public async Task IsValidToken_WithTokenValidationParameters_NullClaims_ValidToken() { // Arrange string authority = $"http://{Util.GetRandomString(10).ToLower()}.com"; string issuer = $"http://{Util.GetRandomString(10).ToLower()}.com"; IdentityModelEventSource.ShowPII = true; int daysValid = 7; RSA rsa = new RSACryptoServiceProvider(512); string privateKey = rsa.ToCustomXmlString(true); TokenValidationParameters tokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, ValidateIssuer = true, ValidateAudience = true, ValidIssuer = issuer, ValidAudience = authority, IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(privateKey)) }; string token = CreateJwt(issuer, authority, privateKey, daysValid); // Act JwtTokenReader jwtTokenReader = new JwtTokenReader(tokenValidationParameters); bool isTokenValid = await jwtTokenReader.IsValidTokenAsync(token); // Assert Assert.True(isTokenValid); }
public void Constructor_ValidateClaimCheck_Not_In_Jwt_Claims() { // Arrange string issuer = $"http://{Util.GetRandomString(10).ToLower()}.com"; string oid = Util.GetRandomString(10); string aad = Util.GetRandomString(10); string authority = $"http://{Util.GetRandomString(10).ToLower()}.com"; int daysValid = 7; RSA rsa = new RSACryptoServiceProvider(512); string privateKey = rsa.ToCustomXmlString(true); Dictionary <string, string> claimCheck = new Dictionary <string, string> { { JwtClaimTypes.Audience, authority }, { "oid", oid }, { "uud", Guid.NewGuid().ToString() }, { "aad", aad } }; string token = CreateJwt(issuer, authority, privateKey, daysValid, claimCheck); JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); JwtSecurityToken securityToken = handler.ReadJwtToken(token); // Act JwtTokenReader jwtTokenReader = new JwtTokenReader(claimCheck); bool isValid = jwtTokenReader.ValidateClaimCheck(securityToken); // Assert Assert.False(isValid); }
public async Task IsValidToken_WithTokenValidationParametersAndClaimCheck_InvalidToken_WithException() { // Arrange TokenValidationParameters tokenValidationParameters = new TokenValidationParameters(); string issuer = Util.GetRandomString(10); string authority = Util.GetRandomString(10); int daysValid = 7; RSA rsa = new RSACryptoServiceProvider(512); string privateKey = rsa.ToCustomXmlString(true); Dictionary <string, string> claimCheck = new Dictionary <string, string> { { JwtClaimTypes.Audience, authority } }; string token = CreateJwt(issuer, authority, privateKey, daysValid, claimCheck); // Act JwtTokenReader jwtTokenReader = new JwtTokenReader(tokenValidationParameters, claimCheck); bool isTokenValid = await jwtTokenReader.IsValidTokenAsync(token); // Assert Assert.False(isTokenValid); }
public async Task GetHealthWithIncorrectBearerToken_WithAzureManagedIdentityAuthorization_ReturnsUnauthorized() { // Arrange string issuer = GenerateRandomUri(); string authority = GenerateRandomUri(); string privateKey = GenerateRandomPrivateKey(); using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_outputWriter)) { TokenValidationParameters validationParameters = testOpenIdServer.GenerateTokenValidationParametersWithValidAudience(issuer, authority, privateKey); var reader = new JwtTokenReader(validationParameters, testOpenIdServer.OpenIdAddressConfiguration); _testServer.AddFilter(filters => filters.AddJwtTokenAuthorization(options => options.JwtTokenReader = reader)); using (HttpClient client = _testServer.CreateClient()) using (var request = new HttpRequestMessage(HttpMethod.Get, HealthController.Route)) { var accessToken = $"Bearer {_bogusGenerator.Random.AlphaNumeric(10)}.{_bogusGenerator.Random.AlphaNumeric(50)}.{_bogusGenerator.Random.AlphaNumeric(40)}"; request.Headers.Add(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken); // Act using (HttpResponseMessage response = await client.SendAsync(request)) { // Assert Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); } } } }
