public void SoapRequestExpiredTest() { // Arrange _fiddlerApplicationOnBeforeRequest = delegate(Session oS) { // Only act on requests to WSP if (WspHostName != oS.hostname) { return; } Thread.Sleep(_wait); }; FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest; var client = new HelloWorldClient(); var channelWithIssuedToken = client.ChannelFactory.CreateChannelWithIssuedToken(_stsTokenService.GetToken()); // Act try { channelWithIssuedToken.HelloSign("Schultz"); Assert.IsTrue(false, "Expected exception was not thrown!!!"); } catch (MessageSecurityException mse) { // Assert var fe = mse.InnerException as FaultException; Assert.IsNotNull(fe, "Expected inner fault exception"); Assert.AreEqual("An error occurred when verifying security for the message.", fe.Message); } }
public void OioWsTrustRequestFailDueToBodyTamperingTest() { // Arrange IStsTokenService stsTokenService = new StsTokenService( TokenServiceConfigurationFactory.CreateConfiguration() ); _fiddlerApplicationOnBeforeRequest = delegate(Session oS) { // Only act on requests to WSP if (StsHostName != oS.hostname) { return; } oS.utilReplaceInRequest("<trust:Lifetime>", "<trust:Lifetime testAttribute=\"Tampered\">"); }; FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest; // Act try { stsTokenService.GetToken(); Assert.IsTrue(false, "Expected exception was not thrown!!!"); } catch (FaultException fe) { // Assert Assert.AreEqual("Authentication failed", fe.Message); } }
public void SoapRequestFailDueToHeaderToTamperingTest() { // Arrange _fiddlerApplicationOnBeforeRequest = delegate(Session oS) { // Only act on requests to WSP if (WspHostName != oS.hostname) { return; } oS.utilReplaceInRequest("https://digst.oioidws.wsp:9090/HelloWorld</a:To>", "https://digst.oioidws.wsp:9090/HelloWorldTampered</a:To>"); }; FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest; // Act var client = new HelloWorldClient(); var channelWithIssuedToken = client.ChannelFactory.CreateChannelWithIssuedToken(_stsTokenService.GetToken()); try { channelWithIssuedToken.HelloSign("Schultz"); Assert.IsTrue(false, "Expected exception was not thrown!!!"); } catch (MessageSecurityException mse) { // Assert var fe = mse.InnerException as FaultException; Assert.IsNotNull(fe, "Expected inner fault exception"); Assert.AreEqual("An error occurred when verifying security for the message.", fe.Message); } }
// A simple method created to test the status code returns // Accepts the webdriver instance and the target url that needs to be accessed, response code after access is returned. public static int NavigateTo(IWebDriver driver, string targetUrl) { int responseCode = 0; SessionStateHandler responseHandler = delegate(Session targetSession) { if (targetSession.fullUrl == targetUrl) { responseCode = targetSession.responseCode; } }; FiddlerApplication.AfterSessionComplete += responseHandler; //Hardcoding to 10 seconds wait, assuming the worst response time for any request DateTime endTime = DateTime.Now.Add(TimeSpan.FromSeconds(10)); driver.Navigate().GoToUrl(targetUrl); while (responseCode == 0 && DateTime.Now < endTime) { System.Threading.Thread.Sleep(300); } FiddlerApplication.AfterSessionComplete -= responseHandler; return(responseCode); }
public void OioWsTrustRequestExpiredTest() { // Arrange IStsTokenService stsTokenService = new StsTokenService( TokenServiceConfigurationFactory.CreateConfiguration() ); _fiddlerApplicationOnBeforeRequest = delegate(Session oS) { // Only act on requests to WSP if (StsHostName != oS.hostname) { return; } Thread.Sleep(_wait); }; FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest; // Act try { stsTokenService.GetToken(); Assert.IsTrue(false, "Expected exception was not thrown!!!"); } catch (MessageSecurityException mse) { // Assert var fe = mse.InnerException as FaultException; Assert.IsNotNull(fe, "Expected inner fault exception"); Assert.AreEqual("An error occurred when verifying security for the message.", fe.Message); } }
internal void OnBeforeResponse(Session osession) { SessionStateHandler handler = BeforeResponse; if (handler != null) { handler(osession); } }
internal void OnBeforeReturningError(Session osession) { SessionStateHandler handler = BeforeReturningError; if (handler != null) { handler(osession); } }
internal void OnAfterSessionComplete(Session osession) { SessionStateHandler handler = AfterSessionComplete; if (handler != null) { handler(osession); } }
internal void OnResponseHeadersAvailable(Session osession) { SessionStateHandler handler = ResponseHeadersAvailable; if (handler != null) { handler(osession); } }
internal void OnBeforeRequest(Session osession) { SessionStateHandler handler = BeforeRequest; if (handler != null) { handler(osession); } }
public static void smethod_0() { if (Class22.sessionStateHandler_0 == null) { Class22.sessionStateHandler_0 = new SessionStateHandler(Class22.smethod_2); } FiddlerApplication.BeforeRequest += Class22.sessionStateHandler_0; FiddlerApplication.Prefs.SetBoolPref("fiddler.network.streaming.abortifclientaborts", true); FiddlerApplication.Startup(12345, FiddlerCoreStartupFlags.RegisterAsSystemProxy | FiddlerCoreStartupFlags.AllowRemoteClients | FiddlerCoreStartupFlags.ChainToUpstreamGateway | FiddlerCoreStartupFlags.MonitorAllConnections | FiddlerCoreStartupFlags.CaptureLocalhostTraffic); Class22.bool_0 = true; }
