public async Task ChallengeCanSetUserStateThroughProperties(string userState)
{
var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("OIDCTest"));
var settings = new TestSettings(o =>
{
o.ClientId = "Test Id";
o.Authority = TestServerBuilder.DefaultAuthority;
o.StateDataFormat = stateFormat;
});
var properties = new AuthenticationProperties();
properties.Items.Add(OpenIdConnectDefaults.UserstatePropertiesKey, userState);
var server = settings.CreateTestServer(properties);
var transaction = await server.SendAsync(TestServerBuilder.TestHost + TestServerBuilder.ChallengeWithProperties);
var res = transaction.Response;
Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
Assert.NotNull(res.Headers.Location);
var values = settings.ValidateChallengeRedirect(res.Headers.Location);
var actualState = values[OpenIdConnectParameterNames.State];
var actualProperties = stateFormat.Unprotect(actualState);
Assert.Equal(userState ?? string.Empty, actualProperties.Items[OpenIdConnectDefaults.UserstatePropertiesKey]);
}
public async Task ChallengeWillUseAuthenticationPropertiesParametersAsQueryArguments()
{
var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("MicrosoftTest"));
using var host = await CreateHost(o =>
{
o.ClientId = "Test Id";
o.ClientSecret = "Test Secret";
o.StateDataFormat = stateFormat;
});
using var server = host.GetTestServer();
var transaction = await server.SendAsync("https://example.com/challenge");
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
// verify query arguments
var query = QueryHelpers.ParseQuery(transaction.Response.Headers.Location.Query);
Assert.Equal("https://graph.microsoft.com/user.read", query["scope"]);
Assert.Equal("consumers", query["domain_hint"]);
Assert.Equal("username", query["login_hint"]);
Assert.Equal("select_account", query["prompt"]);
Assert.Equal("query", query["response_mode"]);
// verify that the passed items were not serialized
var stateProperties = stateFormat.Unprotect(query["state"]);
Assert.DoesNotContain("scope", stateProperties.Items.Keys);
Assert.DoesNotContain("domain_hint", stateProperties.Items.Keys);
Assert.DoesNotContain("login_hint", stateProperties.Items.Keys);
Assert.DoesNotContain("prompt", stateProperties.Items.Keys);
Assert.DoesNotContain("response_mode", stateProperties.Items.Keys);
}
public async Task SignOutWith_Specific_RedirectUri_From_Authentication_Properites()
{
var configuration = TestServerBuilder.CreateDefaultOpenIdConnectConfiguration();
var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("OIDCTest"));
var server = TestServerBuilder.CreateServer(o =>
{
o.Authority = TestServerBuilder.DefaultAuthority;
o.StateDataFormat = stateFormat;
o.ClientId = "Test Id";
o.Configuration = configuration;
o.SignedOutRedirectUri = "https://example.com/postlogout";
});
var transaction = await server.SendAsync("https://example.com/signout_with_specific_redirect_uri");
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
var query = transaction.Response.Headers.Location.Query.Substring(1).Split('&')
.Select(each => each.Split('='))
.ToDictionary(pair => pair[0], pair => pair[1]);
string redirectUri;
Assert.True(query.TryGetValue("post_logout_redirect_uri", out redirectUri));
Assert.Equal(UrlEncoder.Default.Encode("https://example.com/signout-callback-oidc"), redirectUri, true);
string state;
Assert.True(query.TryGetValue("state", out state));
var properties = stateFormat.Unprotect(state);
Assert.Equal("http://www.example.com/specific_redirect_uri", properties.RedirectUri, true);
}
public static AuthenticationProperties GetByCorrelationId(PropertiesDataFormat stateFormat, IList <string> cookies, string correlationId, string schemeName, string correlationCookieName = ".AspNetCore.Correlation")
{
var state = correlationId;
var fullCookieValue = cookies.FirstOrDefault(x => x.StartsWith($"{correlationCookieName}.{schemeName}.{CorrelationMarker}.{state}"));
var cookieValue = GetCookieValue(fullCookieValue, state);
var stateProperties = stateFormat.Unprotect(cookieValue);
return(stateProperties);
}
public async Task OnRedirectToIdentityProviderEventCanSetState(string userState)
{
var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("OIDCTest"));
var settings = new TestSettings(opt =>
{
opt.StateDataFormat = stateFormat;
opt.ClientId = "Test Id";
opt.Authority = TestServerBuilder.DefaultAuthority;
opt.Events = new OpenIdConnectEvents()
{
OnRedirectToIdentityProvider = context =>
{
context.ProtocolMessage.State = userState;
return(Task.FromResult(0));
}
};
});
var server = settings.CreateTestServer();
var transaction = await server.SendAsync(ChallengeEndpoint);
var res = transaction.Response;
Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
Assert.NotNull(res.Headers.Location);
var values = settings.ValidateChallengeRedirect(res.Headers.Location);
var actualState = values[OpenIdConnectParameterNames.State];
var actualProperties = stateFormat.Unprotect(actualState);
if (userState != null)
{
Assert.Equal(userState, actualProperties.Items[OpenIdConnectDefaults.UserstatePropertiesKey]);
}
else
{
Assert.False(actualProperties.Items.ContainsKey(OpenIdConnectDefaults.UserstatePropertiesKey));
}
}
