public void AcquireTokenByIntegratedWindowsAuthTest_ManagedUser()
{
// Arrange
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager);
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityHomeTenant);
AddMockHandlerDefaultUserRealmDiscovery_ManagedUser(httpManager);
var app =
new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId,
ClientApplicationBase.DefaultAuthority);
// Act
var exception = AssertException.TaskThrows <MsalClientException>(
async() => await app.AcquireTokenByIntegratedWindowsAuthAsync(
MsalTestConstants.Scope,
MsalTestConstants.User.Username)
.ConfigureAwait(false));
// Assert
Assert.AreEqual(MsalError.IntegratedWindowsAuthNotSupportedForManagedUser, exception.ErrorCode);
}
}
public async Task AcquireTokenByIntegratedWindowsAuthTest_ManagedUserAsync()
{
// Arrange
using (var httpManager = new MockHttpManager())
{
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant);
AddMockHandlerDefaultUserRealmDiscovery_ManagedUser(httpManager);
PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
.WithHttpManager(httpManager)
.WithTelemetry(new TraceTelemetryConfig())
.BuildConcrete();
// Act
MsalClientException exception = await AssertException.TaskThrowsAsync <MsalClientException>(
async() => await app
.AcquireTokenByIntegratedWindowsAuth(TestConstants.s_scope)
.WithUsername(TestConstants.s_user.Username)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false)).ConfigureAwait(false);
// Assert
Assert.AreEqual(MsalError.IntegratedWindowsAuthNotSupportedForManagedUser, exception.ErrorCode);
}
}
public async Task FederatedUsernameNullPasswordTestAsync()
{
using (var httpManager = new MockHttpManager())
{
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant);
AddMockHandlerDefaultUserRealmDiscovery(httpManager);
AddMockHandlerMex(httpManager);
// Mex does not return integrated auth endpoint (.../13/windowstransport)
httpManager.AddMockHandlerContentNotFound(HttpMethod.Post,
"https://msft.sts.microsoft.com/adfs/services/trust/13/windowstransport");
PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
.WithHttpManager(httpManager)
.WithTelemetry(new TraceTelemetryConfig())
.BuildConcrete();
SecureString str = null;
// Call acquire token
MsalClientException result = await AssertException.TaskThrowsAsync <MsalClientException>(
async() => await app.AcquireTokenByUsernamePassword(
TestConstants.s_scope,
TestConstants.s_user.Username,
str).ExecuteAsync(CancellationToken.None).ConfigureAwait(false)).ConfigureAwait(false);
// Check inner exception
Assert.AreEqual(MsalError.ParsingWsTrustResponseFailed, result.ErrorCode);
// There should be no cached entries.
Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count());
}
}
public async Task GetAuthorizationRequestUrlNoRedirectUriTestAsync()
{
using (var httpManager = new MockHttpManager())
{
httpManager.AddInstanceDiscoveryMockHandler();
var app = ConfidentialClientApplicationBuilder.Create(MsalTestConstants.ClientId)
.WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
.WithRedirectUri(MsalTestConstants.RedirectUri)
.WithClientSecret(MsalTestConstants.ClientSecret)
.WithHttpManager(httpManager)
.BuildConcrete();
httpManager.AddMockHandlerForTenantEndpointDiscovery(app.Authority);
var uri = await app
.GetAuthorizationRequestUrl(MsalTestConstants.Scope)
.WithLoginHint(MsalTestConstants.DisplayableId)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.IsNotNull(uri);
Dictionary <string, string> qp = CoreHelpers.ParseKeyValueList(uri.Query.Substring(1), '&', true, null);
ValidateCommonQueryParams(qp);
Assert.AreEqual("offline_access openid profile r1/scope1 r1/scope2", qp["scope"]);
}
}
public async Task ConfidentialClientUsingSecretNoCacheProvidedTestAsync()
{