public void OioWsTrustRequestFailDueToTokenTamperingTest() { // Arrange IStsTokenService stsTokenService = new StsTokenService( TokenServiceConfigurationFactory.CreateConfiguration() ); _fiddlerApplicationOnBeforeRequest = delegate(Session oS) { // Only act on requests to WSP if (StsHostName != oS.hostname) { return; } // Use xml version instead of utilReplaceInRequest(...) because message id is dynamically // For some reason there are two calls where the first call has en empty body. if (oS.RequestBody.Length > 0) { var bodyAsString = Encoding.UTF8.GetString(oS.RequestBody); var bodyAsXml = XDocument.Load(new StringReader(bodyAsString)); var namespaceManager = new XmlNamespaceManager(new NameTable()); namespaceManager.AddNamespace("s", "http://schemas.xmlsoap.org/soap/envelope/"); namespaceManager.AddNamespace("o", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); var binarySecurityTokenElement = bodyAsXml.XPathSelectElement( "/s:Envelope/s:Header/o:Security/o:BinarySecurityToken", namespaceManager); // Følgende er en gammel udgave af Morten Mortensen MOCES certifikatet. Det får STS til at svare med "The request was invalid or malformed" //binarySecurityTokenElement.Value = // "MIIGLjCCBRagAwIBAgIEUw9wBzANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSQwIgYDVQQDDBtUUlVTVDI0MDggU3lzdGVtdGVzdCBYSVggQ0EwHhcNMTQxMTEwMTQwMTQxWhcNMTcxMTEwMTQwMTMxWjB2MQswCQYDVQQGEwJESzEqMCgGA1UECgwhw5hrb25vbWlzdHlyZWxzZW4gLy8gQ1ZSOjEwMjEzMjMxMTswFwYDVQQDDBBNb3J0ZW4gTW9ydGVuc2VuMCAGA1UEBRMZQ1ZSOjEwMjEzMjMxLVJJRDo5Mzk0NzU1MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALDVoVZz4QT+WP43mTl28pM9+Jy4JtBFV4R/LP2d2xLrAUGnDXn8dkAnTn4xcDll7t1kzCceI4/0ngN/CGwMpxynBbWRhoYWk4DesR34G2XehPiAf4E8Wsup2adyDWbqUUmrbFoyVsN8XCm/O32WSH19hn9nU5zOc0K4C2d0LJRcfsMCwSlQDu7BtEAjCRxYYw3pxnRu2vvzynW7j4txVbp82aGvZnJ0Fq6fvf+99sVBpyfAgHSAmhR5A5CzjlIpW9vG1WjGG8be5OgV+WurUzN9A1bjoXRpKkG9h035KKn6fRZEjI9Ztxd1JoeVkiBQaYdH1O3OW6rXKsfPLtyiCYsCAwEAAaOCAvEwggLtMA4GA1UdDwEB/wQEAwID+DCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL20uYWlhLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QxOS1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGAgUwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4yLjUuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4yLjUuMCUGA1UdEQQeMByBGmtmb2JzX3Rlc3RAbm92b25vcmRpc2suY29tMIGqBgNVHR8EgaIwgZ8wPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDE5LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDE5LmNybDBfoF2gW6RZMFcxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJDAiBgNVBAMMG1RSVVNUMjQwOCBTeXN0ZW10ZXN0IFhJWCBDQTEOMAwGA1UEAwwFQ1JMMTYwHwYDVR0jBBgwFoAUzAJVDOSBdK8gVNURFFeckVI4f6AwHQYDVR0OBBYEFKuH3e+mCu7y3/brN7zXSkvo6MwKMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAESudYwnM/vbo5cMrUvgnpSgJUZhsQnSzLMwJTsT45OS3O+yct1ci9vPI1ExFZeAisC0bROV3tlsPuDiAVgmErgrHbrz1CmNqIxNcQvkqeL1sQtsrMSRicyILvU7Ve0N0gryR/axG+7D3U488X3oxXtJlS/9WZd33FVDnTIo7Asb+c1clqlUa/DSeBBdZ19L4DbfEkamLA96trEkH1hUTZfRXLFvYW5w8w+muaBu7eL84zzTxpGZxYM14ap+cQHuq+uczDsGDDUKc/BHUmN1UuQ0QCCxHegMHUDD8KXVsosj5wUXOLzd8WwKjPyUTxKPAI5xv9/Bim4mAA7eYc+3lXs="; // Følgende er den nye udgave af Morten Mortensen MOCES certifikatet. Det får STS til at svare korrekt med "The request was invalid or malformed". binarySecurityTokenElement.Value = "MIIGJzCCBQ+gAwIBAgIEVp5ySzANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSQwIgYDVQQDDBtUUlVTVDI0MDggU3lzdGVtdGVzdCBYSVggQ0EwHhcNMTYwNTE3MTE1NDM0WhcNMTkwNTE3MTE1NDE4WjB2MQswCQYDVQQGEwJESzEqMCgGA1UECgwhw5hrb25vbWlzdHlyZWxzZW4gLy8gQ1ZSOjEwMjEzMjMxMTswFwYDVQQDDBBNb3J0ZW4gTW9ydGVuc2VuMCAGA1UEBRMZQ1ZSOjEwMjEzMjMxLVJJRDo5Mzk0NzU1MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIwVzTYsKncrByNHU1M8HVHh5ZdiZAc2yQavTMFkQ0X9Wu4FGMcddH5XvnXsNHipBJ8gZh9HrIza6gujPrlZJvtQG+rhjiKhAaQbMN5yWY2E8H1Lv7aLB3bd1ShGccT/SeMJ3Lrn0xA8HedgYPlf4lYce8y20wlqe2ZBFG5664RBW3KuNapqP++XyJ0KMS5OE17Max/oOzBx4106DDXsMdMNQRtTBT0kJvAs0jiu9Wr/g9TMhM8wot+lsYMHZR8ecYbX70eQJLPI5YErjSkA5pzWO7z1SfewdQguUr71uIDjH2C1A2vIJFyPof6idpKYQJsSshQZWqLbExBr6JDtJYkCAwEAAaOCAuowggLmMA4GA1UdDwEB/wQEAwID+DCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL20uYWlhLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QxOS1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGAgUwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4yLjUuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4yLjUuMB4GA1UdEQQXMBWBE0tGT0JTX1RFU1RAbm5pdC5jb20wgaoGA1UdHwSBojCBnzA8oDqgOIY2aHR0cDovL2NybC5zeXN0ZW10ZXN0MTkudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MTkuY3JsMF+gXaBbpFkwVzELMAkGA1UEBhMCREsxEjAQBgNVBAoMCVRSVVNUMjQwODEkMCIGA1UEAwwbVFJVU1QyNDA4IFN5c3RlbXRlc3QgWElYIENBMQ4wDAYDVQQDDAVDUkw2NDAfBgNVHSMEGDAWgBTMAlUM5IF0ryBU1REUV5yRUjh/oDAdBgNVHQ4EFgQUEWdFrMEb7hG5I2QaLQx4eevxXD8wCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAetwAPoeMMHE9zRSVcGsK3TTo6+YqORR78HXFel4Yg4j7SE3HLSHcrOYaVT/ouUcLqufEWiKRVDpZ4QShSV1hfcF3UhufKCLhMf/sNuc97e/ptOVciN76q+6jNJ+1fAtwNk+myf8lqR1r5CGCk5TDZZv64GR3Q5nhQTBG6wCCUE2vP22bDjY9h+ibfSl4eQG56rNXsDSMMnOB6Fqm9mwPXKUedF8ezHJeRAb1JQtDxkt0oy94i53EaCj6Hd6LzI4Gfq7ReorkuVJvqv+pcpPfZN9FkbbK/o62DMTw3wb+uGh/8VehGOpV05EkafClZ0lqwXpndnI+dbS6PvJpmoqElg=="; oS.RequestBody = Encoding.UTF8.GetBytes(bodyAsXml.ToString(SaveOptions.DisableFormatting)); } }; FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest; // Act try { stsTokenService.GetToken(); Assert.IsTrue(false, "Expected exception was not thrown!!!"); } catch (FaultException fe) { // Assert Assert.AreEqual("Authentication failed", fe.Message); } }
