authentication requests. /// </summary> /// <returns>The instantiated relying party.</returns> private OpenIdRelyingParty CreateRelyingParty() { // If we're in stateful mode, first use the explicitly given one on this control if there // is one. Then try the configuration file specified one. Finally, use the default // in-memory one that's built into OpenIdRelyingParty. IRelyingPartyApplicationStore store = this.Stateless ? null : (this.CustomApplicationStore ?? DotNetOpenAuthSection.Configuration.OpenId.RelyingParty.ApplicationStore.CreateInstance(OpenIdRelyingParty.HttpApplicationStore)); var rp = new OpenIdRelyingParty(store); // Only set RequireSsl to true, as we don't want to override // a .config setting of true with false. if (this.RequireSsl) { rp.SecuritySettings.RequireSsl = true; } return(rp); }
OpenIdRelyingParty(IRelyingPartyApplicationStore store, Uri requestUrl, IDictionary <string, string> query) { // Initialize settings with defaults and config section Settings = Configuration.SecuritySettings.CreateSecuritySettings(); Settings.RequireSslChanged += new EventHandler(Settings_RequireSslChanged); this.Store = store; if (store != null) { store.ClearExpiredAssociations(); // every so often we should do this. } if (requestUrl != null) { if (query == null) { throw new ArgumentNullException("query"); } this.request = requestUrl; this.query = query; } }
/// <summary> /// Uses an RPs stored association to resign an altered message from a Provider, /// to simulate a Provider that deliberately sent a bad message in an attempt /// to thwart RP security. /// </summary> internal static void Resign(NameValueCollection nvc, IRelyingPartyApplicationStore store) { Debug.Assert(nvc != null); Debug.Assert(store != null); var dict = Util.NameValueCollectionToDictionary(nvc); Protocol protocol = Protocol.Detect(dict); Uri providerEndpoint = new Uri(nvc[protocol.openid.op_endpoint]); string assoc_handle = nvc[protocol.openid.assoc_handle]; Association assoc = store.GetAssociation(providerEndpoint, assoc_handle); Debug.Assert(assoc != null, "Association not found in RP's store. Maybe you're communicating with a hosted OP instead of the TestSupport one?"); IList <string> signed = nvc[protocol.openid.signed].Split(','); var subsetDictionary = new Dictionary <string, string>(); foreach (string signedKey in signed) { string keyName = protocol.openid.Prefix + signedKey; subsetDictionary.Add(signedKey, dict[keyName]); } nvc[protocol.openid.sig] = Convert.ToBase64String(assoc.Sign(subsetDictionary, signed)); }
internal static IAuthenticationResponse CreateRelyingPartyResponse(IRelyingPartyApplicationStore store, IResponse providerResponse, bool requireSsl) { if (providerResponse == null) { throw new ArgumentNullException("providerResponse"); } var opAuthWebResponse = (Response)providerResponse; var opAuthResponse = (EncodableResponse)opAuthWebResponse.EncodableMessage; var rp = CreateRelyingParty(store, opAuthResponse.RedirectUrl, opAuthResponse.EncodedFields.ToNameValueCollection()); rp.Settings.RequireSsl = requireSsl; // Get the response now, before trying the replay attack. The Response // property is lazily-evaluated, so the replay attack can be evaluated first // and pass, while this one that SUPPOSED to pass fails, if we don't force it now. var response = rp.Response; // Side-track to test for replay attack while we're at it. // This simulates a network sniffing user who caught the // authenticating query en route to either the user agent or // the consumer, and tries the same query to the consumer in an // attempt to spoof the identity of the authenticating user. try { Logger.Info("Attempting replay attack..."); var replayRP = CreateRelyingParty(store, opAuthResponse.RedirectUrl, opAuthResponse.EncodedFields.ToNameValueCollection()); replayRP.Settings.RequireSsl = requireSsl; Assert.AreNotEqual(AuthenticationStatus.Authenticated, replayRP.Response.Status, "Replay attack succeeded!"); } catch (OpenIdException) { // nonce already used // another way to pass } // Return the result of the initial response (not the replay attack one). return(response); }
internal static void ResetStores() { RelyingPartyStore = new ApplicationMemoryStore(); ProviderStore = new ProviderMemoryStore(); }
