private void AddMockResponseforManagedAccounts(MockHttpManager httpManager) { // user realm discovery httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( "{\"ver\":\"1.0\",\"account_type\":\"Managed\",\"domain_name\":\"id.com\"}") }, ExpectedQueryParams = new Dictionary <string, string> { { "api-version", "1.0" } } }); }
private void AddMockHandlerDefaultUserRealmDiscovery_ManagedUser(MockHttpManager httpManager) { // user realm discovery httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( "{\"ver\":\"1.0\"," + "\"account_type\":\"Managed\"," + "\"domain_name\":\"some_domain.onmicrosoft.com\"," + "\"cloud_audience_urn\":\"urn:federation:MicrosoftOnline\"," + "\"cloud_instance_name\":\"login.microsoftonline.com\"}") } }); }
private MockHttpMessageHandler AddMockHandlerAadSuccess(MockHttpManager httpManager, string authority) { var handler = new MockHttpMessageHandler { ExpectedUrl = authority + "oauth2/v2.0/token", ExpectedMethod = HttpMethod.Post, ExpectedPostData = new Dictionary <string, string> { { "grant_type", "urn:ietf:params:oauth:grant-type:saml1_1-bearer" }, { "scope", "openid offline_access profile r1/scope1 r1/scope2" } }, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage() }; httpManager.AddMockHandler(handler); return(handler); }
private void AddMockedResponse(HttpResponseMessage responseMessage) { _httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "http://169.254.169.254/metadata/instance/compute", ExpectedRequestHeaders = new Dictionary <string, string> { { "Metadata", "true" } }, ExpectedQueryParams = new Dictionary <string, string> { { "api-version", "2020-06-01" } }, ResponseMessage = responseMessage }); }
public void AcquireTokenSilentServiceErrorTest() { using (var httpManager = new MockHttpManager()) { PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityUtidTenant); //populate cache var tokenCacheHelper = new TokenCacheHelper(); tokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor); httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage() }); try { Task <AuthenticationResult> task = app .AcquireTokenSilent( TestConstants.s_cacheMissScope, new Account(TestConstants.s_userIdentifier, TestConstants.DisplayableId, null)) .WithAuthority(app.Authority) .WithForceRefresh(false) .ExecuteAsync(CancellationToken.None); AuthenticationResult result = task.Result; Assert.Fail("MsalUiRequiredException was expected"); } catch (AggregateException ex) { Assert.IsNotNull(ex.InnerException); Assert.IsTrue(ex.InnerException is MsalUiRequiredException); var msalExc = (MsalUiRequiredException)ex.InnerException; Assert.AreEqual(msalExc.ErrorCode, MsalError.InvalidGrantError); } } }
public async Task TokensAreInterchangable_Regional_To_NonRegional_Async() { using (var httpManager = new MockHttpManager()) { httpManager.AddRegionDiscoveryMockHandler(TestConstants.Region); httpManager.AddMockHandler(CreateTokenResponseHttpHandler(true)); IConfidentialClientApplication appWithRegion = CreateCca( httpManager, ConfidentialClientApplication.AttemptRegionDiscovery); InMemoryTokenCache memoryTokenCache = new InMemoryTokenCache(); memoryTokenCache.Bind(appWithRegion.AppTokenCache); IConfidentialClientApplication appWithoutRegion = CreateCca( httpManager, null); memoryTokenCache.Bind(appWithoutRegion.AppTokenCache); AuthenticationResult result = await appWithRegion .AcquireTokenForClient(TestConstants.s_scope) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.AreEqual(TestConstants.Region, result.ApiEvent.RegionUsed); Assert.AreEqual((int)RegionSource.Imds, result.ApiEvent.RegionSource); Assert.AreEqual(null, result.ApiEvent.UserProvidedRegion); Assert.AreEqual(false, result.ApiEvent.IsValidUserProvidedRegion); Assert.AreEqual(false, result.ApiEvent.FallbackToGlobal); // when switching to non-region, token is found in the cache result = await appWithoutRegion .AcquireTokenForClient(TestConstants.s_scope) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.AreEqual(null, result.ApiEvent.RegionUsed); Assert.AreEqual((int)RegionSource.None, result.ApiEvent.RegionSource); Assert.AreEqual(null, result.ApiEvent.UserProvidedRegion); Assert.AreEqual(null, result.ApiEvent.IsValidUserProvidedRegion); Assert.AreEqual(null, result.ApiEvent.FallbackToGlobal); Assert.IsTrue(result.AuthenticationResultMetadata.TokenSource == TokenSource.Cache); } }