using (var httpManager = new MockHttpManager())
{
httpManager.AddInstanceDiscoveryMockHandler();
var app = ConfidentialClientApplicationBuilder.Create(MsalTestConstants.ClientId)
.WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
.WithRedirectUri(MsalTestConstants.RedirectUri)
.WithClientSecret(MsalTestConstants.ClientSecret)
.WithHttpManager(httpManager)
.BuildConcrete();
httpManager.AddMockHandlerForTenantEndpointDiscovery(app.Authority);
httpManager.AddMockHandlerSuccessfulClientCredentialTokenResponseMessage();
var result = await app.AcquireTokenForClient(MsalTestConstants.Scope.ToArray()).ExecuteAsync(CancellationToken.None).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.IsNotNull("header.payload.signature", result.AccessToken);
Assert.AreEqual(MsalTestConstants.Scope.AsSingleString(), result.Scopes.AsSingleString());
Assert.IsNotNull(app.UserTokenCache);
Assert.IsNotNull(app.AppTokenCache);
}
}
public async Task AcquireTokenByIntegratedWindowsAuthTestAsync()
{
var ui = new MockWebUI
{
MockResult = new AuthorizationResult(
AuthorizationStatus.Success,
MsalTestConstants.AuthorityHomeTenant + "?code=some-code")
};
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager);
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityHomeTenant);
AddMockHandlerDefaultUserRealmDiscovery(httpManager);
AddMockHandlerMex(httpManager);
AddMockHandlerWsTrustWindowsTransport(httpManager);
AddMockHandlerAadSuccess(httpManager, MsalTestConstants.AuthorityHomeTenant);
var app =
new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId,
ClientApplicationBase.DefaultAuthority);
var result = await app
.AcquireTokenByIntegratedWindowsAuthAsync(MsalTestConstants.Scope, MsalTestConstants.User.Username)
.ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual("some-access-token", result.AccessToken);
Assert.IsNotNull(result.Account);
Assert.AreEqual(MsalTestConstants.DisplayableId, result.Account.Username);
}
}
public void B2CAcquireTokenWithValidateAuthorityTrueTest()
{
using (var httpManager = new MockHttpManager())
{
PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(new Uri(TestConstants.B2CLoginAuthority), true)
.WithHttpManager(httpManager)
.WithTelemetry(new TraceTelemetryConfig())
.BuildConcrete();
MsalMockHelpers.ConfigureMockWebUI(
app.ServiceBundle.PlatformProxy,
AuthorizationResult.FromUri(app.AppConfig.RedirectUri + "?code=some-code"));
httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.B2CLoginAuthority);
httpManager.AddSuccessTokenResponseMockHandlerForPost(TestConstants.B2CLoginAuthority);
AuthenticationResult result = app
.AcquireTokenInteractive(TestConstants.s_scope)
.ExecuteAsync(CancellationToken.None)
.Result;
Assert.IsNotNull(result);
Assert.IsNotNull(result.Account);
}
}
public async Task MexParsingFailsTestAsync()
{
using (var httpManager = new MockHttpManager())
{
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant);
AddMockHandlerDefaultUserRealmDiscovery(httpManager);
// MEX
httpManager.AddMockHandlerContentNotFound(HttpMethod.Get,
"https://msft.sts.microsoft.com/adfs/services/trust/mex");
PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
.WithHttpManager(httpManager)
.WithTelemetry(new TraceTelemetryConfig())
.BuildConcrete();
// Call acquire token
MsalServiceException result = await AssertException.TaskThrowsAsync <MsalServiceException>(
async() => await app.AcquireTokenByUsernamePassword(
TestConstants.s_scope,
TestConstants.s_user.Username,
_secureString).ExecuteAsync(CancellationToken.None).ConfigureAwait(false)).ConfigureAwait(false);
// Check inner exception
Assert.AreEqual("Response status code does not indicate success: 404 (NotFound).", result.Message);
// There should be no cached entries.
Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count());
}
}
private ConfidentialClientApplication CreateConfidentialClient(
IServiceBundle serviceBundle,
MockHttpManager httpManager,
ClientCredential cc,
int tokenResponses)
{
var app = new ConfidentialClientApplication(
serviceBundle,
MsalTestConstants.ClientId,
ClientApplicationBase.DefaultAuthority,
MsalTestConstants.RedirectUri,
cc,
new TokenCache(),
new TokenCache())
{
ValidateAuthority = false
};
httpManager.AddMockHandlerForTenantEndpointDiscovery(app.Authority);
for (int i = 0; i < tokenResponses; i++)
{
httpManager.AddMockHandlerSuccessfulClientCredentialTokenResponseMessage();
}
return(app);
}
private static void AddHttpMocks(TokenResponseType aadResponse, MockHttpManager httpManager, bool pca)
{
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(
pca ? TestConstants.AuthorityUtidTenant : TestConstants.AadAuthorityWithTestTenantId);
AddTokenResponse(aadResponse, httpManager);
}
private static void AddHttpMocks(TokenResponseType aadResponse, MockHttpManager httpManager)
{
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(
TestConstants.AuthorityUtidTenant);
AddTokenResponse(aadResponse, httpManager);
}
internal MockHttpMessageHandler AddMockResponseForFederatedAccounts(MockHttpManager httpManager)
{
httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant);
MockHttpMessageHandler realmDiscoveryHandler = AddMockHandlerDefaultUserRealmDiscovery(httpManager);
AddMockHandlerMex(httpManager);
AddMockHandlerWsTrustUserName(httpManager);
AddMockHandlerAadSuccess(httpManager, TestConstants.AuthorityCommonTenant);
return(realmDiscoveryHandler);
}
public async Task ForceRefreshParameterTrueTestAsync()
{
var receiver = new MyReceiver();
using (var httpManager = new MockHttpManager())
{
httpManager.AddInstanceDiscoveryMockHandler();
var app = ConfidentialClientApplicationBuilder
.Create(MsalTestConstants.ClientId)
.WithAuthority(new Uri(MsalTestConstants.AuthorityTestTenant), true)
.WithRedirectUri(MsalTestConstants.RedirectUri)
.WithClientSecret(MsalTestConstants.ClientSecret)
.WithHttpManager(httpManager)
.WithTelemetry(receiver.HandleTelemetryEvents)
.BuildConcrete();
_tokenCacheHelper.PopulateCache(app.AppTokenCacheInternal.Accessor);
httpManager.AddMockHandlerForTenantEndpointDiscovery(app.Authority);
// add mock response for successful token retrieval
const string TokenRetrievedFromNetCall = "token retrieved from network call";
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage =
MockHelpers.CreateSuccessfulClientCredentialTokenResponseMessage(TokenRetrievedFromNetCall)
});
var result = await app
.AcquireTokenForClient(MsalTestConstants.Scope)
.WithForceRefresh(true)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.AreEqual(TokenRetrievedFromNetCall, result.AccessToken);
// make sure token in Cache was updated
var accessTokens = await app.AppTokenCacheInternal.GetAllAccessTokensAsync(true).ConfigureAwait(false);
var accessTokenInCache = accessTokens
.Where(item => ScopeHelper.ScopeContains(item.ScopeSet, MsalTestConstants.Scope))
.ToList().FirstOrDefault();
Assert.AreEqual(TokenRetrievedFromNetCall, accessTokenInCache.Secret);
Assert.IsNotNull(
receiver.EventsReceived.Find(
anEvent => // Expect finding such an event
anEvent[EventBase.EventNameKey].EndsWith("api_event") &&
anEvent[ApiEvent.WasSuccessfulKey] == "true" && anEvent[MsalTelemetryBlobEventNames.ApiIdConstStrKey] == "1004"));
}
}
public async Task ConfidentialClientUsingSecretTestAsync()
{
using (var httpManager = new MockHttpManager())
{
httpManager.AddInstanceDiscoveryMockHandler();
var app = ConfidentialClientApplicationBuilder.Create(MsalTestConstants.ClientId)
.WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
.WithRedirectUri(MsalTestConstants.RedirectUri)
.WithClientSecret(MsalTestConstants.ClientSecret)
.WithHttpManager(httpManager)
.BuildConcrete();
httpManager.AddMockHandlerForTenantEndpointDiscovery(app.Authority);
httpManager.AddMockHandlerSuccessfulClientCredentialTokenResponseMessage();
