public void AuthorizationSimple()
{
PvpApplicationLdapAuthorizer authorizer = new PvpApplicationLdapAuthorizer("http://test.rubicon-it.com",
@"egora1");
Assert.IsNotNull(authorizer);
Assert.IsTrue(authorizer.IsValid);
var fragment = authorizer.UserPrincipalSoapFragment;
var ns = new XmlNamespaceManager(new NameTable());
ns.AddNamespace("pvp", PvpToken.PvpTokenNamespace);
var userId = fragment.SelectSingleNode("//pvp:userId", ns);
Assert.AreEqual("*****@*****.**", userId.InnerText);
Assert.AreEqual("*****@*****.**", authorizer.Mail, "MailAddress");
Assert.AreEqual("&<>\"'ZMR-Behoerdenabfrage_(&GKZ=&1234)", authorizer.Roles, "Roles");
Assert.AreEqual("Vienna", authorizer.CostCenterId);
Assert.AreEqual("egora/Development", authorizer.ChargeCode);
Assert.AreEqual(600, authorizer.AuthorizationTimeToLive, "TimeToLive");
Assert.AreEqual(
"<role value=\"&<>"'ZMR-Behoerdenabfrage_\">\n<param>\n<key>&GKZ</key><value>&1234</value>\n</param>\n</role>",
authorizer.GetPvpToken().RoleAttribute.GetXmlPart(), "SoapRoles");
Assert.IsTrue(authorizer.GetAttributeValue(PvpAttributes.X_AUTHENTICATE_cn).EndsWith(" through formatter"));
Assert.AreEqual("1.8", authorizer.Version);
}
public void AuthorizationRecursive()
{
PvpApplicationLdapAuthorizer authorizer = new PvpApplicationLdapAuthorizer("http://testr.rubicon-it.com",
@"rubicon\egora2");
Assert.AreEqual("1.9", authorizer.Version);
Assert.IsNotNull(authorizer);
Assert.IsTrue(authorizer.IsValid);
Assert.AreEqual("*****@*****.**", authorizer.Mail, "MailAddress");
Assert.AreEqual("EineRolle;TestRolle", authorizer.Roles, "Roles");
Assert.AreEqual(
"canonical int.rubicon-it.com/Development/egora/egora Zwei",
authorizer.Ou, "with format.");
Assert.AreEqual(500, authorizer.AuthorizationTimeToLive, "TimeToLive");
string outerXml = authorizer.UserPrincipalSoapFragment.OuterXml;
Assert.IsTrue(outerXml.StartsWith("<pvpToken version=\"1.9\" xmlns=\"http://egov.gv.at/pvp1.xsd\"><authenticate><participantId>Max.Mustermann</participantId>"));
string userPrincipal = outerXml.Substring(outerXml.IndexOf("<userPrincipal>"));
Assert.IsTrue(userPrincipal.Contains("<userId>[email protected]</userId>"));
Assert.IsTrue(userPrincipal.Contains("<cn>egora Zwei</cn>"));
Assert.IsTrue(userPrincipal.Contains("<ou>canonical int.rubicon-it.com/Development/egora/egora Zwei</ou>"));
Assert.IsTrue(userPrincipal.Contains("<mail>[email protected]</mail>"));
Assert.IsTrue(userPrincipal.Contains("<tel>Wien, DW 0815</tel>"));
string authorize = outerXml.Substring(outerXml.IndexOf("<authorize>"));
Assert.IsTrue(authorize.Contains("<role value=\"TestRolle\"></role>"));
}
public void OuPathSourceTest()
{
PvpApplicationLdapAuthorizer authorizer = new PvpApplicationLdapAuthorizer("http://test.rubicon-it.com",
@"rubicon\bmi-pvp-user-1");
Assert.AreEqual("Vienna", authorizer.GetAttributeValue(PvpAttributes.COST_CENTER_ID));
}
public void OuPathFormatterTest()
{
PvpApplicationLdapAuthorizer authorizer = new PvpApplicationLdapAuthorizer("http://test.rubicon-it.com",