public async Task GetHealthWithoutBearerToken_WithIncorrectAzureManagedIdentityAuthorization_ReturnsUnauthorized() { // Arrange using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_outputWriter)) { var validationParameters = new TokenValidationParameters { ValidateAudience = false, ValidateIssuer = false, ValidateIssuerSigningKey = true, ValidateLifetime = true }; var reader = new JwtTokenReader(validationParameters, testOpenIdServer.OpenIdAddressConfiguration); _testServer.AddFilter(filters => filters.AddJwtTokenAuthorization(options => options.JwtTokenReader = reader)); using (HttpClient client = _testServer.CreateClient()) using (var request = new HttpRequestMessage(HttpMethod.Get, HealthController.Route)) { // Act using (HttpResponseMessage response = await client.SendAsync(request)) { // Assert Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); } } } }
public async Task GetHealthWithCorrectBearerToken_WithLazyAzureManagedIdentityAuthorization_ReturnsOk() { // Arrange string issuer = GenerateRandomUri(); string authority = GenerateRandomUri(); string privateKey = GenerateRandomPrivateKey(); using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_outputWriter)) { TokenValidationParameters validationParameters = testOpenIdServer.GenerateTokenValidationParametersWithValidAudience(issuer, authority, privateKey); var reader = new JwtTokenReader(validationParameters, testOpenIdServer.OpenIdAddressConfiguration); _testServer.AddFilter(filters => filters.AddJwtTokenAuthorization(options => options.AddJwtTokenReader(serviceProvider => reader))); using (HttpClient client = _testServer.CreateClient()) using (var request = new HttpRequestMessage(HttpMethod.Get, HealthController.Route)) { string accessToken = testOpenIdServer.RequestSecretToken(issuer, authority, privateKey, daysValid: 7); request.Headers.Add(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken); // Act using (HttpResponseMessage response = await client.SendAsync(request)) { // Assert Assert.Equal(HttpStatusCode.OK, response.StatusCode); } } } }
public async Task GetHealthWithCorrectBearerToken_WithAzureManagedIdentityAuthorization_ReturnsOk() { // Arrange using (var testServer = new TestApiServer()) using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_outputWriter)) { TokenValidationParameters validationParameters = await testOpenIdServer.GenerateTokenValidationParametersAsync(); var reader = new JwtTokenReader(validationParameters, testOpenIdServer.OpenIdAddressConfiguration); testServer.AddFilter(filters => filters.AddJwtTokenAuthorization(options => options.JwtTokenReader = reader)); using (HttpClient client = testServer.CreateClient()) using (var request = new HttpRequestMessage(HttpMethod.Get, HealthController.Route)) { string accessToken = await testOpenIdServer.RequestAccessTokenAsync(); request.Headers.Add(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken); // Act using (HttpResponseMessage response = await client.SendAsync(request)) { // Assert Assert.Equal(HttpStatusCode.OK, response.StatusCode); } } } }
public async Task GetHealthWithCorrectBearerToken_WithAzureManagedIdentityAuthorizationAndCustomClaims_ReturnsOk() { // Arrange string issuer = $"http://{Util.GetRandomString(10).ToLower()}.com"; string authority = $"http://{Util.GetRandomString(10).ToLower()}.com"; RSA rsa = new RSACryptoServiceProvider(512); string privateKey = rsa.ToCustomXmlString(true); using (var testServer = new TestApiServer()) using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_outputWriter)) { TokenValidationParameters tokenValidationParameters = testOpenIdServer.GenerateTokenValidationParametersWithValidAudience(issuer, authority, privateKey); var reader = new JwtTokenReader(tokenValidationParameters, testOpenIdServer.OpenIdAddressConfiguration); Dictionary <string, string> claimCheck = new Dictionary <string, string> { { JwtClaimTypes.Audience, Guid.NewGuid().ToString() } }; testServer.AddFilter(filters => filters.AddJwtTokenAuthorization(options => options.JwtTokenReader = reader, claimCheck)); using (HttpClient client = testServer.CreateClient()) using (var request = new HttpRequestMessage(HttpMethod.Get, HealthController.Route)) { string accessToken = testOpenIdServer.RequestSecretToken(issuer, authority, privateKey, 7, claimCheck); request.Headers.Add(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken); // Act using (HttpResponseMessage response = await client.SendAsync(request)) { // Assert Assert.Equal(HttpStatusCode.OK, response.StatusCode); } } } }
