public async Task WsFederation_login_return_assertion_success()
{
var loginUrl = "/account/login?returnUrl=%2Fwsfederation%3Fwtrealm%3Durn%253Aowinrp%26wreply%3Dhttp%253A%252F%252Flocalhost%253A10313%252F%26wa%3Dwsignin1.0";
var response = await _client.GetAsync(loginUrl);
Assert.Equal(HttpStatusCode.Found, response.StatusCode);
var wsEndpointUrl = "/wsfederation?wtrealm=urn%3Aowinrp&wreply=http%3A%2F%2Flocalhost%3A10313%2F&wa=wsignin1.0";
Assert.Equal(wsEndpointUrl, response.Headers.Location.OriginalString);
var request = GetRequest(wsEndpointUrl, response);
var wsResponse = await _client.SendAsync(request);
Assert.Equal(HttpStatusCode.OK, wsResponse.StatusCode);
var contentAsText = await wsResponse.Content.ReadAsStringAsync();
Assert.Contains("action=\"http://localhost:10313/\"", contentAsText);
var wreturn = ExtractInBetween(contentAsText, "wresult\" value=\"", "\"");
Assert.False(wreturn.StartsWith("%EF%BB%BF")); //don't start with BOM (Byte Order Mark)
var wsMessage = new WsFederationMessage
{
Wresult = WebUtility.HtmlDecode(wreturn),
};
var tokenString = wsMessage.GetToken();
var handler = new SamlSecurityTokenHandler();
var canReadToken = handler.CanReadToken(tokenString);
Assert.True(canReadToken);
}
public async Task WsFederation_signin_request_with_wfresh_user_is_authenticated_wfresh_in_time_frame_return_assertion_success()
{
// login user
var subjectId = "user1";
var loginUrl = string.Format("/account/login?subjectId={0}", WebUtility.UrlEncode(subjectId));
var loginResponse = await _client.GetAsync(loginUrl);
var authTime = DateTime.UtcNow;
// create ws fed sigin message with wfresh=5
var wsMessage = new WsFederationMessage
{
Wa = "wsignin1.0",
IssuerAddress = "/wsfederation",
Wtrealm = "urn:owinrp",
Wreply = "http://localhost:10313/",
Wfresh = "5",
};
var signInUrl = wsMessage.CreateSignInUrl();
var request = new HttpRequestMessage(HttpMethod.Get, signInUrl);
// test server doesnt save cookies between requests,
// so we set them explicitly for the next request
request.SetCookiesFromResponse(loginResponse);
var response = await _client.SendAsync(request);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var contentAsText = await response.Content.ReadAsStringAsync();
Assert.NotEqual(String.Empty, contentAsText);
Assert.Contains("action=\"http://localhost:10313/\"", contentAsText);
// extract wreturn to use it later to check if our token is a valid token
var wreturn = ExtractInBetween(contentAsText, "wresult\" value=\"", "\"");
var wsResponseMessage = new WsFederationMessage
{
Wresult = WebUtility.HtmlDecode(wreturn),
};
var tokenString = wsResponseMessage.GetToken();
var handler = new SamlSecurityTokenHandler();
var canReadToken = handler.CanReadToken(tokenString);
Assert.True(canReadToken);
var token = handler.ReadSamlToken(tokenString);
var authStatements = token.Assertion.Statements.OfType <SamlAuthenticationStatement>();
Assert.Equal(1, authStatements.Count());
var authStatement = authStatements.First();
Assert.True(authStatement.AuthenticationInstant <= authTime.AddMinutes(5));
}
public async Task WsFederation_sigin_request_for_logged_in_user_return_assertion_success()
{
// login user
var subjectId = "user1";
var loginUrl = string.Format("/account/login?subjectId={0}", WebUtility.UrlEncode(subjectId));
var loginResponse = await _client.GetAsync(loginUrl);
Assert.Equal(HttpStatusCode.OK, loginResponse.StatusCode);
// create ws fed sign in message
var wsSignInMessage = new WsFederationMessage
{
Wa = "wsignin1.0",
IssuerAddress = "/wsfederation",
Wtrealm = "urn:owinrp",
Wreply = "http://localhost:10313/",
};
var signInUrl = wsSignInMessage.CreateSignInUrl();