public void OioWsTrustRequestFailDueToHeaderSecurityTamperingTest() { // Arrange IStsTokenService stsTokenService = new StsTokenService( TokenServiceConfigurationFactory.CreateConfiguration() ); _fiddlerApplicationOnBeforeRequest = delegate(Session oS) { // Only act on requests to WSP if (StsHostName != oS.hostname) { return; } // Use xml version instead of utilReplaceInRequest(...) because message id is dynamically // For some reason there are two calls where the first call has en empty body. if (oS.RequestBody.Length > 0) { var bodyAsString = Encoding.UTF8.GetString(oS.RequestBody); var bodyAsXml = XDocument.Load(new StringReader(bodyAsString)); var namespaceManager = new XmlNamespaceManager(new NameTable()); namespaceManager.AddNamespace("s", "http://schemas.xmlsoap.org/soap/envelope/"); namespaceManager.AddNamespace("o", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); namespaceManager.AddNamespace("u", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"); var createdTimestampElement = bodyAsXml.XPathSelectElement("/s:Envelope/s:Header/o:Security/u:Timestamp/u:Created", namespaceManager); var dateTime = DateTime.Parse(createdTimestampElement.Value); var addMinutes = dateTime.AddMinutes(1); var longDateString = addMinutes.ToUniversalTime().ToString(TimeFormat); createdTimestampElement.Value = longDateString; oS.RequestBody = Encoding.UTF8.GetBytes(bodyAsXml.ToString(SaveOptions.DisableFormatting)); } }; FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest; // Act try { stsTokenService.GetToken(); Assert.IsTrue(false, "Expected exception was not thrown!!!"); } catch (FaultException fe) { // Assert Assert.AreEqual("Authentication failed", fe.Message); } }
public void SoapRequestFailDueToHeaderSecurityTamperingTest() { // Arrange _fiddlerApplicationOnBeforeRequest = delegate(Session oS) { // Only act on requests to WSP if (WspHostName != oS.hostname) { return; } // Use xml version instead of utilReplaceInRequest(...) because message id is dynamically var bodyAsString = Encoding.UTF8.GetString(oS.RequestBody); var bodyAsXml = XDocument.Load(new StringReader(bodyAsString)); var namespaceManager = new XmlNamespaceManager(new NameTable()); namespaceManager.AddNamespace("s", "http://www.w3.org/2003/05/soap-envelope"); namespaceManager.AddNamespace("o", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); namespaceManager.AddNamespace("u", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"); var createdTimestampElement = bodyAsXml.XPathSelectElement("/s:Envelope/s:Header/o:Security/u:Timestamp/u:Created", namespaceManager); var dateTime = DateTime.Parse(createdTimestampElement.Value); var addMinutes = dateTime.AddMinutes(1); var longDateString = addMinutes.ToUniversalTime().ToString(TimeFormat); createdTimestampElement.Value = longDateString; oS.RequestBody = Encoding.UTF8.GetBytes(bodyAsXml.ToString(SaveOptions.DisableFormatting)); }; FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest; // Act var client = new HelloWorldClient(); var channelWithIssuedToken = client.ChannelFactory.CreateChannelWithIssuedToken(_stsTokenService.GetToken()); try { channelWithIssuedToken.HelloSign("Schultz"); Assert.IsTrue(false, "Expected exception was not thrown!!!"); } catch (MessageSecurityException mse) { // Assert var fe = mse.InnerException as FaultException; Assert.IsNotNull(fe, "Expected inner fault exception"); Assert.IsTrue(fe.Message.StartsWith("An error occurred when verifying security for the message.")); } }
public void OioWsTrustResponseFailDueToHeaderActionTamperingTest() { // Arrange IStsTokenService stsTokenService = new StsTokenService( TokenServiceConfigurationFactory.CreateConfiguration() ); _fiddlerApplicationOnBeforeRequest = delegate(Session oS) { // Only act on requests to WSP if (StsHostName != oS.hostname) { return; } // In order to enable response tampering, buffering mode must // be enabled; this allows FiddlerCore to permit modification of // the response in the BeforeResponse handler rather than streaming // the response to the client as the response comes in. oS.bBufferResponse = true; }; FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest; _fiddlerApplicationOnBeforeResponse = delegate(Session oS) { // Only act on requests to WSP if (StsHostName != oS.hostname) { return; } oS.utilReplaceInResponse("<wsa:Action", "<wsa:Action testAttribute=\"Tampered\""); }; FiddlerApplication.BeforeResponse += _fiddlerApplicationOnBeforeResponse; // Act try { stsTokenService.GetToken(); Assert.IsTrue(false, "Expected exception was not thrown!!!"); } catch (InvalidOperationException ioe) { // Assert Assert.AreEqual("SOAP signature recieved from STS does not validate!", ioe.Message); } }
public void OioWsTrustRequestFailDueToReplayAttackTest() { // Arrange IStsTokenService stsTokenService = new StsTokenService( TokenServiceConfigurationFactory.CreateConfiguration() ); byte[] recordedRequest = null; _fiddlerApplicationOnBeforeRequest = delegate(Session oS) { // Only act on requests to WSP if (StsHostName != oS.hostname) { return; } // For some reason there are two calls where the first call has en empty body. if (oS.RequestBody.Length > 0) { if (recordedRequest == null) { // record request recordedRequest = oS.RequestBody; } else { // Replay oS.RequestBody = recordedRequest; } } }; FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest; stsTokenService.GetToken(); // Act try { stsTokenService.GetToken(); Assert.IsTrue(false, "Expected exception was not thrown!!!"); } catch (FaultException fe) { // Assert Assert.AreEqual("The specified request failed", fe.Message); } }