public async Task GetHealthWithCorrectBearerToken_WithAzureManagedIdentityAuthorization_ReturnsOk() { // Arrange string issuer = _bogusGenerator.Internet.Url(); string authority = _bogusGenerator.Internet.Url(); string privateKey = GenerateRandomPrivateKey(); await using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_logger)) { var options = new TestApiServerOptions() .ConfigureServices(services => { TokenValidationParameters tokenValidationParameters = testOpenIdServer.GenerateTokenValidationParametersWithValidAudience(issuer, authority, privateKey); var reader = new JwtTokenReader(tokenValidationParameters, testOpenIdServer.OpenIdAddressConfiguration); services.AddMvc(opt => opt.Filters.AddJwtTokenAuthorization(jwt => jwt.JwtTokenReader = reader)); }); await using (var testApiServer = await TestApiServer.StartNewAsync(options, _logger)) { string accessToken = testOpenIdServer.RequestSecretToken(issuer, authority, privateKey, daysValid: 7); var request = HttpRequestBuilder .Get(HealthController.GetRoute) .WithHeader(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken); // Act using (HttpResponseMessage response = await testApiServer.SendAsync(request)) { // Assert Assert.Equal(HttpStatusCode.OK, response.StatusCode); } } } }
public void Constructor_WithTokenValidationParametersAndDiscoveryEndpoint_Succeeds() { // Arrange TokenValidationParameters tokenValidationParameters = new TokenValidationParameters(); // Act var jwtTokenReader = new JwtTokenReader(tokenValidationParameters, MicrosoftDiscoveryEndpoint); // Assert Assert.NotNull(jwtTokenReader); }
public void Constructor_WithTokenValidationParameters_Succeeds() { // Arrange var tokenValidationParameters = new TokenValidationParameters(); // Act var jwtTokenReader = new JwtTokenReader(tokenValidationParameters); // Assert Assert.NotNull(jwtTokenReader); }
public void Constructor_WithTokenValidationParametersButWithoutClaimCheck_Succeeds() { // Arrange TokenValidationParameters tokenValidationParameters = new TokenValidationParameters(); // Act JwtTokenReader jwtTokenReader = new JwtTokenReader(tokenValidationParameters); // Assert Assert.NotNull(jwtTokenReader); }
public void Constructor_WithApplicationId_Succeeds() { // Arrange string applicationId = Guid.NewGuid().ToString(); // Act var jwtTokenReader = new JwtTokenReader(applicationId); // Assert Assert.NotNull(jwtTokenReader); }
public void Constructor_WithTokenValidationParametersAndDiscoveryEndpoint_Succeeds() { // Arrange var tokenValidationParameters = new TokenValidationParameters(); string openIdConnectDiscoveryUri = "https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration"; // Act var jwtTokenReader = new JwtTokenReader(tokenValidationParameters, openIdConnectDiscoveryUri); // Assert Assert.NotNull(jwtTokenReader); }
public void Constructor_WithApplicationIdInClaimCheck_Succeeds() { // Arrange Dictionary <string, string> claimCheck = new Dictionary <string, string> { { JwtClaimTypes.Audience, Guid.NewGuid().ToString() } }; // Act JwtTokenReader jwtTokenReader = new JwtTokenReader(claimCheck); // Assert Assert.NotNull(jwtTokenReader); }
public void Constructor_WithTokenValidationParametersAndClaimCheck_Succeeds() { // Arrange TokenValidationParameters tokenValidationParameters = new TokenValidationParameters(); Dictionary <string, string> claimCheck = new Dictionary <string, string> { { JwtClaimTypes.Audience, Guid.NewGuid().ToString() } }; // Act JwtTokenReader jwtTokenReader = new JwtTokenReader(tokenValidationParameters, claimCheck); // Assert Assert.NotNull(jwtTokenReader); }