public async Task ManagedUsernameIncorrectPasswordAcquireTokenTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); AddMockResponseforManagedAccounts(httpManager); var str = new SecureString(); str.AppendChar('y'); str.MakeReadOnly(); httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage(), ExpectedPostDataObject = new Dictionary <string, object> { { "grant_type", "password" }, { "username", TestConstants.s_user.Username }, { "password", _secureString } } }); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); // Call acquire token MsalUiRequiredException result = await Assert.ThrowsExceptionAsync <MsalUiRequiredException>( () => app.AcquireTokenByUsernamePassword( TestConstants.s_scope, TestConstants.s_user.Username, str).ExecuteAsync(CancellationToken.None)).ConfigureAwait(false); // Check error code Assert.AreEqual(MsalError.InvalidGrantError, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); } }
[WorkItem(695)] // Fix for https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/695 public void AcquireTokenSilentForceRefreshTest() { using (var httpManager = new MockHttpManager()) { PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); var tokenCacheHelper = new TokenCacheHelper(); tokenCacheHelper.PopulateCacheWithOneAccessToken(app.UserTokenCacheInternal.Accessor); var cacheAccess = app.UserTokenCache.RecordAccess(); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityUtidTenant); httpManager.AddMockHandler( new MockHttpMessageHandler() { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage( TestConstants.UniqueId, TestConstants.DisplayableId, TestConstants.s_scope.ToArray()) }); Task <AuthenticationResult> task = app .AcquireTokenSilent( TestConstants.s_scope.ToArray(), new Account(TestConstants.s_userIdentifier, TestConstants.DisplayableId, null)) .WithForceRefresh(true) .ExecuteAsync(CancellationToken.None); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(TestConstants.DisplayableId, result.Account.Username); Assert.AreEqual(TestConstants.s_scope.ToArray().AsSingleString(), result.Scopes.AsSingleString()); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); cacheAccess.AssertAccessCounts(1, 1); } }
public async Task MexEndpointFailsToResolveTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityOrganizationsTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); // MEX httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedUrl = "https://msft.sts.microsoft.com/adfs/services/trust/mex", ExpectedMethod = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("TestMex.xml")) .Replace("<wsp:All>", " ")) } }); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); // Call acquire token, Mex parser fails MsalClientException result = await AssertException.TaskThrowsAsync <MsalClientException>( async() => await app.AcquireTokenByUsernamePassword( TestConstants.s_scope, TestConstants.s_user.Username, _secureString).ExecuteAsync(CancellationToken.None).ConfigureAwait(false)).ConfigureAwait(false); // Check exception message Assert.AreEqual("Parsing WS metadata exchange failed", result.Message); Assert.AreEqual("parsing_ws_metadata_exchange_failed", result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); } }
public void B2CLoginAuthorityCreateAuthority() { using (var httpManager = new MockHttpManager()) { var appConfig = new ApplicationConfiguration() { HttpManager = httpManager, AuthorityInfo = AuthorityInfo.FromAuthorityUri(TestConstants.B2CLoginAuthority, false) }; var serviceBundle = ServiceBundle.Create(appConfig); // add mock response for tenant endpoint discovery httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://sometenantid.b2clogin.com/tfp/sometenantid/policy/v2.0/.well-known/openid-configuration", ResponseMessage = MockHelpers.CreateSuccessResponseMessage( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("OpenidConfiguration-B2CLogin.json"))) }); Authority instance = Authority.CreateAuthority( serviceBundle, TestConstants.B2CLoginAuthority); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.B2C); var resolver = new AuthorityEndpointResolutionManager(serviceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, null, new RequestContext(serviceBundle, Guid.NewGuid())) .GetAwaiter().GetResult(); Assert.AreEqual( "https://sometenantid.b2clogin.