public void SoapRequestFailDueToTokenTamperingTest() { // Arrange _fiddlerApplicationOnBeforeRequest = delegate(Session oS) { // Only act on requests to WSP if (WspHostName != oS.hostname) { return; } // Use xml version instead of utilReplaceInRequest(...) because message id is dynamically var bodyAsString = Encoding.UTF8.GetString(oS.RequestBody); var bodyAsXml = XDocument.Load(new StringReader(bodyAsString)); var namespaceManager = new XmlNamespaceManager(new NameTable()); namespaceManager.AddNamespace("s", "http://www.w3.org/2003/05/soap-envelope"); namespaceManager.AddNamespace("o", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); namespaceManager.AddNamespace("u", "urn:oasis:names:tc:SAML:2.0:assertion"); namespaceManager.AddNamespace("xenc", "http://www.w3.org/2001/04/xmlenc#"); var cipherValueElement = bodyAsXml.XPathSelectElement( "/s:Envelope/s:Header/o:Security/u:EncryptedAssertion/xenc:EncryptedData/xenc:CipherData/xenc:CipherValue", namespaceManager); cipherValueElement.Value = "caOITLZYC9wHy4gxMdtxoYjYY9V2t3Jj5ZTRnJxz0Uvd/XS0pOIx9E0htm0jjO0KgLzlYaFMFxkO/U8eCjv2U2AUkSf0o/TZbRUdNUmn5HUC60ZeNGVKdxytzCnq59Qif5q5Um3A4rP8GbMitISPOeyz7UotqmWm48UepnZ+mO34SXFMsrkVUclxW630wPBdeeL3p+CpByn9Cv1qiqPMnX0OO9WqVhszH6KijdiLnlXLwdiLNZWtvftm9r+lhA+Xl3q1GqonYm1/mFVUsUA2aV+T2raFdtAKPQPVNKoe9F9z1j5cpx+VOpi+RZzqcOfCjM2wRFQFP8TFAIZb7OW4Ji+AKf3DQ7kpd8VPOK5Wb4EN/KgV1tLcwTDKcdz6SI55NBL6NgP3otYCM1KahZ8nrVLi+66xnsqsiehF294OloDt3tUkWcgfPEQ2csXwIQ+r99O3KKNi+k3g5WzND4LoWPtunUSWDnkAOZM3fDqkNjtf8cL3JbhGrEmoTht277MGKhMCHiUfgadWp80niLboshlYECsjGFFb/JNuFmv5f2JNMcW6pZ8g+o3KvK4Ck62X3CfDlJ5sdRYs6oaD9wx8fEwC6kCkaxDI1WjMz/4uQWiuQsc0nu7sLBlVvN9aMeuPvxhzrmTyUTNbd56JvOBBbpZaL1b0aQojrSVfzPtyJRrj0Dof5MEQ46iGFemJ1hkY2/jNqit55GybcI3h+ZLneVXRr0+1DOLiPzWHbTmr5V/FPPLB+odVUp3hvemRjNEVv5YGsPPK7SoZWEbSpwXJxdLAW07lFZ7wGZByFY0VaGYWpFNjd8TDwt2jmuWKf5KSFO0nRZKNEFziWqr+v/bs0v7F16qHOjTGn8ZdhRDDky8L+2DyHYwc0VY3TYM1JDG2Uqak2M032G2acuTZdujDMIiXMM39VubhANkaLE8L8blpfYVXZSVdI+FrRudcMdI9fQTJFNTAg0DWBi2e3UM4f4M9mPmNp8vUd9nhfbhULuhgQpufYI5mpKWdiBirDUL4bo7i/mzddUDwIjXhpSqSErGJt5D6oazV2+4j+vDXT0tc2LtnS6srB1zIKzg7fJ9N7DAn6ky9ASYJMPkPX8uEMoFi71g9ILN6WYOHp9c9WxG1y4hTO5e7WgPP3K4Umho20GyjNlChPrAyhE8T79OTKupJPT9JTV1ABscCwMY0fccbs91nThu2URfxUSdgh8NMY3W/gbYMywNRkl4jVmUhO+6GPNNMnfY+iKlli0k/cEB0XmZC/7npPeQ61LCy04Jvxo7ALx8JVtBZYhgd453HpyQagqheLIpeeFqHVSrHbJXqDPowXmhr2CYe7Op+lEcGCF3kpdIruigs//x/vCFFLDghLoCGbyc6ISBTXxJzXudU4ooLj4yuKd11ZMzYpItecFjnpxiCuI7c+D3rZbU+3BQ9HZcv+rlGfG2pGXC0DEUC0QhJQ1hsW+qBkG5es7XoD8EHYlF7cSkpIHIUMoV/McDFa4if4V6Zqc+kiRBqI2iBryQ68jteuVjymSB6bSMpMshwPqkHBDk+SZUc8uKFJMF1aAaWc0/aks6/z59a8WVCczMvhERqgXUJtsMDMepPT+qAyH73P5FzdIVC1d5KOuY2lyBnlvKnHvhO6n7/pBfWVCfvzEV/oSIcZ2nX5BPkX7Wj2s0muLO3/n6Fu60cxCcTCSDe9XN84bxa3tcVuRUNmThU/aQYtahF04VE47LtGF13aPicz5/IH9d40MRKy15hgcE8ZL/M/M7RvunvL8TqcUPNGvIQwfF/w6OUbWLOkZf4eC/sFrZp+Vtsd1tc11Ju0M6qp2/rj7hukZuZXPIJdwKoT/REGJYAaNJBQJr1Gp+H3oE4e034JkQdY78VmCzrxdFq2DBWpfDSOFY18vWgOZ5SD3U5+Gw0w8ohvBPVDX2nJJXNqp8Vaz57T0r/APvVXMx4f9lKXPSfWr33o5PPibPLnB+z7+iTaH6WVMNOpO70X01bxcL0UvnZa+P9WXhEcpNF5iXOvl1ZA/UFWoo+td4auVevHxtmdQRXwphu4ongCKFMyRH+Qn6+GNaqI95eegU7rPZDTNwvdEGkGtHlFQ82d9s6oV7yhbw3IFfNd+hPDRGtWG8NaaPGFRBc5Rt2WBkSIQKb1BCNTzbEfbK4mGY4Kr4LmXnJtFprziRAk92tRaCs+tInH5W08jKX+j0ukYyjPosz4IpasXwVOpgSltnrvC2ck+8cAY7C/bOopAg2PD+3m8U6gWmSCaabtrMnpYgD79gw9H8qP/UCQKsVUhoFsBBMtybbOqj/sRKeyaLdjEUyEmzjPm+0KDCO/yKJUFzwhbFnq/rMzyFyeFXdgUmAfOeP8av3f5AbIASlSELWHtw7N9ByxUsQ5+vacL35L2dd6o0DCZ932ivznw5JfK3iSdSwWkyW/160Uv9/RtcYEseNLMejIEHrEtHgs3okSBkMdXv3LaQBLAvbTPWNeCmOELg7B9P3deh2PH5Izdv/CNRwF7dBcz5zgC2tgMBYS1ZscP0JhT4aUvOFUxtu0ZmfNztcKUOcJEgaLqbarpnA8ekCkHtBW8vq7YeGKhbg0UgOJmBqrSB251gESO9ol/lJ13YY4wWCUuPjFrqHgwJ4ywzOQKEmCP7zte/abiTPatf7YRJ8IDMAmR0Va5iGNJ3zxGViF+bT3f9mS10MqWgO3knWZ2qbcdk5bN4eiBgWD3jjZ+P7JIzlCifDyPHMVVMiylsEtY/M3vnEOl+0XMvnZbjU2jiDJksvFEOX3umqPTabewLSoL8boIiHfTkxnXueLhT9Yx744W4mHfS/Rt+5AAji6VF7AfgMXCQHE92HuOiMpUE1e0W3fcRwgJ0Nn5trAFup3BLkzSd96Z2vCEhgp9CitUm1edrCjBPSur9svuGmUI3hz/vqL1HGpjs78wQOvCC+L11v3Tppn18PRXC1O4itwH3g1qZTKPOGudLDJ7klpAjDRBLuxAtiwKMfaXULR70HLAP/5D8df/bHn+sWWRdKoga87rvr5pIbJcKw5EwjGUV1+xcBzSr5J+SNU069eD5U038YFQwyOApLg7DE6hNZ9TsoTT3C2QH6DUQZcrvWbSFKpAqpp5wdidWLu0ewhjVCj+wZLmmP2YJTKLbzF6XY717NViJM9VJJR2F/OHcjqXxvJRfJ3yeoBlTk0IqMmgza2eS2SWmutGXWU0ympJWeFfli3ZO0C0oWDa0fwm7Hm0l7ISl16hJidx0PPERVjFBZsUAnU7nIpDVwSEjHiHH4cWYNlLL+FyGWQW5s/l6+9B4LwFJEBQeT0Dag7xBMorWrSlyMsT4yJsVO/q9rTKZ15of5CnrZF22nOYu8/octGQFAxL2pY+42MxpzRVGfSRdXfCvwEu9FObLy6RsCrazR+wAdh5sQloCSL5FAWgwpyePaMdCMMgw+H+zgGGcGzKiS0wkN3Hz1pCjwbuHg4v2RcY21LR+cRux23TbLsyV+K1w6cH1Xfe3pf4gJQ+YwWWwUOqlcgc6eczM2ZF1P1Z/94MbWs+BCrolg4jBgpWlA0f1KIOgvCdE9U5eQ3PtMa2TqTrWhhON5rjJHVa+e7MAIMj5vmRgQAWeMi41inbspisGy/9Fr6L71spQUU7cznw2TqNczDKRUP9XnE7ovYXJ5XATdZghEqDpNBkuHcsgFmGNRZyh5pI5Oj+AlCHPI2oQXI5jptKC1rpr+TxU8oMNln4aQw4Dol9vij7eDEHLmlrKqyJpLNA43//est+6LF7Y0k53uLfHqNfvZCgbv6y25AFJLl64fYHT8sZ6JqzFxUR8F4KFV3aZRCIZ3fQfHEDZMbIGM0EK/2FP3/dDHN5KvswyNZ1Gqo30uvcupL4iwLCsRAcz7CQYJGIVmAXS/K9zs6UEdP1wCI7xYjGuDG4dyFv3M/+XyZIza0gh3ilIWPIVpzvgh9W1Q7gyBd2ZU5nkvgrLQULZXk3s3YW5UqB4neoLAVOCyES0VthiE7j0TUI/wJOmvd/HfkzYsp8zJyfJpqsNQ9x/6aijOhwJ9Cr7noLRc1TiCSGrryz/QZN2978zqaL+gxkfstdqzfPr//7QqoVve/GIOreFZP7qhGBnxqNWBUrO0auIacRYdkE7Fbr9P/Sw5RghphLq2Fss3dl/iiPi7eYckZGBK6tRvMfSiTb51qS8LKV4+dps8gtUr0UDeO+/l7Tm134l9UAhxlnfy9+qium1O90CIDspgWjZe6x8mA2DnpFjyJyEiTAZ1yaO4BBGQTUO/aNabjhm4Zn4bMQHVOJ2iGLxMGH2NEFOd4+uMuYhxIq1K+My1Mi4v7eegInoD4uBcvleChyBrLt25fEznUbcI+rvfWseb0vPvayiqLRn2N/ClaVFby+0gsfo5Ebz5WML5rGFKm/u/RBkPqsK3RqtCd8JB5sV2CqhtajmJ+bzGAkgX4ViHYsaEVrkEnFxyIwIi6p0VEgeK/j+9uLcY994pX6f0jyDQIr9Nc2i9naCSl2VtoujwQInW7D/e70hJRldW2CjPOhpDZyl/aG8ZqvL2/XwCL5518vZpbifSiupX/wDLofenk/951bAWrD83xaB9pxr+gkzZPx8ZR7xRe0JYZDZnn2T8t0wX1/zYB8yiWCB2kGxMqJh7Rrh0L65DCsKWsKWR+HV1b5Bpc26U5eeH6W4Zgoo2yuNQsb5rR05L8pxB7q5gOEVH8TVpK0y8o9W6eCNWiOetHhzreBdmobWBzQNNOl78xA/gh6IQPQfaEGnQYS38s8XM7+Cu4QwVDYdJSFBYupJr5rn7DtDP88w7XO8OdKguj5cAq/5ICJQPaD5S7jShOl5ccpLoLikrgVksZr/BxuhkkIsakJnAltlDHWzNkVC8wzO/x0FHZKvmOEQsLoueHqxfCyJLbooZwpHoNjXwzvfJ5XcRa1xY2uZDMit4tSQd0qebz8kun2mIIDwREqa5xqn2XzHE9b7j3bKTVhcsPMoIm1ENGEmQJi7dpjOT65v4s9hFMT47fcjZyhT+5xEstBkaRnIZ8rLY9gIVCAEFLUZXFOfHSIPlz8aHKwwr/sEGwWrpn6lPNXMezTTLjG73APQBz56OAUCnZmmEDq1BnH8aQsmXHofuK+tKUJX9wsPslD4BqHUq1CaWUr5