Exemple #1
0
        public void TryParseInvalidStringReturnsFalse(string invalidString)
        {
            SimpleWebToken dummy;
            bool           actual = SimpleWebToken.TryParse(invalidString, out dummy);

            Assert.False(actual);
        }
        public void TryParseInvalidStringReturnsFalse(string invalidString)
        {
            SimpleWebToken dummy;
            var            isValid = SimpleWebToken.TryParse(invalidString, out dummy);

            Assert.False(isValid);
        }
Exemple #3
0
        /// <summary>
        /// Reads the headers to determine client location & identity
        /// </summary>
        /// <returns>Service execution context</returns>
        private SvcContext InflateContext()
        {
            var ctx = new SvcContext();

            var latLon = new LatLon();

            if (latLon.Inflate())
            {
                ctx.ClientGeolocation = latLon;
            }
            //else { ctx.Invalid = true; ctx.ContextMessage = Forbidden("Operation not allowed"); return ctx; }

            SimpleWebToken swttoken = null;

            if (!IsAuthenticated(HttpContext.Current, out swttoken))
            {
                ctx.Invalid = true;
                if (swttoken == null)
                {
                    ctx.ContextMessage = Unauthorized("Token required");
                }
                else if (swttoken.IsExpired)
                {
                    ctx.ContextMessage = Unauthorized("Token expired");
                }
                else
                {
                    ctx.ContextMessage = Unauthorized("Token invalid");
                }
            }

            return(ctx);
        }
        public void NewTokenWithArgs()
        {
            var args = new Dictionary<string, string>
            {
                {"alfa", "beta"}, 
                {"http://unittest-ip.com/alfa", "fisk & fugl"}
            };

            const string issuer = "http://unittest-ip.com/";
            const string audience = "http://unittest-rt.com/";
            var expiresOn = new DateTime(2034, 4, 7, 23, 12, 34, DateTimeKind.Utc);
            const string signingKey = "nh0BPopBTc7MAzviohoUbWNhO6NlV+LYm+sXOTPULxk=";

            var swt = new SimpleWebToken(issuer, audience, expiresOn, signingKey, args);
            Assert.AreEqual(expiresOn, swt.ExpiresOn);
            Assert.AreEqual(issuer, swt.Issuer);
            Assert.AreEqual(audience, swt.Audience);
            Assert.IsNotNull(swt.RawToken);
            Assert.IsNotNull(swt.Signature);
            Assert.IsTrue(swt.ValidateSignature(signingKey));
            foreach (var item in args)
                Assert.AreEqual(item.Value, swt[item.Key]);
            Assert.AreEqual(2, swt.Keys.Count());
            Assert.IsTrue(swt.Keys.Contains("alfa"));
            Assert.IsTrue(swt.Keys.Contains("http://unittest-ip.com/alfa"));
        }
Exemple #5
0
        public void RoundTrip()
        {
            var args = new Dictionary <string, string>
            {
                { "alfa", "beta" },
                { "http://unittest-ip.com/alfa", "fisk & fugl" }
            };

            const string issuer     = "http://unittest-ip.com/";
            const string audience   = "http://unittest-rt.com/";
            var          expiresOn  = new DateTime(2034, 4, 7, 23, 12, 34, DateTimeKind.Utc);
            const string signingKey = "nh0BPopBTc7MAzviohoUbWNhO6NlV+LYm+sXOTPULxk=";

            var swt0 = new SimpleWebToken().CreateToken(issuer, audience, expiresOn, signingKey, args);
            var swt  = new SimpleWebToken().CreateTokenFromRaw(swt0.RawToken);

            Assert.IsTrue(swt.ValidateSignature(signingKey));
            Assert.AreEqual(expiresOn, swt.ExpiresOn);
            Assert.AreEqual(issuer, swt.Issuer);
            Assert.AreEqual(audience, swt.Audience);
            Assert.IsNotNull(swt.RawToken);
            Assert.IsNotNull(swt.Signature);
            foreach (var item in args)
            {
                Assert.AreEqual(item.Value, swt[item.Key]);
            }
            Assert.AreEqual(2, swt.Keys.Count());
            Assert.IsTrue(swt.Keys.Contains("alfa"));
            Assert.IsTrue(swt.Keys.Contains("http://unittest-ip.com/alfa"));
        }
Exemple #6
0
        // POST api/issue
        public HttpResponseMessage Post(TokenRequest rst)
        {
            Uri scope = rst.Scope;

            if (scope == null)
            {
                return(Request.CreateResponse <TokenResponse>(HttpStatusCode.BadRequest, new TokenResponse()
                {
                    Error = OAuthError.INVALID_REQUEST
                }));
            }

            string   key      = OAuthConfiguration.Configuration.StsSettings.SymmetricKey;
            TimeSpan lifeTime = new TimeSpan(0, 0, OAuthConfiguration.Configuration.StsSettings.TokenLifeTimeInSec);

            var claims = new List <Claim>();

            claims.Add(new Claim(ClaimTypes.Name, this.User.Identity.Name));
            claims.Add(new Claim(ClaimTypes.Role, "AssetsServiceUser"));
            claims.Add(new Claim(ClaimTypes.Role, "Developer"));
            claims.Add(new Claim(ClaimTypes.Role, "Administrator"));