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/policy/oauth2/v2.0/authorize", endpoints.AuthorizationEndpoint); Assert.AreEqual( "https://sometenantid.b2clogin.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/policy/oauth2/v2.0/token", endpoints.TokenEndpoint); Assert.AreEqual("https://sometenantid.b2clogin.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/v2.0/", endpoints.SelfSignedJwtAudience); } }
public async Task AcquireTokenByIntegratedWindowsAuthInvalidClientTestAsync() { IDictionary <string, string> extraQueryParamsAndClaims = TestConstants.s_extraQueryParams.ToDictionary(e => e.Key, e => e.Value); extraQueryParamsAndClaims.Add(OAuth2Parameter.Claims, TestConstants.Claims); using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant); MockHttpMessageHandler realmDiscoveryHandler = AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); AddMockHandlerWsTrustWindowsTransport(httpManager); httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token", ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidClientResponseMessage() }); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .WithExtraQueryParameters(TestConstants.s_extraQueryParams) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); MsalServiceException result = await AssertException.TaskThrowsAsync <MsalServiceException>( async() => await app.AcquireTokenByIntegratedWindowsAuth(TestConstants.s_scope) .WithClaims(TestConstants.Claims) .WithUsername(TestConstants.s_user.Username) .ExecuteAsync().ConfigureAwait(false)).ConfigureAwait(false); // Check inner exception Assert.AreEqual(MsalError.InvalidClient, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); } }
public void AcquireTokenSilentScopeAndUserOverloadTenantSpecificAuthorityTest() { using (var httpManager = new MockHttpManager()) { PublicClientApplication app = PublicClientApplicationBuilder.Create(MsalTestConstants.ClientId) .WithAuthority(new Uri(MsalTestConstants.AuthorityGuestTenant), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); _tokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor); app.UserTokenCacheInternal.Accessor.DeleteAccessToken( new MsalAccessTokenCacheKey( MsalTestConstants.ProductionPrefNetworkEnvironment, MsalTestConstants.Utid, MsalTestConstants.UserIdentifier, MsalTestConstants.ClientId, MsalTestConstants.ScopeForAnotherResourceStr)); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityGuestTenant); httpManager.AddMockHandler( new MockHttpMessageHandler() { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage( MsalTestConstants.UniqueId, MsalTestConstants.DisplayableId, MsalTestConstants.Scope.ToArray()) }); Task <AuthenticationResult> task = app .AcquireTokenSilent( MsalTestConstants.Scope.ToArray(), new Account(MsalTestConstants.UserIdentifier, MsalTestConstants.DisplayableId, null)) .ExecuteAsync(CancellationToken.None); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(MsalTestConstants.DisplayableId, result.Account.Username); Assert.AreEqual(MsalTestConstants.Scope.AsSingleString(), result.Scopes.AsSingleString()); } }
private void AddMockResponseforManagedAccounts(MockHttpManager httpManager) { httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant); // user realm discovery httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( "{\"ver\":\"1.0\",\"account_type\":\"Managed\",\"domain_name\":\"id.com\"}") }, QueryParams = new Dictionary <string, string> { { "api-version", "1.0" } } }); }
private MockHttpMessageHandler AddMockHandlerDefaultUserRealmDiscovery(MockHttpManager httpManager) { var handler = new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( "{\"ver\":\"1.0\",\"account_type\":\"federated\",\"domain_name\":\"microsoft.com\"," + "\"federation_protocol\":\"WSTrust\",\"federation_metadata_url\":" + "\"https://msft.sts.microsoft.com/adfs/services/trust/mex\"," + "\"federation_active_auth_url\":\"https://msft.sts.microsoft.com/adfs/services/trust/2005/usernamemixed\"" + ",\"cloud_instance_name\":\"login.microsoftonline.com\"}") } }; // user realm discovery httpManager.AddMockHandler(handler); return(handler); }