zpWItUHOKaHxCKs/s42Mbbvw0LGFoBqEbxqiuIOW1qr2cPEBYZvPPgqBNlmQE6v417392L/qD07qh59smAkIba/FD/AqrDanhnvi5HF2EgGd34kqq7solQ31so+2cDwxC+1et8UVY21X58nRWn83YpX7sjzjkJABG20EQtkR7v/aQDUN0rhl7KLyQl55g1PV+27CdTvPEr+PsYuGG6OgUV1GVaPRqR4PjbsI92hSB+4s+XbtYMZdw6l9EvR7b4AimKK3Ijh8HM9QIPdaoXnffEfVsyt3B6nCdbYcNGMCrW1LTHxxmxJkCH5hdkJkzcOjXkl3dQ5MoOm/hx0N9zMPfBnl8eyQUg83RXP65Z0SVRHiesNZqJLml/TBtvOmUQjwUNyJd1CDN5Py4K5xE03uqXsRD9LI5jyotXDLeBdnb3pMcCpv5pYPhAg5+48ArKsRoipURKfF4Ygzn04bGaLJqFCmKpYVjUJeYiuejOCbEe2WiCzSvQDtXEOH+xR9qBgvf3QT5YF2mLIogOgxv8AN8Z22WlLWOlQAwIRPVgZ8cOgTVbnGWfS/idA0njHQNwdwkWS8WLc0lOQQeDld3WIRr3PvtfRaaAUMcIMwCPbEjzx7FU/Zmit2UdJK2dm8zwwziTSivrbdeN1s2nXxLvngNmqerFymHqrk6HL6dI4MXfet2ca47UpRBm+bCcuFaDEMi1K+HzBjuNevh4+ZFP1X61F07+vv6STDLtOMVX1g9SMwIflceceiWfSqpEIKssnESQ3JLUG7CrreYYLGrosP9G77G0JG/DXa3Zma6RfF8j1wkmFwnsQru/mBxQkb7oSn79jpvpmQxxmIaCnV0YKWhmpgZudcS6P2nJXsjvjAgONs490EPG+lH8OhKVLguP6sbCDQGf52de2bJeN3ADGFFXmKnqs8v8lDv1P9jp25PENIUOG5cv25/MCAA7G8xPplUPRJZLO9IzhvHCTpdADRNwrWES2OttqlIlTz563yf3WZNtMumcLeLnbdeyqeemDWzx7/zopRWEhOGV2gkoyxeX0mLTtHvgmyq0weueNv19/9lL3aAbf+1WUQptctVw5hVVa5br32ZjdHKjYkK5kH5FdVjCkA+ctizt+nh53mxOxlOxDRUZZLpyYw0lZf2dw01cZDrBYnyIHBb7ih52dUm5rE0hWIBgbZzMov0fbebHbWwlyI6KN6gFzkptAagaEBaj1FQqrJTLtrGOtBO6yg+XAnUlKYEWYiOF2rqYEBQcA2m6+1b+N8NLrpwkWGEI3Ci/L22rv8/ubUcG1+lfmpEhBdPYR2f3VNpn7BQduiByWjOctcBvlOkMVMIssxY7AGt2K3/vH0c4Hm7ZUqHZfuMyWhpCKz+l8qYITqSA2Y3wuhb/GRZ64UeQAS+WvnKpG+Iy4U6O5Z3KyBukuzmHDUUF/57rTt0noqpnGmhlvdGJwsfbeaA11XcC+vlsNW37pbls827w+A+hKQlIy7KMRhDWkxbXsJn1z3Loixfllk2qSuDfsGIIMctnrdi/JIOZX1TXewivhVVs7TK0F+LmUYRdINorvtgVxwLYdGOVhsJauNR56mYCkKJ+IcMvYvFbl2RwHBLyjYQhjp4acYjbSJrbf+MJbEe8hGAicBJjsoIV3kxsN+Bzii/D8vNDDBBNaDI/uVJviiLiIpRhyV32vpwnYz5qsEBOz0tKE1DZo7G9M9lovy2pyUNlQ/Uksr9cOIGI0d+BBsxZZQvvcoPeaNesrbxNa6lDsiXQMwqZD9V4hXwJh6BlqCAn25iMlpt23hoV1tIqfEOJf6mmD1fIazNsVo/onJS4FJ3ucLGdhASiu8QgG+1FHvXOvIGyL+SP0xHKLqXd8o6KkEs1x9ty8b+pOBbuLcrP04qEJ7p8J7+pOZGSggy9bucwMdQkNtKQxOaDEOUMUADNi7McSyyyfgyGyl63tIIhh6Ipejbp03z0a4XTUn2NyKj/tSNpu4JkQtjdKuxKRJYQ7lgqRf8gQIi/phUtOIGd59KeF45JlNBXF6qIVlmvbxttM3H+rU1EN7F1cEjd3duZwDpvTl4jJb82qC3itoQ/mbIgQoyeobCh07+h1ZyxqoThsu5p+9YHqpkMoojXYBu+8nGj504+IVuc/H3fSy5V2QyBkXrnLWWgvSy2hPce7Ne/9873AaQgooSQdJ7WEKNJoV/8DrTVl7xcVE9Wvd5qB8keh2BkR+FlFPWeSdi5bQH0juOLQ4Hwl7035vkzLqYykvfPWsVFU4UODwj2yT8h1JdlouHrJ+K7NLZNFlydHNqOJqzZZ7JLtjboFbpT4IWpjpt5tM9KGvv5Ppetgygg8H0tFdmynhOnMrsxgs9mmk8t5obUaRnE3JXRXmSHoTdjspzKaTbHyhP1mOAKms7yVAUMXxseb+w/UD6PFCPUhVm0JZUk9g1ogvh/D1OM5EtFnoWJloAkTDVnANz9h1KgrZVGKMgqvEvDOOOFLNUa79NRWOF/s/XtPYCuTHkSirthqwbOtV44ksWkFBCg5jD7gWQXy91j0kTv2uihYEXYqw0cCf2m17Myejo9K/J+0Ipimn/jlGGVzzTgrOl7/4qgU7tsgSJIxAcQ6nLBjuV3EdRbTfmDfpEMrJrQMEL8ec8xOuAAZDrmEa2K+qzEQLzDOGGJKj60VUpP+/5FewM2giT+fMkQSy9BeFIPOwFw3/XavRIb6oRzQOG2CbNSz+qnxFkhbL9nifcB6ckMRHBHX/zSkQr0P6EbyKuLVX9xk1eZxgByG4ZSmgrYEtnaPwaD0OS7g+bEpHHs0jM5bYsmzVDmrJskncCI2yff9dOcWSlLQJelh8ZyAomQ1naakPTAWF6zfwbo8M4h8x8+OyZabUI3yHHbuxTUZYRa5ff5B+15mF9IWLyp1SwLU7xwRM4bvA2VetklWzxz8hSC0s1rWeXykGIu4+oC4KKmgmhJLygkrXnIB2DOtA1/a4BrUZoYee8HrP/kJ37jD5QQxZLccMl45LsTLdAm8B0FRiId0q56/9cvRUTWU7DvumDLvaU6FJcFiUBuvhN2Os+wlzDJGZQVmFglFSA8WJIwk5wPmpOW31bSLVimpnBoTy3G7OdwdWl5xrebYkWLQTXXbcflO17MHWhEsDTkGLDHM6ZY2LZd9k1SvXBRGPgCUuMMpIp4qdKL3xOBPLdzjf3KPG4SbWoZZJbPXEIP5Ryg96nLJ2nuYCcQ8tZOxTqKIiLnhyd5GVvzbEZGh66q70oAWhznC0AtepPoMQv/Vb4PzAcEIL8kH28MgQvzJUrOeituNVlRDA1a6hGSmVKW4XEqzvkm+SS6cKHKlXHWhcLH3dfCeh/+kNoKhoSplyL0jzZ07C3T7fFdOxR4QJBUgTNCI2Dq/W54/BiAdb9OM/oKxT6EpcIW1PbIIN3n1Y0E43bAiTxElr8euUGAopUruAZcbyKnzRUcTaU9eKQtMERfOKqI5maAdqOBmjwNhMHoi/ifNgkFZOU7a+eMAmOBvEkv0zQUpKtuxuQbKnusLmSOr9fMLTc0BWc3o+I3ONU78w178Mw3wvvW+GP/K3yv8Sn9DoGiFTm2cNJMcF4Zm+1WwVHxcaE67sJ7e4QMU2UWhLaPqDLpkZSWUAy+rRd+WWmJ0MLrxlAqDlzZS8GB7Lp/avJSMaKemRM1ynZhHU23ZABUdwX814Orwt27lnN2xHk26EGNsE/q8LTkyODL6cntxbVVy2jENoH4Kzz/8On4vEaJTgrjldGI0umraglkV4Eh+h5Zs7CwIk0r6eQqlwu1US1fdzGsVMn3vGmemWe3xUPjfrbFGCFadB72Agom6jDpQoUaD+ztftoKw9rJshE78e6rkcCnsWgfjImaYJte6Ut20L8Otb+RGNUQcdwuaC9jOY76CjVh5iSxy/sD6rJLHLQZAI6WNYEOhdrgeLP0XJI6a9rmBMRQxvEw0DFLxksomIdTSxgAm8Ron8WOS3eXfZeQjMq92nbEGD8KN4sfhwiFrR3zgboEO/bvpMShYY6KryddOuE1ChKSTdIGYXxphKXBAZsTQWTQxUiuEv792f4523cQKL4+XFBCwY1dCXLfXLOdAMizFrpoosTkJSfXkvz6Ox4i2XYDxnu+d2nLzCUykh98ONiPOJoWTeQIHFvzsAEj3rvkX7omgN+GqevKDkf7l88tq6wuRS9Tals6Vf5ve6CqxspMwckMDb/ZuFmeHJlyGmE1rhd9ze+Fjyd4QkJA9zxL4WOkFJP/PVoA+mxR2jMFdsnK+R4PGqErC+tIp/CmdoTRp4JlOIGEgrmHUrVhVruUR8BwboHZDo8adfC80ieLq+yYISz04wPUECkyQ808fozYVDTyEGHRILU4aOWU4c52w0GNv/00h61CrzTFHPdN7h7Djx1Ob5KdsghGM987BTHCku6IuLhjdBO1YyNBM6DqBsuik7H2dY8+qL8zC/kz/omfVCn6JOYOQ6Fl6detFNBASk+farDREvV66oqwIT8as57qXNT7Mo1wE1arhdrIUEJz3/yZguHxjOuaXeOdLTnCjPsq8MBRhrtkj6aXkG8iksfP8/gUamEXHxve17HpipfDe4ieKuX0INlJAbUSrdwhPVje9vWZwNcyy+Hfdi544szMbPSPw/WIILSTdkVJtarWowJZVYVYGUbcyNcXxLII5VWz3Q6lWRV1h3IWixGtuU8IzxoHT8F1ECyS1Dcx3QJ8w3Ksw6PCnd3byfKAj2POu+qfGM6FOO52QAWViqOyDks2AoDfPmp8p91FMrvyWy0No/Mg2a83CSByxzvnXvMht0ekzacBRfROMz1mwqX7/kMDsqBSLugoOyptGfTnWojezaijWXkRYyZj4maK/SzQKm4ks4yFqTiV1OlPA8v058q21tleIEMefCqKLp5bJMffYVZal5bpUCESr2l4HCDCCGQX0BtRdQ2GrxTbffQCfnQ9Iq0YjW9TLJCowJKhS0uOORYplr0jWqXz/w5CwSyjM7JbsLIjZ0r/Au413tTOUucyz5ZvboSwlzcJ6O0R5VulIdcOlgjVeEFJn8sdawn11H6qo3Uf2zIrEX5KlsntuS8KlLgKF3n6r4d5EXlNMBYfBZntzHFF0JqOs/5RAtil6+E1VpSyUZRxA=="; oS.RequestBody = Encoding.UTF8.GetBytes(bodyAsXml.ToString(SaveOptions.DisableFormatting)); }; FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest; // Act var client = new HelloWorldClient(); var channelWithIssuedToken = client.ChannelFactory.CreateChannelWithIssuedToken(_stsTokenService.GetToken()); try { channelWithIssuedToken.HelloSign("Schultz"); Assert.IsTrue(false, "Expected exception was not thrown!!!"); } catch (MessageSecurityException mse) { // Assert var fe = mse.InnerException as FaultException; Assert.IsNotNull(fe, "Expected inner fault exception"); Assert.IsTrue(fe.Message.StartsWith("An error occurred when verifying security for the message.")); } }