internal static void ResetStores() { RelyingPartyStore = new ApplicationMemoryStore(); ProviderStore = new ProviderMemoryStore(); }
static void verifyNonceUnused(IDictionary <string, string> query, ServiceEndpoint endpoint, IRelyingPartyApplicationStore store) { if (endpoint.Protocol.Version.Major < 2) { return; // nothing to validate } if (store == null) { return; // we'll pass verifying the nonce responsibility to the OP } Logger.Debug("Verifying nonce is unused..."); var nonce = new Nonce(Util.GetRequiredArg(query, endpoint.Protocol.openid.response_nonce), true); nonce.Consume(store); }
/// <summary> /// Creates the relying party instance used to generate authentication requests. /// </summary> /// <param name="store">The store to pass to the relying party constructor.</param> /// <returns>The instantiated relying party.</returns> protected virtual OpenIdRelyingParty CreateRelyingParty(IRelyingPartyApplicationStore store) { return new OpenIdRelyingParty(store); }
/// <summary> /// Generates a new <see cref="OpenIdRelyingParty"/> ready to process a /// response from an <see cref="OpenIdProvider"/>. /// </summary> internal static IAuthenticationResponse CreateRelyingPartyResponse(IRelyingPartyApplicationStore store, IResponse providerResponse) { return CreateRelyingPartyResponse(store, providerResponse, false); }
public OpenIdRelyingParty(IRelyingPartyApplicationStore store, Uri requestUrl, NameValueCollection query) : this(store, requestUrl, Util.NameValueCollectionToDictionary(query)) { }
OpenIdRelyingParty(IRelyingPartyApplicationStore store, Uri requestUrl, IDictionary<string, string> query) { // Initialize settings with defaults and config section Settings = Configuration.SecuritySettings.CreateSecuritySettings(); Settings.RequireSslChanged += new EventHandler(Settings_RequireSslChanged); this.Store = store; if (store != null) { store.ClearExpiredAssociations(); // every so often we should do this. } if (requestUrl != null) { if (query == null) throw new ArgumentNullException("query"); this.request = requestUrl; this.query = query; } }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdRelyingParty"/> class. /// </summary> /// <param name="applicationStore">The application store. If <c>null</c>, the relying party will always operate in "dumb mode".</param> public OpenIdRelyingParty(IRelyingPartyApplicationStore applicationStore) : this(applicationStore, applicationStore) { }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdRelyingParty"/> class. /// </summary> /// <param name="applicationStore">The application store. If null, the relying party will always operate in "dumb mode".</param> public OpenIdRelyingParty(IRelyingPartyApplicationStore applicationStore) : this(applicationStore, applicationStore) { }
/// <summary> /// Uses an RPs stored association to resign an altered message from a Provider, /// to simulate a Provider that deliberately sent a bad message in an attempt /// to thwart RP security. /// </summary> internal static void Resign(NameValueCollection nvc, IRelyingPartyApplicationStore store) { Debug.Assert(nvc != null); Debug.Assert(store != null); var dict = Util.NameValueCollectionToDictionary(nvc); Protocol protocol = Protocol.Detect(dict); Uri providerEndpoint = new Uri(nvc[protocol.openid.op_endpoint]); string assoc_handle = nvc[protocol.openid.assoc_handle]; Association assoc = store.GetAssociation(providerEndpoint, assoc_handle); Debug.Assert(assoc != null, "Association not found in RP's store. Maybe you're communicating with a hosted OP instead of the TestSupport one?"); IList<string> signed = nvc[protocol.openid.signed].Split(','); var subsetDictionary = new Dictionary<string, string>(); foreach (string signedKey in signed) { string keyName = protocol.openid.Prefix + signedKey; subsetDictionary.Add(signedKey, dict[keyName]); } nvc[protocol.openid.sig] = Convert.ToBase64String(assoc.Sign(subsetDictionary, signed)); }