public void FailedValidationMissingFieldsInDrsResponseTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); //add mock failure response for on-premise DRS request httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, Url = "https://enterpriseregistration.fabrikam.com/enrollmentserver/contract", QueryParams = new Dictionary <string, string> { { "api-version", "1.0" } }, ResponseMessage = MockHelpers.CreateSuccessResponseMessage( ResourceHelper.GetTestResourceRelativePath(File.ReadAllText("drs-response-missing-field.json"))) }); Authority instance = Authority.CreateAuthority(serviceBundle, CoreTestConstants.OnPremiseAuthority, true); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityType, AuthorityType.Adfs); try { Task.Run( async() => { await instance.ResolveEndpointsAsync( CoreTestConstants.FabrikamDisplayableId, new RequestContext(null, new MsalLogger(Guid.NewGuid(), null))).ConfigureAwait(false); }).GetAwaiter().GetResult(); Assert.Fail("ResolveEndpointsAsync should have failed here"); } catch (Exception exc) { Assert.IsNotNull(exc); } } }
public void FailedValidationMissingFieldsTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); //add mock response for instance validation httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, Url = "https://login.windows.net/common/discovery/instance", QueryParams = new Dictionary <string, string> { { "api-version", "1.0" }, { "authorization_endpoint", "https://login.microsoft0nline.com/mytenant.com/oauth2/v2.0/authorize" }, }, ResponseMessage = MockHelpers.CreateSuccessResponseMessage("{}") }); var aadInstanceDiscovery = new AadInstanceDiscovery(httpManager, new TelemetryManager()); Authority instance = Authority.CreateAuthority(serviceBundle, "https://login.microsoft0nline.com/mytenant.com", true); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityType, AuthorityType.Aad); try { Task.Run( async() => { await instance.ResolveEndpointsAsync( null, new RequestContext(null, new MsalLogger(Guid.NewGuid(), null))).ConfigureAwait(false); }).GetAwaiter().GetResult(); Assert.Fail("validation should have failed here"); } catch (Exception exc) { Assert.IsNotNull(exc); } } }
public async Task AcquireTokenByIntegratedWindowsAuthTest_ManagedUser_DiscoveryFailed_ThrowsExceptionAsync() { // Arrange using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.NotFound) { Content = new StringContent( "{\"ver\":\"1.0\"," + "\"account_type\":\"Managed\"," + "\"domain_name\":\"some_domain.onmicrosoft.com\"," + "\"cloud_audience_urn\":\"urn:federation:MicrosoftOnline\"," + "\"cloud_instance_name\":\"login.microsoftonline.com\"}") } }); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .BuildConcrete(); // Act MsalServiceException exception = await AssertException.TaskThrowsAsync <MsalServiceException>( async() => await app .AcquireTokenByIntegratedWindowsAuth(TestConstants.s_scope) .WithUsername(TestConstants.s_user.Username) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false)).ConfigureAwait(false); // Assert Assert.AreEqual(MsalError.UserRealmDiscoveryFailed, exception.ErrorCode); Assert.AreEqual(HttpStatusCode.NotFound, (HttpStatusCode)exception.StatusCode); } }
public async Task AcquireTokenByIntegratedWindowsAuthTest_UnknownUserAsync() { // Arrange using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant); // user realm discovery - unknown user type httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( "{\"ver\":\"1.0\"," + "\"account_type\":\"Bogus\"}") } }); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); // Act MsalClientException exception = await AssertException.TaskThrowsAsync <MsalClientException>( async() => await app .AcquireTokenByIntegratedWindowsAuth(TestConstants.s_scope) .WithUsername(TestConstants.s_user.Username) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false)).ConfigureAwait(false); // Assert Assert.AreEqual(MsalError.UnknownUserType, exception.ErrorCode); } }