public void OioWsTrustResponseExpiredTest() { // Arrange IStsTokenService stsTokenService = new StsTokenService( TokenServiceConfigurationFactory.CreateConfiguration() ); _fiddlerApplicationOnBeforeRequest = delegate(Session oS) { // Only act on requests to WSP if (StsHostName != oS.hostname) { return; } // it not set then Thread.Sleep is ignored on the response. oS.bBufferResponse = true; }; FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest; _fiddlerApplicationOnBeforeResponse = delegate(Session oS) { // Only act on requests to WSP if (StsHostName != oS.hostname) { return; } Thread.Sleep(_wait); }; FiddlerApplication.BeforeResponse += _fiddlerApplicationOnBeforeResponse; // Act try { stsTokenService.GetToken(); Assert.IsTrue(false, "Expected exception was not thrown!!!"); } catch (MessageSecurityException mse) { // Assert Assert.IsTrue(mse.Message.StartsWith("The security timestamp is stale because its expiration time")); } }
public void NavigateToViewWithJsErrorProxy(string targetUrl) { string errorScript = @"window.__webdriver_javascript_errors = []; window.onerror = function(errorMsg, url, line) { window.__webdriver_javascript_errors.push( errorMsg + ' (found at ' + url + ', line ' + line + ')'); };"; SessionStateHandler responseheadersAvailable = delegate(Session targetSession) { // Tell Fiddler to buffer the response so that we can modify // it before it gets back to the browser. ReponseCode = targetSession.responseCode; }; SessionStateHandler beforeRequestHandler = delegate(Session targetSession) { // Tell Fiddler to buffer the response so that we can modify // it before it gets back to the browser. targetSession.bBufferResponse = true; }; SessionStateHandler beforeResponseHandler = delegate(Session targetSession) { if (targetSession.fullUrl.ContainsEx(targetUrl) && targetSession.oResponse.headers.ExistsAndContains("Content-Type", "html")) { targetSession.utilDecodeResponse(); string responseBody = targetSession.GetResponseBodyAsString(); string headTag = Regex.Match(responseBody, "<head.*>", RegexOptions.IgnoreCase).ToString(); string addition = headTag + "<script>" + errorScript + "</script>"; targetSession.utilReplaceOnceInResponse(headTag, addition, false); } }; FiddlerApplication.BeforeRequest += beforeRequestHandler; FiddlerApplication.BeforeResponse += beforeResponseHandler; FiddlerApplication.ResponseHeadersAvailable += responseheadersAvailable; Driver.Navigate(targetUrl); FiddlerApplication.BeforeResponse -= beforeResponseHandler; FiddlerApplication.BeforeRequest -= beforeRequestHandler; FiddlerApplication.ResponseHeadersAvailable -= responseheadersAvailable; }
public static int NavigateTo(this IWebDriver driver, string targetUrl, TimeSpan timeout, bool printDebugInfo) { if (driver == null) { throw new ArgumentNullException("driver", "Driver cannot be null"); } if (string.IsNullOrEmpty(targetUrl)) { throw new ArgumentException("URL cannot be null or the empty string.", "targetUrl"); } int responseCode = 0; DateTime endTime = DateTime.Now.Add(timeout); SessionStateHandler responseHandler = delegate(Session targetSession) { if (printDebugInfo) { Console.WriteLine("DEBUG: Received response for resource with URL {0}", targetSession.fullUrl); } if (targetSession.fullUrl == targetUrl) { responseCode = targetSession.responseCode; if (printDebugInfo) { Console.WriteLine("DEBUG: Found response for {0}, setting response code.", targetSession.fullUrl); } } }; // Attach the event handler, perform the navigation, and wait for // the status code to be non-zero, or to timeout. Then detach the // event handler and return the response code. FiddlerApplication.AfterSessionComplete += responseHandler; driver.Url = targetUrl; while (responseCode == 0 && DateTime.Now < endTime) { System.Threading.Thread.Sleep(100); } FiddlerApplication.AfterSessionComplete -= responseHandler; return(responseCode); }
public void SoapResponseExpiredTest() { // Arrange _fiddlerApplicationOnBeforeRequest = delegate(Session oS) { // Only act on requests to WSP if (WspHostName != oS.hostname) { return; } // it not set then Thread.Sleep is ignored on the response. oS.bBufferResponse = true; }; FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest; _fiddlerApplicationOnBeforeResponse = delegate(Session oS) { // Only act on requests to WSP if (WspHostName != oS.hostname) { return; } Thread.Sleep(_wait); }; FiddlerApplication.BeforeResponse += _fiddlerApplicationOnBeforeResponse; var client = new HelloWorldClient(); var channelWithIssuedToken = client.ChannelFactory.CreateChannelWithIssuedToken(_stsTokenService.GetToken()); // Act try { channelWithIssuedToken.HelloSign("Schultz"); Assert.IsTrue(false, "Expected exception was not thrown!!!"); } catch (MessageSecurityException mse) { // Assert Assert.IsTrue(mse.Message.StartsWith("The security timestamp is stale because its expiration time")); } }
public static void GetOauthTokens(Action <int, OauthToken> onResult) { if (FiddlerApplication.IsStarted()) { onResult(0, null); return; } FiddlerApplication.Startup(0, FiddlerCoreStartupFlags.Default); Proxy oSecureEndpoint = FiddlerApplication.CreateProxyEndpoint(0, true, "localhost"); SessionStateHandler handler = null; handler = (Session oS) => { if (oS.fullUrl.StartsWith("https://restapi.ele.me/marketing/promotion/weixin/") && oS.RequestMethod == "POST") { OauthToken token = new OauthToken(); token.Url = oS.fullUrl; token.RequestBody = jsSerializer.Deserialize <dynamic>(oS.GetRequestBodyAsString()); token.UserName = token.RequestBody["weixin_username"]; FiddlerApplication.BeforeRequest -= handler; if (null != oSecureEndpoint) { oSecureEndpoint.Dispose(); } FiddlerApplication.Shutdown(); onResult(1, token); } else if (oS.fullUrl.StartsWith("http://close.local")) { FiddlerApplication.BeforeRequest -= handler; if (null != oSecureEndpoint) { oSecureEndpoint.Dispose(); } FiddlerApplication.Shutdown(); } }; FiddlerApplication.BeforeRequest += handler; }