/// <summary> /// Creates the relying party instance used to generate authentication requests. /// </summary> /// <param name="store">The store to pass to the relying party constructor.</param> /// <returns>The instantiated relying party.</returns> protected override OpenIdRelyingParty CreateRelyingParty(IRelyingPartyApplicationStore store) { return(new OpenIdAjaxRelyingParty(store)); }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdAjaxRelyingParty"/> class. /// </summary> /// <param name="applicationStore">The application store. If <c>null</c>, the relying party will always operate in "dumb mode".</param> public OpenIdAjaxRelyingParty(IRelyingPartyApplicationStore applicationStore) : base(applicationStore) { Reporting.RecordFeatureUse(this); }
public OpenIdRelyingParty(IRelyingPartyApplicationStore store, Uri requestUrl, NameValueCollection query) : this(store, requestUrl, Util.NameValueCollectionToDictionary(query)) { }
internal static OpenIdRelyingParty CreateRelyingParty(IRelyingPartyApplicationStore store, NameValueCollection fields) { return(CreateRelyingParty(store, null, fields)); }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdAjaxRelyingParty"/> class. /// </summary> /// <param name="applicationStore">The application store. If <c>null</c>, the relying party will always operate in "dumb mode".</param> public OpenIdAjaxRelyingParty(IRelyingPartyApplicationStore applicationStore) : base(applicationStore) { Reporting.RecordFeatureUse(this); }
/// <summary> /// Generates a new <see cref="OpenIdRelyingParty"/> whose direct messages /// will be automatically handled by an internal <see cref="OpenIdProvider"/> /// that uses the shared <see cref="ProviderStore"/>. /// </summary> internal static OpenIdRelyingParty CreateRelyingParty(IRelyingPartyApplicationStore store, Uri requestUrl, NameValueCollection fields) { var rp = new OpenIdRelyingParty(store, requestUrl ?? GetFullUrl(ConsumerPage), fields ?? new NameValueCollection()); if (fields == null || fields.Count == 0) { Assert.IsNull(rp.Response); } rp.DirectMessageChannel = new DirectMessageTestRedirector(ProviderStore); return rp; }
public void SetUp() { store = new ApplicationMemoryStore(); if (!UntrustedWebRequest.WhitelistHosts.Contains("localhost")) UntrustedWebRequest.WhitelistHosts.Add("localhost"); }
/// <summary> /// Generates a new <see cref="OpenIdRelyingParty"/> ready to process a /// response from an <see cref="OpenIdProvider"/>. /// </summary> internal static IAuthenticationResponse CreateRelyingPartyResponse(IRelyingPartyApplicationStore store, IResponse providerResponse) { return(CreateRelyingPartyResponse(store, providerResponse, false)); }
internal static OpenIdRelyingParty CreateRelyingParty(IRelyingPartyApplicationStore store, NameValueCollection fields) { return CreateRelyingParty(store, null, fields); }
internal static IAuthenticationResponse CreateRelyingPartyResponse(IRelyingPartyApplicationStore store, IResponse providerResponse, bool requireSsl) { if (providerResponse == null) throw new ArgumentNullException("providerResponse"); var opAuthWebResponse = (Response)providerResponse; var opAuthResponse = (EncodableResponse)opAuthWebResponse.EncodableMessage; var rp = CreateRelyingParty(store, opAuthResponse.RedirectUrl, opAuthResponse.EncodedFields.ToNameValueCollection()); rp.Settings.RequireSsl = requireSsl; // Get the response now, before trying the replay attack. The Response // property is lazily-evaluated, so the replay attack can be evaluated first // and pass, while this one that SUPPOSED to pass fails, if we don't force it now. var response = rp.Response; // Side-track to test for replay attack while we're at it. // This simulates a network sniffing user who caught the // authenticating query en route to either the user agent or // the consumer, and tries the same query to the consumer in an // attempt to spoof the identity of the authenticating user. try { Logger.Info("Attempting replay attack..."); var replayRP = CreateRelyingParty(store, opAuthResponse.RedirectUrl, opAuthResponse.EncodedFields.ToNameValueCollection()); replayRP.Settings.RequireSsl = requireSsl; Assert.AreNotEqual(AuthenticationStatus.Authenticated, replayRP.Response.Status, "Replay attack succeeded!"); } catch (OpenIdException) { // nonce already used // another way to pass } // Return the result of the initial response (not the replay attack one). return response; }