public async Task FederatedUsernamePasswordCommonAuthorityTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); AddMockHandlerWsTrustUserName(httpManager); // AAD httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token", ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidRequestTokenResponseMessage() }); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); // Call acquire token MsalServiceException result = await AssertException.TaskThrowsAsync <MsalServiceException>( async() => await app.AcquireTokenByUsernamePassword( TestConstants.s_scope, TestConstants.s_user.Username, _secureString).ExecuteAsync(CancellationToken.None).ConfigureAwait(false)).ConfigureAwait(false); // Check inner exception Assert.AreEqual(MsalError.InvalidRequest, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); } }
public async Task GetAuthorizationRequestUrlB2CTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); var app = ConfidentialClientApplicationBuilder.Create(MsalTestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithRedirectUri(MsalTestConstants.RedirectUri) .WithClientSecret(MsalTestConstants.ClientSecret) .WithHttpManager(httpManager) .BuildConcrete(); // add mock response for tenant endpoint discovery httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ResponseMessage = MockHelpers.CreateSuccessResponseMessage( File.ReadAllText( ResourceHelper.GetTestResourceRelativePath(@"OpenidConfiguration-QueryParams-B2C.json"))) }); var uri = await app .GetAuthorizationRequestUrl(MsalTestConstants.Scope) .WithLoginHint(MsalTestConstants.DisplayableId) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsNotNull(uri); Dictionary <string, string> qp = CoreHelpers.ParseKeyValueList(uri.Query.Substring(1), '&', true, null); Assert.IsNotNull(qp); Assert.AreEqual("my-policy", qp["p"]); ValidateCommonQueryParams(qp); Assert.AreEqual("offline_access openid profile r1/scope1 r1/scope2", qp["scope"]); } }
public void B2CMicrosoftOnlineCreateAuthority() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); // add mock response for tenant endpoint discovery httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, Url = "https://login.microsoftonline.com/tfp/mytenant.com/my-policy/v2.0/.well-known/openid-configuration", ResponseMessage = MockHelpers.CreateSuccessResponseMessage( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("OpenidConfiguration-B2C.json"))) }); Authority instance = Authority.CreateAuthority( serviceBundle, "https://login.microsoftonline.com/tfp/mytenant.com/my-policy/", true); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityType, AuthorityType.B2C); Task.Run( async() => { await instance.ResolveEndpointsAsync( null, new RequestContext(null, new MsalLogger(Guid.NewGuid(), null))).ConfigureAwait(false); }).GetAwaiter().GetResult(); Assert.AreEqual( "https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/my-policy/oauth2/v2.0/authorize", instance.AuthorizationEndpoint); Assert.AreEqual( "https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/my-policy/oauth2/v2.0/token", instance.TokenEndpoint); Assert.AreEqual("https://sts.windows.net/6babcaad-604b-40ac-a9d7-9fd97c0b779f/", instance.SelfSignedJwtAudience); } }
public void FailedTenantDiscoveryMissingEndpointsTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); //add mock response for tenant endpoint discovery httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, Url = "https://login.microsoftonline.in/mytenant.com/v2.0/.well-known/openid-configuration", ResponseMessage = MockHelpers.CreateSuccessResponseMessage( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("OpenidConfiguration-MissingFields.json"))) }); var aadInstanceDiscovery = new AadInstanceDiscovery(httpManager, new TelemetryManager()); Authority instance = Authority.CreateAuthority(serviceBundle, "https://login.microsoftonline.in/mytenant.com", false); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityType, AuthorityType.Aad); try { Task.Run( async() => { await instance.ResolveEndpointsAsync( null, new RequestContext(null, new MsalLogger(Guid.NewGuid(), null))).ConfigureAwait(false); }).GetAwaiter().GetResult(); Assert.Fail("validation should have failed here"); } catch (MsalClientException exc) { Assert.AreEqual(CoreErrorCodes.TenantDiscoveryFailedError, exc.ErrorCode); } } }