public void SoapRequestFailDueToReplayAttackTest() { // Arrange byte[] recordedRequest = null; _fiddlerApplicationOnBeforeRequest = delegate(Session oS) { // Only act on requests to WSP if (WspHostName != oS.hostname) { return; } if (recordedRequest == null) { // record request recordedRequest = oS.RequestBody; } else { // Replay oS.RequestBody = recordedRequest; } }; FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest; var client = new HelloWorldClient(); var channelWithIssuedToken = client.ChannelFactory.CreateChannelWithIssuedToken(_stsTokenService.GetToken()); channelWithIssuedToken.HelloSign("Schultz"); // Act try { channelWithIssuedToken.HelloSign("Schultz"); Assert.IsTrue(false, "Expected exception was not thrown!!!"); } catch (MessageSecurityException mse) { // Assert var fe = mse.InnerException as FaultException; Assert.IsNotNull(fe, "Expected inner fault exception"); Assert.IsTrue(fe.Message.StartsWith("An error occurred when verifying security for the message.")); } }
public void SoapRequestSucceedIsSoap12Test() { var soap12 = "http://www.w3.org/2003/05/soap-envelope"; var isSoap12 = false; _fiddlerApplicationOnBeforeRequest = delegate(Session oS) { // Only act on requests to WSP if (WspHostName != oS.hostname) { return; } // Use xml version instead of utilReplaceInRequest(...) // because message id is dynamically var bodyAsString = Encoding.UTF8.GetString(oS.RequestBody); var bodyAsXml = XDocument.Load(new StringReader(bodyAsString)); var namespaceManager = new XmlNamespaceManager(new NameTable()); namespaceManager.AddNamespace("s", soap12); // If we can find the root element, it's because the namespace // of SOAP 1.2 matches var envelopeElement = bodyAsXml.XPathSelectElement( "/s:Envelope", namespaceManager ); isSoap12 = (null != envelopeElement); }; FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest; // Act var client = new HelloWorldClient(); var channelWithIssuedToken = client.ChannelFactory.CreateChannelWithIssuedToken( _stsTokenService.GetToken() ); channelWithIssuedToken.HelloSign("Schultz"); Assert.IsTrue(isSoap12, "Succeed with a valid SOAP 1.2 header."); }
public void SoapRequestSucceedNoLibertyHeaderTest() { var soap12 = "http://www.w3.org/2003/05/soap-envelope"; var noLibHead = false; _fiddlerApplicationOnBeforeRequest = delegate(Session oS) { // Only act on requests to WSP if (WspHostName != oS.hostname) { return; } // Use xml version instead of utilReplaceInRequest(...) // because message id is dynamically var bodyAsString = Encoding.UTF8.GetString(oS.RequestBody); var bodyAsXml = XDocument.Load(new StringReader(bodyAsString)); var namespaceManager = new XmlNamespaceManager(new NameTable()); namespaceManager.AddNamespace("s", soap12); // If we can't find the Liberty Header, it's because it's no // longer part of the SOAP 1.2 message var frameworkElement = bodyAsXml.XPathSelectElement( "/s:Envelope/s:Header/Framework", namespaceManager ); noLibHead = (null == frameworkElement); }; FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest; // Act var client = new HelloWorldClient(); var channelWithIssuedToken = client.ChannelFactory.CreateChannelWithIssuedToken( _stsTokenService.GetToken() ); channelWithIssuedToken.HelloSign("Schultz"); Assert.IsTrue(noLibHead, "Succeed with no Liberty header."); }
public void OioWsTrustRequestFailDueToHeaderMessageIdTamperingTest() { // Arrange IStsTokenService stsTokenService = new StsTokenService(TokenServiceConfigurationFactory.CreateConfiguration()); _fiddlerApplicationOnBeforeRequest = delegate(Session oS) { // Only act on requests to WSP if (StsHostName != oS.hostname) { return; } // Use xml version instead of utilReplaceInRequest(...) because message id is dynamically // For some reason there are two calls where the first call has en empty body. if (oS.RequestBody.Length > 0) { var bodyAsString = Encoding.UTF8.GetString(oS.RequestBody); var bodyAsXml = XDocument.Load(new StringReader(bodyAsString)); var namespaceManager = new XmlNamespaceManager(new NameTable()); namespaceManager.AddNamespace("s", "http://schemas.xmlsoap.org/soap/envelope/"); namespaceManager.AddNamespace("a", "http://www.w3.org/2005/08/addressing"); var messageIdElement = bodyAsXml.XPathSelectElement("/s:Envelope/s:Header/a:MessageID", namespaceManager); messageIdElement.Value = "uuid:0e07468e-42b2-4813-b837-6c2c6122a9c9"; oS.RequestBody = Encoding.UTF8.GetBytes(bodyAsXml.ToString(SaveOptions.DisableFormatting)); } }; FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest; // Act try { stsTokenService.GetToken(); Assert.IsTrue(false, "Expected exception was not thrown!!!"); } catch (FaultException fe) { // Assert Assert.AreEqual("Authentication failed", fe.Message); } }