public async Task IsValidToken_WithTokenValidationParametersAndClaimCheck_InvalidClaims() { // Arrange string authority = $"http://{Util.GetRandomString(10).ToLower()}.com"; string issuer = $"http://{Util.GetRandomString(10).ToLower()}.com"; string oid = Util.GetRandomString(10); IdentityModelEventSource.ShowPII = true; int daysValid = 7; RSA rsa = new RSACryptoServiceProvider(512); string privateKey = rsa.ToCustomXmlString(true); Dictionary <string, string> claimCheck = new Dictionary <string, string> { { JwtClaimTypes.Audience, authority }, { "oid", oid }, { "uud", Guid.NewGuid().ToString() } }; TokenValidationParameters tokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, ValidateIssuer = true, ValidateAudience = true, ValidIssuer = issuer, ValidAudience = authority, IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(privateKey)) }; string token = CreateJwt(issuer, authority, privateKey, daysValid, claimCheck); // Act JwtTokenReader jwtTokenReader = new JwtTokenReader(tokenValidationParameters, claimCheck); bool isTokenValid = await jwtTokenReader.IsValidTokenAsync(token); // Assert Assert.False(isTokenValid); }
public void Constructor_WithClaimCheck_Succeeds() { // Arrange string authority = $"http://{Util.GetRandomString(10).ToLower()}.com"; string oid = Util.GetRandomString(10); string aad = Util.GetRandomString(10); TokenValidationParameters tokenValidationParameters = new TokenValidationParameters(); Dictionary <string, string> claimCheck = new Dictionary <string, string> { { JwtClaimTypes.Audience, authority }, { "oid", oid }, { "aad", aad } }; // Act var jwtTokenReader = new JwtTokenReader(tokenValidationParameters, MicrosoftDiscoveryEndpoint, claimCheck); // Assert Assert.NotNull(jwtTokenReader); }
public async Task GetHealthWithCorrectBearerToken_WithIncorrectAzureManagedIdentityAuthorization_ReturnsUnauthorized() { // Arrange string issuer = $"http://{Util.GetRandomString(10).ToLower()}.com"; string authority = $"http://{Util.GetRandomString(10).ToLower()}.com"; RSA rsa = new RSACryptoServiceProvider(512); string privateKey = rsa.ToCustomXmlString(true); using (var testServer = new TestApiServer()) using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_outputWriter)) { var validationParameters = new TokenValidationParameters { ValidateAudience = false, ValidateIssuer = false, ValidateIssuerSigningKey = true, ValidateLifetime = true }; var reader = new JwtTokenReader(validationParameters, testOpenIdServer.OpenIdAddressConfiguration); testServer.AddFilter(filters => filters.AddJwtTokenAuthorization(options => options.JwtTokenReader = reader)); using (HttpClient client = testServer.CreateClient()) using (var request = new HttpRequestMessage(HttpMethod.Get, HealthController.Route)) { string accessToken = testOpenIdServer.RequestSecretToken(issuer, authority, privateKey, 7); request.Headers.Add(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken); // Act using (HttpResponseMessage response = await client.SendAsync(request)) { // Assert Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); } } } }
public async Task GetHealthWithoutBearerToken_WithIncorrectAzureManagedIdentityAuthorization_ReturnsUnauthorized() { // Arrange await using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_logger)) { var validationParameters = new TokenValidationParameters { ValidateAudience = false, ValidateIssuer = false, ValidateIssuerSigningKey = true, ValidateLifetime = true }; var reader = new JwtTokenReader(validationParameters, testOpenIdServer.OpenIdAddressConfiguration); var options = new TestApiServerOptions() .ConfigureServices(services => { services.AddMvc(opt => { opt.Filters.AddJwtTokenAuthorization(jwt => jwt.JwtTokenReader = reader); }); }); await using (var testApiServer = await TestApiServer.StartNewAsync(options, _logger)) { var request = HttpRequestBuilder.Get(HealthController.GetRoute); // Act using (HttpResponseMessage response = await testApiServer.SendAsync(request)) { // Assert Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); } } } }