@"rubicon\bmi-pvp-user-1");
Assert.AreEqual("ServiceUser/egora/Development", authorizer.GetAttributeValue(PvpAttributes.CHARGE_CODE));
}
public void AdditionalAttribute()
{
PvpApplicationLdapAuthorizer authorizer = new PvpApplicationLdapAuthorizer("http://test.rubicon-it.com",
@"egora.drei");
Assert.AreEqual("egora Drei through formatter", authorizer.GetAttributeValue(PvpAttributes.X_AUTHENTICATE_cn));
}
private void GetAllUsers(string ldapBase, bool showOnlyUserWithRole)
{
List <PvpApplicationLdapAuthorizer> authorizers = new List <PvpApplicationLdapAuthorizer>();
string urls = AppConfig.WebUrls;
if (String.IsNullOrEmpty(urls))
{
urls = AppConfig.SoapUrls;
}
if (!String.IsNullOrEmpty(urls))
{
SearchResultCollection allUsers = GetUsers(UserNameFilterTextBox.Text, ldapBase);
foreach (SearchResult userResult in allUsers)
{
DirectoryEntry user = userResult.GetDirectoryEntry();
string userId = user.Properties["sAMAccountName"].Value.ToString();
PvpApplicationLdapAuthorizer authorizer = new PvpApplicationLdapAuthorizer(urls, userId);
string roles = authorizer.Roles;
if (!(showOnlyUserWithRole && String.IsNullOrEmpty(roles)))
{
authorizers.Add(authorizer);
}
}
}
authorizers.Sort(new Comparison <PvpApplicationLdapAuthorizer>(CompareAuthorizer));
AuthorizationGrid.DataSource = authorizers;
AuthorizationGrid.DataBind();
}
public void AuthorizationSimpleNoRole()
{
PvpApplicationLdapAuthorizer authorizer = new PvpApplicationLdapAuthorizer("http://testrole.rubicon-it.com",
@"rubicon\peter.grassnigg");
Assert.IsNotNull(authorizer);
Assert.IsFalse(authorizer.IsValid);
}
public void NoApplication()
{
PvpApplicationLdapAuthorizer authorizer = new PvpApplicationLdapAuthorizer("dummy", "dummy");
Assert.IsNotNull(authorizer);
Assert.IsFalse(authorizer.IsValid);
Assert.IsFalse(authorizer.IsWeb);
Assert.IsFalse(authorizer.IsSoap);
}
public void NoPvpAttribute()
{
PvpApplicationLdapAuthorizer authorizer = new PvpApplicationLdapAuthorizer("http://noattribute.test", "egora2");
Assert.IsNotNull(authorizer);
Assert.AreEqual("*****@*****.**", authorizer.Mail);
Assert.IsTrue(authorizer.IsValid);
Assert.IsTrue(authorizer.IsWeb);
Assert.IsFalse(authorizer.IsSoap);
}
public void AuthorizationSimpleMustHaveRole()
{
PvpApplicationLdapAuthorizer authorizer = new PvpApplicationLdapAuthorizer("http://testrole.rubicon-it.com",
@"rubicon\werner.kugler");
Assert.IsNotNull(authorizer);
Assert.IsNotNull(authorizer.User);
Assert.IsNotNull(authorizer.Roles);
Assert.Greater(authorizer.Roles.Length, 0);
Assert.IsTrue(authorizer.IsValid);
}
public void NoAuthorizationRecursive()
{
PvpApplicationLdapAuthorizer authorizer = new PvpApplicationLdapAuthorizer("http://testnr.rubicon-it.com",
@"egora.drei");
Assert.IsNotNull(authorizer);
Assert.IsTrue(authorizer.IsValid);
Assert.AreEqual("*****@*****.**", authorizer.Mail, "MailAddress");
Assert.IsNull(authorizer.Roles, "Roles");
Assert.AreEqual("Test", authorizer.Ou, "OU");
}
public void FixedRoleAttribute()
{