public static void NavigateTo(this IWebDriver driver, string targetUrl) { if (driver == null) { throw new ArgumentNullException("driver", "Driver cannot be null"); } if (string.IsNullOrEmpty(targetUrl)) { throw new ArgumentNullException("targetUrl", "URL cannot be null or empty string"); } string errorScript = "window.__webdriver_javascript_errors = []; window.onerror = function(errorMsg, url, line) { window.__webdriver_javascript_errors.push(errorMsg + ' (found at ' + url + ', line ' + line + ')'); };"; SessionStateHandler beforeRequestHandler = delegate(Session targetSession) { // Tell Fiddler to buffer the response so that we can modify // it before it gets back to the browser. targetSession.bBufferResponse = true; }; SessionStateHandler beforeResponseHandler = delegate(Session targetSession) { if (targetSession.fullUrl == targetUrl && targetSession.oResponse.headers.ExistsAndContains("Content-Type", "html")) { targetSession.utilDecodeResponse(); string responseBody = targetSession.GetResponseBodyAsString(); string headTag = Regex.Match( responseBody, "<head.*>", RegexOptions.IgnoreCase).ToString(); string addition = headTag + "<script>" + errorScript + "</script>"; targetSession.utilReplaceOnceInResponse(headTag, addition, false); } }; FiddlerApplication.BeforeRequest += beforeRequestHandler; FiddlerApplication.BeforeResponse += beforeResponseHandler; driver.Url = targetUrl; FiddlerApplication.BeforeResponse -= beforeResponseHandler; FiddlerApplication.BeforeRequest -= beforeRequestHandler; }
public static void NavigateTo(IWebDriver driver, string targetUrl, string userName, string password, TimeSpan timeout, bool printDebugInfo) { if (driver == null) { throw new ArgumentNullException("driver", "Driver cannot be null"); } if (string.IsNullOrEmpty(targetUrl)) { throw new ArgumentException("URL cannot be null or the empty string.", "targetUrl"); } if (string.IsNullOrEmpty(userName)) { throw new ArgumentException("User name cannot be null or the empty string.", "userName"); } if (string.IsNullOrEmpty(password)) { throw new ArgumentException("Password cannot be null or the empty string.", "password"); } DateTime endTime = DateTime.Now.Add(timeout); SessionStateHandler responseHandler = delegate(Session targetSession) { if (printDebugInfo) { Console.WriteLine("DEBUG: Received response for resource with URL {0}", targetSession.fullUrl); } byte[] credentialsArray = System.Text.Encoding.UTF8.GetBytes(string.Format("{0}:{1}", userName, password)); string encodedCredentials = Convert.ToBase64String(credentialsArray); targetSession.oRequest.headers["Authorization"] = string.Format("Basic {0}", encodedCredentials); }; // Attach the event handler, perform the navigation, and wait for // the status code to be non-zero, or to timeout. Then detach the // event handler and return the response code. FiddlerApplication.BeforeRequest += responseHandler; driver.Url = targetUrl; FiddlerApplication.BeforeRequest -= responseHandler; }
public static void Start() { FiddlerApplication.Shutdown(); FiddlerApplication.OnValidateServerCertificate += FiddlerApplication_OnValidateServerCertificate; SessionStateHandler _bResp; if ((_bResp = _beforeResponse) == null) { _bResp = (_beforeResponse = new SessionStateHandler(BeforeResponse)); FiddlerApplication.BeforeResponse += _bResp; } SessionStateHandler _bReq; if ((_bReq = _beforeRequest) == null) { _bReq = (_beforeRequest = new SessionStateHandler(BeforeRequest)); FiddlerApplication.BeforeRequest += _bReq; } InstallCert(); FiddlerApplication.Startup(Server.FiddlerPort, FiddlerCoreStartupFlags.DecryptSSL); }
public void SoapRequestFailDueToHeaderMessageIdTamperingTest() { // Arrange _fiddlerApplicationOnBeforeRequest = delegate(Session oS) { // Only act on requests to WSP if (WspHostName != oS.hostname) { return; } // Use xml version instead of utilReplaceInRequest(...) because message id is dynamically var bodyAsString = Encoding.UTF8.GetString(oS.RequestBody); var bodyAsXml = XDocument.Load(new StringReader(bodyAsString)); var namespaceManager = new XmlNamespaceManager(new NameTable()); namespaceManager.AddNamespace("s", "http://www.w3.org/2003/05/soap-envelope"); namespaceManager.AddNamespace("a", "http://www.w3.org/2005/08/addressing"); var messageIdElement = bodyAsXml.XPathSelectElement("/s:Envelope/s:Header/a:MessageID", namespaceManager); messageIdElement.Value = "urn:uuid:0e07468e-42b2-4813-b837-6c2c6122a9c9"; oS.RequestBody = Encoding.UTF8.GetBytes(bodyAsXml.ToString(SaveOptions.DisableFormatting)); }; FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest; // Act var client = new HelloWorldClient(); var channelWithIssuedToken = client.ChannelFactory.CreateChannelWithIssuedToken(_stsTokenService.GetToken()); try { channelWithIssuedToken.HelloSign("Schultz"); Assert.IsTrue(false, "Expected exception was not thrown!!!"); } catch (MessageSecurityException mse) { // Assert var fe = mse.InnerException as FaultException; Assert.IsNotNull(fe, "Expected inner fault exception"); Assert.AreEqual("An error occurred when verifying security for the message.", fe.Message); } }
public static void Start() { FiddlerApplication.Shutdown(); FiddlerApplication.OnValidateServerCertificate += FiddlerApplication_OnValidateServerCertificate; SessionStateHandler _bResp; if ((_bResp = _beforeResponse) == null) { _bResp = (_beforeResponse = new SessionStateHandler(BeforeResponse)); FiddlerApplication.BeforeResponse += _bResp; } SessionStateHandler _bReq; if ((_bReq = _beforeRequest) == null) { _bReq = (_beforeRequest = new SessionStateHandler(BeforeRequest)); FiddlerApplication.BeforeRequest += _bReq; } InstallCert(); ushort iPort = 7777; FiddlerCoreStartupSettings startupSettings = new FiddlerCoreStartupSettingsBuilder() .ListenOnPort(iPort) //.RegisterAsSystemProxy() .DecryptSSL() //.AllowRemoteClients() //.ChainToUpstreamGateway() //.MonitorAllConnections() //.HookUsingPACFile() //.CaptureLocalhostTraffic() //.CaptureFTP() .OptimizeThreadPool() //.SetUpstreamGatewayTo("http=CorpProxy:80;https=SecureProxy:443;ftp=ftpGW:20") .Build(); Fiddler.FiddlerApplication.Startup(startupSettings); }