public async Task JsonWebTokenWithX509PublicCertSendCertificateOnBehalfOfTestAsync() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); SetupMocks(httpManager); var certificate = new X509Certificate2( ResourceHelper.GetTestResourceRelativePath("valid_cert.pfx"), MsalTestConstants.DefaultPassword); var clientAssertion = new ClientAssertionCertificate(certificate); var clientCredential = new ClientCredential(clientAssertion); var app = new ConfidentialClientApplication( serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority, MsalTestConstants.RedirectUri, clientCredential, _cache, _cache) { ValidateAuthority = false }; var userAssertion = new UserAssertion(MsalTestConstants.DefaultAccessToken); //Check for x5c claim httpManager.AddMockHandler(X5CMockHandler); AuthenticationResult result = await(app as IConfidentialClientApplicationWithCertificate).AcquireTokenOnBehalfOfWithCertificateAsync( MsalTestConstants.Scope, userAssertion).ConfigureAwait(false); Assert.IsNotNull(result.AccessToken); result = await app.AcquireTokenOnBehalfOfAsync(MsalTestConstants.Scope, userAssertion).ConfigureAwait(false); Assert.IsNotNull(result.AccessToken); } }
public async Task ManagedUsernameSecureStringPasswordAcquireTokenTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); AddMockResponseforManagedAccounts(httpManager); httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(), ExpectedPostDataObject = new Dictionary <string, object> { { "grant_type", "password" }, { "username", TestConstants.s_user.Username }, { "password", _secureString } } }); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); AuthenticationResult result = await app.AcquireTokenByUsernamePassword( TestConstants.s_scope, TestConstants.s_user.Username, _secureString).ExecuteAsync(CancellationToken.None).ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); Assert.IsNotNull(result.Account); Assert.AreEqual(TestConstants.s_user.Username, result.Account.Username); } }
public void AcquireTokenByIntegratedWindowsAuthTest_UnknownUser() { // Arrange using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityHomeTenant); // user realm discovery - unknown user type httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( "{\"ver\":\"1.0\"," + "\"account_type\":\"Bogus\"}") } }); var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority); // Act var exception = AssertException.TaskThrows <MsalClientException>( async() => await app.AcquireTokenByIntegratedWindowsAuthAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username) .ConfigureAwait(false)); // Assert Assert.AreEqual(MsalError.UnknownUserType, exception.ErrorCode); } }
public async Task ManagedUsernameSecureStringPasswordAcquireTokenTestAsync() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); AddMockResponseforManagedAccounts(httpManager); httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(), PostDataObject = new Dictionary <string, object> { { "grant_type", "password" }, { "username", MsalTestConstants.User.Username }, { "password", _secureString } } }); var app = new PublicClientApplication( serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority); var result = await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, _secureString).ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); Assert.IsNotNull(result.Account); Assert.AreEqual(MsalTestConstants.User.Username, result.Account.Username); } }
public async Task TokensAreInterchangable_NonRegional_To_Regional_Async() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandler(CreateTokenResponseHttpHandler(false)); IConfidentialClientApplication appWithRegion = CreateCca( httpManager, ConfidentialClientApplication.AttemptRegionDiscovery); InMemoryTokenCache memoryTokenCache = new InMemoryTokenCache(); memoryTokenCache.Bind(appWithRegion.AppTokenCache); IConfidentialClientApplication appWithoutRegion = CreateCca( httpManager, null); memoryTokenCache.Bind(appWithoutRegion.AppTokenCache); AuthenticationResult result = await appWithoutRegion .AcquireTokenForClient(TestConstants.s_scope) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsTrue(result.AuthenticationResultMetadata.TokenSource == TokenSource.IdentityProvider); httpManager.AddRegionDiscoveryMockHandler("uscentral"); // when switching to non-region, token is found in the cache result = await appWithRegion .AcquireTokenForClient(TestConstants.s_scope) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsTrue(result.AuthenticationResultMetadata.TokenSource == TokenSource.Cache); } }