var request = new HttpRequestMessage(HttpMethod.Get, signInUrl);
// test server doesnt save cookies between requests,
// so we set them explicitly for the next request
request.SetCookiesFromResponse(loginResponse);
// send ws fed sign in request
var wsResponse = await _client.SendAsync(request);
Assert.Equal(HttpStatusCode.OK, wsResponse.StatusCode);
var contentAsText = await wsResponse.Content.ReadAsStringAsync();
Assert.NotEqual(String.Empty, contentAsText);
Assert.Contains("action=\"http://localhost:10313/\"", contentAsText);
// extract wreturn to use it later to check if our token is a valid token
var wreturn = ExtractInBetween(contentAsText, "wresult\" value=\"", "\"");
Assert.False(wreturn.StartsWith("%EF%BB%BF")); //don't start with BOM (Byte Order Mark)
var wsMessage = new WsFederationMessage
{
Wresult = WebUtility.HtmlDecode(wreturn),
};
var tokenString = wsMessage.GetToken();
var handler = new SamlSecurityTokenHandler();
var canReadToken = handler.CanReadToken(tokenString);
Assert.True(canReadToken);
}
public async Task WsFederation_signin_request_with_wfresh_set_to_0_user_is_authenticated_force_resignin_return_assertion_success()
{
// login user
var subjectId = "user1";
var loginUrl = string.Format("/account/login?subjectId={0}", WebUtility.UrlEncode(subjectId));
var loginResponse = await _client.GetAsync(loginUrl);
var authTime = DateTime.UtcNow;
Thread.Sleep(3000); // TODO: bad workaround to sumulate login for 3 seconds
// create ws fed sigin message with wfresh
var wsMessage = new WsFederationMessage
{
Wa = "wsignin1.0",
IssuerAddress = "/wsfederation",
Wtrealm = "urn:owinrp",
Wreply = "http://localhost:10313/",
Wfresh = "0",
};
var uri = wsMessage.CreateSignInUrl();
var request = new HttpRequestMessage(HttpMethod.Get, uri);
// test server doesnt save cookies between requests,
// so we set them explicitly for the next request
request.SetCookiesFromResponse(loginResponse);
// make auth request, for allready logged in user
var response = await _client.SendAsync(request);
// redirect to sign in package because we enforce it with wfresh=0
Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
uri = response.Headers.Location.OriginalString + "&subjectId=" + subjectId;
request = new HttpRequestMessage(HttpMethod.Get, uri);
request.SetCookiesFromResponse(response);
// login again to satisfy wfresh=0
response = await _client.SendAsync(request);
Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
uri = response.Headers.Location.OriginalString;
request = new HttpRequestMessage(HttpMethod.Get, uri);
request.SetCookiesFromResponse(response);
// do the redirect to auth endpoint
response = await _client.SendAsync(request);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var contentAsText = await response.Content.ReadAsStringAsync();
Assert.NotEqual(String.Empty, contentAsText);
Assert.Contains("action=\"http://localhost:10313/\"", contentAsText);
// extract wreturn to use it later to check if our token is a valid token
var wreturn = ExtractInBetween(contentAsText, "wresult\" value=\"", "\"");
var wsResponseMessage = new WsFederationMessage
{
Wresult = WebUtility.HtmlDecode(wreturn),
};
var tokenString = wsResponseMessage.GetToken();
var handler = new SamlSecurityTokenHandler();
var canReadToken = handler.CanReadToken(tokenString);
Assert.True(canReadToken);
var token = handler.ReadSamlToken(tokenString);
var authStatements = token.Assertion.Statements.OfType <SamlAuthenticationStatement>();
Assert.Equal(1, authStatements.Count());
var authStatement = authStatements.First();
Assert.True(authStatement.AuthenticationInstant <= authTime.AddMinutes(5));
}