PvpApplicationLdapAuthorizer authorizer = new PvpApplicationLdapAuthorizer("https://dummy.com/fixedrole/", "egora2");
Assert.IsNotNull(authorizer);
Assert.AreEqual("*****@*****.**", authorizer.Mail);
Assert.IsTrue(authorizer.IsValid);
Assert.IsFalse(authorizer.IsWeb);
Assert.IsTrue(authorizer.IsSoap);
Assert.That(authorizer.Roles, Is.EqualTo("FixedRole(param=val)"));
var chainedToken = authorizer.GetPvpToken().GetChainedSoapFragment();
}
public CustomAuthorization GetAuthorization(string rootUrl, string userId)
{
var file = Path.Combine(Server.MapPath("~"), "ConfigurationFixed.xml");
LdapConfiguration configuration = LdapConfiguration.GetConfiguration(file);
rootUrl = rootUrl.ToLowerInvariant();
PvpApplicationLdapAuthorizer authorizer = new PvpApplicationLdapAuthorizer(rootUrl, userId, configuration);
if (!authorizer.IsValid)
{
return(CustomAuthorization.NoAuthorization);
}
CustomAuthorization auth = new CustomAuthorization();
auth.TimeToLive = authorizer.AuthorizationTimeToLive;
auth.PvpVersion = authorizer.Version;
var dummy = authorizer.GvGID;
var chainedToken = authorizer.GetPvpToken().GetChainedSoapFragment();
var token = String.Format(
@"<pvpToken version=""{0}"" xmlns=""http://egov.gv.at/pvp1.xsd"">
<authenticate>
<participantId>{1}</participantId>
<systemPrincipal>
<userId>egovstar.appserv1.intra.xyz.gv.at</userId>
<cn>Anwendung 1 Register-Interface</cn>
<gvOuId>AT:L6:4711</gvOuId>
<ou>Fachabteilung 1B Informationstechnik</ou>
<gvOuID>{2}</gvOuID>
<gvSecClass>{3}</gvSecClass>
</systemPrincipal>
</authenticate>
<authorize>
<role value=""Registerabfrage""></role>
</authorize>
{4}
</pvpToken>",
authorizer.Version,
authorizer.ParticipantID,
authorizer.GvOuID,
authorizer.GvSecClass,
chainedToken.OuterXml);
XmlDocument doc = new XmlDocument();
doc.LoadXml(token);
auth.SoapHeaderXmlFragment = doc.DocumentElement;
return(auth);
}
public CustomAuthorization GetAuthorization(string rootUrl, string userId)
{
LdapConfiguration configuration = LdapConfiguration.GetConfiguration();
rootUrl = rootUrl.ToLowerInvariant();
PvpApplicationLdapAuthorizer authorizer = new PvpApplicationLdapAuthorizer(rootUrl, userId, configuration);
if (!authorizer.IsValid)
{
return(null);
}
CustomAuthorization auth = new CustomAuthorization();
auth.TimeToLive = authorizer.AuthorizationTimeToLive;
auth.PvpVersion = authorizer.Version;
if (authorizer.IsWeb)
{
if (rootUrl.Contains("assertion"))
{
auth.SoapHeaderXmlFragment = authorizer.GetPvpToken().GetSamlAttributeStatement();
}
else
{
List <HttpHeader> headers = authorizer.GetPvpToken().GetHeaders();
auth.HttpHeaders = headers.ToArray();
}
}
else if (authorizer.IsSoap)
{
auth.SoapHeaderXmlFragment = authorizer.UserPrincipalSoapFragment;
}
else
{
auth = CustomAuthorization.NoAuthorization;
}
return(auth);
}
private int CompareAuthorizer(PvpApplicationLdapAuthorizer one, PvpApplicationLdapAuthorizer other)
{
return(String.Compare(one.CommonName, other.CommonName, StringComparison.InvariantCultureIgnoreCase));
}