public async Task UserRegion_DiscoveryHappensOnce_Async() { using (var httpManager = new MockHttpManager()) { httpManager.AddRegionDiscoveryMockHandler(TestConstants.Region); httpManager.AddMockHandler(CreateTokenResponseHttpHandler(true)); IConfidentialClientApplication app = CreateCca( httpManager, TestConstants.Region); AuthenticationResult result = await app .AcquireTokenForClient(TestConstants.s_scope) .ExecuteAsync() .ConfigureAwait(false); Assert.AreEqual(TestConstants.Region, result.ApiEvent.RegionUsed); Assert.AreEqual(RegionAutodetectionSource.Imds, result.ApiEvent.RegionAutodetectionSource); Assert.AreEqual(RegionOutcome.UserProvidedValid, result.ApiEvent.RegionOutcome); Assert.AreEqual(null, result.AuthenticationResultMetadata.RegionDetails.AutoDetectionError); Assert.AreEqual(TestConstants.Region, result.AuthenticationResultMetadata.RegionDetails.RegionUsed); Assert.AreEqual(RegionOutcome.UserProvidedValid, result.AuthenticationResultMetadata.RegionDetails.RegionOutcome); Assert.IsTrue(result.AuthenticationResultMetadata.TokenSource == TokenSource.IdentityProvider); result = await app .AcquireTokenForClient(TestConstants.s_scope) .ExecuteAsync() .ConfigureAwait(false); Assert.IsTrue(result.AuthenticationResultMetadata.TokenSource == TokenSource.Cache); Assert.AreEqual(null, result.AuthenticationResultMetadata.RegionDetails.AutoDetectionError); Assert.AreEqual(TestConstants.Region, result.AuthenticationResultMetadata.RegionDetails.RegionUsed); Assert.AreEqual(RegionOutcome.UserProvidedValid, result.AuthenticationResultMetadata.RegionDetails.RegionOutcome); } }
public async Task DstsClientCredentialSuccessfulTestAsync(string authority) { using (var httpManager = new MockHttpManager()) { IConfidentialClientApplication app = ConfidentialClientApplicationBuilder .Create(TestConstants.ClientId) .WithHttpManager(httpManager) .WithAuthority(authority) .WithClientSecret(TestConstants.ClientSecret) .Build(); Assert.AreEqual(authority + "/", app.Authority); var confidentailClientApp = (ConfidentialClientApplication)app; Assert.AreEqual(AuthorityType.Dsts, confidentailClientApp.AuthorityInfo.AuthorityType); httpManager.AddMockHandler(CreateTokenResponseHttpHandler(authority)); AuthenticationResult result = await app .AcquireTokenForClient(TestConstants.s_scope) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsNotNull(result); Assert.IsNotNull(result.AccessToken); Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource); result = await app .AcquireTokenForClient(TestConstants.s_scope) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsNotNull(result); Assert.IsNotNull(result.AccessToken); Assert.AreEqual(TokenSource.Cache, result.AuthenticationResultMetadata.TokenSource); } }
// Test for https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2514 public async Task AuthorityValidationHappensOnNonRegionalAuthorityAsync() { using (var httpManager = new MockHttpManager()) { var handler = new MockHttpMessageHandler() { ExpectedUrl = "https://login.microsoftonline.com/common/discovery/instance", ExpectedMethod = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.BadRequest) { Content = new StringContent(TestConstants.DiscoveryFailedResponse) } }; httpManager.AddMockHandler(handler); var app = ConfidentialClientApplicationBuilder .Create(TestConstants.ClientId) .WithAuthority("https://invalid.com/common") .WithRedirectUri(TestConstants.RedirectUri) .WithHttpManager(httpManager) .WithClientSecret(TestConstants.ClientSecret) .Build(); // Act var ex = await AssertException.TaskThrowsAsync <MsalServiceException>(() => app .AcquireTokenForClient(TestConstants.s_scope) .ExecuteAsync()) .ConfigureAwait(false); // Assert Assert.AreEqual(MsalError.InvalidInstance, ex.ErrorCode); var qp = CoreHelpers.ParseKeyValueList(handler.ActualRequestMessage.RequestUri.Query.Substring(1), '&', true, null); Assert.AreEqual("https://invalid.com/common/oauth2/v2.0/authorize", qp["authorization_endpoint"]); } }