var appCacheAccess = app.AppTokenCache.RecordAccess();
var userCacheAccess = app.UserTokenCache.RecordAccess();
var result = await app.AcquireTokenForClient(MsalTestConstants.Scope.ToArray()).ExecuteAsync(CancellationToken.None).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.IsNotNull("header.payload.signature", result.AccessToken);
Assert.AreEqual(MsalTestConstants.Scope.AsSingleString(), result.Scopes.AsSingleString());
// make sure user token cache is empty
Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count());
Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count());
// check app token cache count to be 1
Assert.AreEqual(1, app.AppTokenCacheInternal.Accessor.GetAllAccessTokens().Count());
Assert.AreEqual(0, app.AppTokenCacheInternal.Accessor.GetAllRefreshTokens().Count());
appCacheAccess.AssertAccessCounts(1, 1);
userCacheAccess.AssertAccessCounts(0, 0);
// call AcquireTokenForClientAsync again to get result back from the cache
result = await app.AcquireTokenForClient(MsalTestConstants.Scope.ToArray()).ExecuteAsync(CancellationToken.None).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.IsNotNull("header.payload.signature", result.AccessToken);
Assert.AreEqual(MsalTestConstants.Scope.AsSingleString(), result.Scopes.AsSingleString());
// make sure user token cache is empty
Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count());
Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count());
// check app token cache count to be 1
Assert.AreEqual(1, app.AppTokenCacheInternal.Accessor.GetAllAccessTokens().Count());
Assert.AreEqual(0, app.AppTokenCacheInternal.Accessor.GetAllRefreshTokens().Count());
appCacheAccess.AssertAccessCounts(2, 1);
userCacheAccess.AssertAccessCounts(0, 0);
}
}
public void ManagedUsernamePasswordCommonAuthorityTest()
{
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager);
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityCommonTenant);
// user realm discovery
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(
"{\"ver\":\"1.0\",\"account_type\":\"Managed\",\"domain_name\":\"id.com\"}")
},
QueryParams = new Dictionary <string, string>
{
{ "api-version", "1.0" }
}
});
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidRequestTokenResponseMessage()
});
_cache.ClientId = MsalTestConstants.ClientId;
var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId,
ClientApplicationBase.DefaultAuthority)
{
UserTokenCache = _cache
};
// Call acquire token
var result = AssertException.TaskThrows <MsalException>(
async() => await app.AcquireTokenByUsernamePasswordAsync(
MsalTestConstants.Scope,
MsalTestConstants.User.Username,
_secureString).ConfigureAwait(false));
// Check inner exception
Assert.AreEqual(CoreErrorCodes.InvalidRequest, result.ErrorCode);
// There should be no cached entries.
Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount);
}
}
public async Task UsernamePasswordInvalidClientTestAsync()
{
using (var httpManager = new MockHttpManager())
{
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant);
// user realm discovery
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(
"{\"ver\":\"1.0\",\"account_type\":\"Managed\",\"domain_name\":\"id.com\"}")
},
ExpectedQueryParams = new Dictionary <string, string>
{
{ "api-version", "1.0" }
}
});
// AAD
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token",
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidClientResponseMessage()
});
PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
.WithHttpManager(httpManager)
.WithTelemetry(new TraceTelemetryConfig())
.BuildConcrete();
// Call acquire token
MsalServiceException result = await Assert.ThrowsExceptionAsync <MsalServiceException>(
() => app.AcquireTokenByUsernamePassword(
TestConstants.s_scope,
TestConstants.s_user.Username,
_secureString).ExecuteAsync()).ConfigureAwait(false);
// Check inner exception
Assert.AreEqual(MsalError.InvalidClient, result.ErrorCode);
// There should be no cached entries.
Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count());
}
}
public void MexEndpointFailsToResolveTest()
{
var ui = new MockWebUI
{
MockResult = new AuthorizationResult(
AuthorizationStatus.Success,
MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code")
};
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager);
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant);
AddMockHandlerDefaultUserRealmDiscovery(httpManager);
// MEX
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
Url = "https://msft.sts.microsoft.com/adfs/services/trust/mex",
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(
File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("TestMex.xml"))
.Replace("<wsp:All>", " "))
}
});
_cache.ClientId = MsalTestConstants.ClientId;
var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId,
ClientApplicationBase.DefaultAuthority)
{
UserTokenCache = _cache
};
// Call acquire token, Mex parser fails
var result = AssertException.TaskThrows <MsalException>(
async() => await app.AcquireTokenByUsernamePasswordAsync(
MsalTestConstants.Scope,
MsalTestConstants.User.Username,
_secureString).ConfigureAwait(false));
// Check exception message
Assert.AreEqual("Parsing WS metadata exchange failed", result.Message);
Assert.AreEqual("parsing_ws_metadata_exchange_failed", result.ErrorCode);
// There should be no cached entries.
Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount);
}
}
private static void AddHttpMocks_BadTokenError(MockHttpManager httpManager)
{
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(
TestConstants.AuthorityUtidTenant);
var handler = new MockHttpMessageHandler()
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage(MsalError.BadToken)
};
httpManager.AddMockHandler(handler);
}
public async Task ManagedUsernamePasswordCommonAuthorityTestAsync()
{
using (var httpManager = new MockHttpManager())
{
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityCommonTenant);
// user realm discovery
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(
"{\"ver\":\"1.0\",\"account_type\":\"Managed\",\"domain_name\":\"id.com\"}")
},
ExpectedQueryParams = new Dictionary <string, string>
{
{ "api-version", "1.0" }
}
});
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidRequestTokenResponseMessage()
});
var app = PublicClientApplicationBuilder.Create(MsalTestConstants.ClientId)
.WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
.WithHttpManager(httpManager)
.BuildConcrete();
// Call acquire token
var result = await AssertException.TaskThrowsAsync <MsalServiceException>(
async() => await app.AcquireTokenByUsernamePassword(
MsalTestConstants.Scope,
MsalTestConstants.User.Username,
_secureString).ExecuteAsync(CancellationToken.None).ConfigureAwait(false)).ConfigureAwait(false);
// Check inner exception
Assert.AreEqual(MsalError.InvalidRequest, result.ErrorCode);
// There should be no cached entries.
Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count());
}
}
internal void AddMockResponseForFederatedAccounts(MockHttpManager httpManager)
{
var ui = new MockWebUI
{
MockResult = new AuthorizationResult(
AuthorizationStatus.Success,
MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code")
};
httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant);
AddMockHandlerDefaultUserRealmDiscovery(httpManager);
AddMockHandlerMex(httpManager);
AddMockHandlerWsTrustUserName(httpManager);
AddMockHandlerAadSuccess(httpManager, MsalTestConstants.AuthorityOrganizationsTenant);
}
public void FederatedUsernamePasswordCommonAuthorityTest()
{
var ui = new MockWebUI
{
MockResult = new AuthorizationResult(
AuthorizationStatus.Success,
MsalTestConstants.AuthorityCommonTenant + "?code=some-code")
};
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager);
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityCommonTenant);
AddMockHandlerDefaultUserRealmDiscovery(httpManager);
AddMockHandlerMex(httpManager);
AddMockHandlerWsTrustUserName(httpManager);
// AAD
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
Url = "https://login.microsoftonline.com/common/oauth2/v2.0/token",
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidRequestTokenResponseMessage()
});
_cache.ClientId = MsalTestConstants.ClientId;
var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId,
ClientApplicationBase.DefaultAuthority)
{
UserTokenCache = _cache
};
// Call acquire token
var result = AssertException.TaskThrows <MsalException>(
async() => await app.AcquireTokenByUsernamePasswordAsync(
MsalTestConstants.Scope,
MsalTestConstants.User.Username,
_secureString).ConfigureAwait(false));
// Check inner exception
Assert.AreEqual(CoreErrorCodes.InvalidRequest, result.ErrorCode);
// There should be no cached entries.
Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount);
}
}
public void AcquireTokenSilentScopeAndUserOverloadTenantSpecificAuthorityTest()
{
using (var httpManager = new MockHttpManager())
{
PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(new Uri(TestConstants.AuthorityGuestTenant), true)
.WithHttpManager(httpManager)
.WithTelemetry(new TraceTelemetryConfig())
.BuildConcrete();
var tokenCacheHelper = new TokenCacheHelper();
tokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor);
app.UserTokenCacheInternal.Accessor.DeleteAccessToken(
new MsalAccessTokenCacheKey(
TestConstants.ProductionPrefNetworkEnvironment,
TestConstants.Utid,
TestConstants.s_userIdentifier,
TestConstants.ClientId,
TestConstants.ScopeForAnotherResourceStr,
TestConstants.Bearer));
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityGuestTenant);
httpManager.AddMockHandler(
new MockHttpMessageHandler()
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(
TestConstants.UniqueId,
TestConstants.DisplayableId,
TestConstants.s_scope.ToArray())
});
Task <AuthenticationResult> task = app
.AcquireTokenSilent(
TestConstants.s_scope.ToArray(),
new Account(TestConstants.s_userIdentifier, TestConstants.DisplayableId, null))
.ExecuteAsync(CancellationToken.None);
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(TestConstants.DisplayableId, result.Account.Username);
Assert.AreEqual(TestConstants.s_scope.AsSingleString(), result.Scopes.AsSingleString());
}
}
public void AcquireTokenSilentServiceErrorTest()
{
using (var httpManager = new MockHttpManager())
{
PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
.WithHttpManager(httpManager)
.WithTelemetry(new TraceTelemetryConfig())
.BuildConcrete();
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityUtidTenant);
//populate cache
var tokenCacheHelper = new TokenCacheHelper();
tokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor);
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage()
});
try
{
Task <AuthenticationResult> task = app
.AcquireTokenSilent(
TestConstants.s_cacheMissScope,
new Account(TestConstants.s_userIdentifier, TestConstants.DisplayableId, null))
.WithAuthority(app.Authority)
.WithForceRefresh(false)
.ExecuteAsync(CancellationToken.None);
AuthenticationResult result = task.Result;
Assert.Fail("MsalUiRequiredException was expected");
}
catch (AggregateException ex)
{
Assert.IsNotNull(ex.InnerException);
Assert.IsTrue(ex.InnerException is MsalUiRequiredException);
var msalExc = (MsalUiRequiredException)ex.InnerException;
Assert.AreEqual(msalExc.ErrorCode, MsalError.InvalidGrantError);
}
}
}
[WorkItem(695)] // Fix for https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/695
public void AcquireTokenSilentForceRefreshTest()
{
using (var httpManager = new MockHttpManager())
{
PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
.WithHttpManager(httpManager)
.WithTelemetry(new TraceTelemetryConfig())
.BuildConcrete();
var tokenCacheHelper = new TokenCacheHelper();
tokenCacheHelper.PopulateCacheWithOneAccessToken(app.UserTokenCacheInternal.Accessor);
var cacheAccess = app.UserTokenCache.RecordAccess();
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityUtidTenant);
httpManager.AddMockHandler(
new MockHttpMessageHandler()
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(
TestConstants.UniqueId,
TestConstants.DisplayableId,
TestConstants.s_scope.ToArray())
});
Task <AuthenticationResult> task = app
.AcquireTokenSilent(
TestConstants.s_scope.ToArray(),
new Account(TestConstants.s_userIdentifier, TestConstants.DisplayableId, null))
.WithForceRefresh(true)
.ExecuteAsync(CancellationToken.None);
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(TestConstants.DisplayableId, result.Account.Username);
Assert.AreEqual(TestConstants.s_scope.ToArray().AsSingleString(), result.Scopes.AsSingleString());
Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count());
Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count());
cacheAccess.AssertAccessCounts(1, 1);
}
}
public void FederatedUsernameNullPasswordTest()
{
var ui = new MockWebUI
{
MockResult = new AuthorizationResult(
AuthorizationStatus.Success,
MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code")
};
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager);
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant);
AddMockHandlerDefaultUserRealmDiscovery(httpManager);
AddMockHandlerMex(httpManager);
// Mex does not return integrated auth endpoint (.../13/windowstransport)
httpManager.AddMockHandlerContentNotFound(HttpMethod.Post,
"https://msft.sts.microsoft.com/adfs/services/trust/13/windowstransport");
_cache.ClientId = MsalTestConstants.ClientId;
var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId,
ClientApplicationBase.DefaultAuthority)
{
UserTokenCache = _cache
};
SecureString str = null;
// Call acquire token
var result = AssertException.TaskThrows <MsalException>(
async() => await app.AcquireTokenByUsernamePasswordAsync(
MsalTestConstants.Scope,
MsalTestConstants.User.Username,
str).ConfigureAwait(false));
// Check inner exception
Assert.AreEqual(CoreErrorCodes.ParsingWsTrustResponseFailed, result.ErrorCode);
// There should be no cached entries.
Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount);
}
}
public async Task AcquireTokenByIntegratedWindowsAuthTestAsync()
{
IDictionary <string, string> extraQueryParamsAndClaims =
TestConstants.s_extraQueryParams.ToDictionary(e => e.Key, e => e.Value);
extraQueryParamsAndClaims.Add(OAuth2Parameter.Claims, TestConstants.Claims);
using (var httpManager = new MockHttpManager())
{
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant);
MockHttpMessageHandler realmDiscoveryHandler = AddMockHandlerDefaultUserRealmDiscovery(httpManager);
AddMockHandlerMex(httpManager);
AddMockHandlerWsTrustWindowsTransport(httpManager);
MockHttpMessageHandler mockTokenRequestHttpHandler = AddMockHandlerAadSuccess(httpManager, TestConstants.AuthorityCommonTenant);
mockTokenRequestHttpHandler.ExpectedQueryParams = extraQueryParamsAndClaims;
PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
.WithHttpManager(httpManager)
.WithExtraQueryParameters(TestConstants.s_extraQueryParams)
.WithTelemetry(new TraceTelemetryConfig())
.BuildConcrete();
AuthenticationResult result = await app
.AcquireTokenByIntegratedWindowsAuth(TestConstants.s_scope)
.WithClaims(TestConstants.Claims)
.WithUsername(TestConstants.s_user.Username)
.ExecuteAsync().ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual("some-access-token", result.AccessToken);
Assert.IsNotNull(result.Account);
Assert.AreEqual(TestConstants.DisplayableId, result.Account.Username);
Assert.IsNotNull(realmDiscoveryHandler.ActualRequestMessage.Headers);
StringAssert.Contains(realmDiscoveryHandler.ActualRequestMessage.Headers.ToString(), TestConstants.XClientSku,
"Client info header should contain " + TestConstants.XClientSku,
StringComparison.OrdinalIgnoreCase);
StringAssert.Contains(realmDiscoveryHandler.ActualRequestMessage.Headers.ToString(), TestConstants.XClientVer,
"Client info header should contain " + TestConstants.XClientVer,
StringComparison.OrdinalIgnoreCase);
}
}
public async Task MexEndpointFailsToResolveTestAsync()
{
using (var httpManager = new MockHttpManager())
{
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityOrganizationsTenant);
AddMockHandlerDefaultUserRealmDiscovery(httpManager);
// MEX
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedUrl = "https://msft.sts.microsoft.com/adfs/services/trust/mex",
ExpectedMethod = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(
File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("TestMex.xml"))
.Replace("<wsp:All>", " "))
}
});
PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
.WithHttpManager(httpManager)
.WithTelemetry(new TraceTelemetryConfig())
.BuildConcrete();
// Call acquire token, Mex parser fails
MsalClientException result = await AssertException.TaskThrowsAsync <MsalClientException>(
async() => await app.AcquireTokenByUsernamePassword(
TestConstants.s_scope,
TestConstants.s_user.Username,
_secureString).ExecuteAsync(CancellationToken.None).ConfigureAwait(false)).ConfigureAwait(false);
// Check exception message
Assert.AreEqual("Parsing WS metadata exchange failed", result.Message);
Assert.AreEqual("parsing_ws_metadata_exchange_failed", result.ErrorCode);
// There should be no cached entries.
Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count());
}
}
public async Task AcquireTokenByIntegratedWindowsAuthInvalidClientTestAsync()
{
IDictionary <string, string> extraQueryParamsAndClaims =
TestConstants.s_extraQueryParams.ToDictionary(e => e.Key, e => e.Value);
extraQueryParamsAndClaims.Add(OAuth2Parameter.Claims, TestConstants.Claims);
using (var httpManager = new MockHttpManager())
{
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant);
MockHttpMessageHandler realmDiscoveryHandler = AddMockHandlerDefaultUserRealmDiscovery(httpManager);
AddMockHandlerMex(httpManager);
AddMockHandlerWsTrustWindowsTransport(httpManager);
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token",
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidClientResponseMessage()
});
PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
.WithHttpManager(httpManager)
.WithExtraQueryParameters(TestConstants.s_extraQueryParams)
.WithTelemetry(new TraceTelemetryConfig())
.BuildConcrete();
MsalServiceException result = await AssertException.TaskThrowsAsync <MsalServiceException>(
async() => await app.AcquireTokenByIntegratedWindowsAuth(TestConstants.s_scope)
.WithClaims(TestConstants.Claims)
.WithUsername(TestConstants.s_user.Username)
.ExecuteAsync().ConfigureAwait(false)).ConfigureAwait(false);
// Check inner exception
Assert.AreEqual(MsalError.InvalidClient, result.ErrorCode);
// There should be no cached entries.
Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count());
}
}
[Ignore] // This B2C scenario needs some rethinking
public async Task AuthorizationCodeRequestTestAsync()
{
using (var httpManager = new MockHttpManager())
{
var app = ConfidentialClientApplicationBuilder
.Create(MsalTestConstants.ClientId)
.WithAuthority(new Uri("https://" + MsalTestConstants.ProductionPrefNetworkEnvironment + "/tfp/home/policy"), true)
.WithRedirectUri(MsalTestConstants.RedirectUri)
.WithClientSecret("secret")
.WithHttpManager(httpManager)
.BuildConcrete();
app.UserTokenCache.SetBeforeAccess(BeforeCacheAccess);
app.UserTokenCache.SetAfterAccess(AfterCacheAccess);
httpManager.AddMockHandlerForTenantEndpointDiscovery("https://" + MsalTestConstants.ProductionPrefNetworkEnvironment + "/tfp/home/policy/", "p=policy");
httpManager.AddSuccessTokenResponseMockHandlerForPost("https://" + MsalTestConstants.ProductionPrefNetworkEnvironment + "/tfp/home/policy/");
var result = await app
.AcquireTokenByAuthorizationCode(MsalTestConstants.Scope, "some-code")
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count());
Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count());
app = ConfidentialClientApplicationBuilder.Create(MsalTestConstants.ClientId)
.WithAuthority(new Uri("https://" + MsalTestConstants.ProductionPrefNetworkEnvironment + "/tfp/home/policy"), true)
.WithRedirectUri(MsalTestConstants.RedirectUri)
.WithClientSecret("secret")
.WithHttpManager(httpManager)
.BuildConcrete();
app.UserTokenCache.SetBeforeAccess(BeforeCacheAccess);
app.UserTokenCache.SetAfterAccess(AfterCacheAccess);
IEnumerable <IAccount> users = await app.GetAccountsAsync().ConfigureAwait(false);
Assert.AreEqual(1, users.Count());
}
}
public void MexParsingFailsTest()
{
var ui = new MockWebUI
{
MockResult = new AuthorizationResult(
AuthorizationStatus.Success,
MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code")
};
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager);
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant);
AddMockHandlerDefaultUserRealmDiscovery(httpManager);
// MEX
httpManager.AddMockHandlerContentNotFound(HttpMethod.Get,
"https://msft.sts.microsoft.com/adfs/services/trust/mex");
_cache.ClientId = MsalTestConstants.ClientId;
var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId,
ClientApplicationBase.DefaultAuthority)
{
UserTokenCache = _cache
};
// Call acquire token
var result = AssertException.TaskThrows <MsalException>(
async() => await app.AcquireTokenByUsernamePasswordAsync(
MsalTestConstants.Scope,
MsalTestConstants.User.Username,
_secureString).ConfigureAwait(false));
// Check inner exception
Assert.AreEqual("Response status code does not indicate success: 404 (NotFound).", result.Message);
// There should be no cached entries.
Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount);
}
}