            SimpleWebToken token = new SimpleWebToken(scope, OAuthConfiguration.Configuration.StsSettings.IssuerUri.ToString(), DateTime.UtcNow + lifeTime, claims, key);

            var tokenResponse = new TokenResponse()
            {
                AccessToken = token.ToString(), TokenType = "bearer", ExpiresIn = 600
            };

            return(Request.CreateResponse <TokenResponse>(HttpStatusCode.OK, tokenResponse));
        }
Exemple #7
0
        public void WhenMultipleClaimValues_ThenExposesClaims()
        {
            var token = new SimpleWebToken("Role=Admin,User");

            var values = token.Claims.GetValues("Role");

            Assert.Equal(2, values.Length);
        }
        public void ToStringReturnsCorrectResult(string[] keysAndValues, string expected)
        {
            var claims = keysAndValues.Select(k => k.Split('|'))
                         .Select(k => new Claim(k[0], k[1]))
                         .ToArray();
            var sut    = new SimpleWebToken(claims);
            var actual = sut.ToString();

            Assert.Equal(expected, actual);
        }
Exemple #9
0
        public void WhenParsing_ThenCalculatesIsExpired()
        {
            var expiration = DateTime.UtcNow.Subtract(TimeSpan.FromHours(1)).ToEpochTime();
            var token      = new SimpleWebToken(new TokenData
            {
                ExpiresOn = expiration,
            }.ToString());

            Assert.True(token.IsExpired);
        }
        public void ToStringReturnsCorrectResult(string[] keysAndValues, string expected)
        {
            var claims = keysAndValues
                .Select(s => s.Split('|'))
                .Select(s => new Claim(s[0], s[1]))
                .ToArray();

            var sut = new SimpleWebToken(claims);
            var actual = sut.ToString();
            Assert.Equal(expected, actual);
        }
        public void TryParseInvalidStringReturnsFalse(string invalidString)
        {
            // Fixture setup
            // Exercise system
            SimpleWebToken dummy;
            bool           actual = SimpleWebToken.TryParse(invalidString, out dummy);

            // Verify outcome
            Assert.False(actual);
            // Teardown
        }
        /// <summary>
        /// Issues the token.
        /// </summary>
        /// <param name="scope">The scope.</param>
        /// <param name="claims">The claims.</param>
        /// <returns>System.String.</returns>
        private string IssueToken(Uri scope, params Claim[] claims)
        {
            var tokenIssuer = SecurityConfiguration.Instance.TokenIssuer;

            if (tokenIssuer != null)
            {
                return(SimpleWebToken.Create(tokenIssuer.Uri, scope, DateTime.UtcNow + tokenIssuer.Lifetime,
                                             tokenIssuer.SignatureKey, claims));
            }
            return("");
        }
Exemple #13
0
        public void ToStringShouldBeRight(string[] action, string expected)
        {
            //var expected = new[]
            //    {
            //        new Claim("foo", "bar")
            //    };
            var claims = action.Select(s => s.Split('|')).Select(a => new Claim(a[0], a[1])).ToArray();

            var sut = new SimpleWebToken(claims);

            Assert.Equal(expected, sut.ToString());
        }
        public void ToStringShouldBeRight(string[] action, string expected)
        {
            //var expected = new[]
            //    {
            //        new Claim("foo", "bar")
            //    };
            var claims = action.Select(s => s.Split('|')).Select(a => new Claim(a[0], a[1])).ToArray();

            var sut = new SimpleWebToken(claims);

            Assert.Equal(expected, sut.ToString());
        }
        //[InlineData(new[] { "foo|bar", "baz|qux" }, "foo=bar&baz=qux")]
        public void TryParseValidStringReturnsTrue(string[] keysAndValues)
        {
            var expected = keysAndValues.Select(k => k.Split('|'))
                           .Select(k => new Claim(k[0], k[1]))
                           .ToArray();
            var            tokenString = new SimpleWebToken(expected).ToString();
            SimpleWebToken actual;
            var            isValid = SimpleWebToken.TryParse(tokenString, out actual);

            Assert.True(isValid);
            Assert.True(expected.SequenceEqual(actual, new ClaimComparer()));
        }
Exemple #16
0
        //[HttpPost, CfAuthorize]
        //public ActionResult SaveClimbImages(Guid id, string guidlist)
        //{
        //    var items = new List<TempImageUploadJsonItem>();
        //    var medSvc = new MediaService();
        //    var climb = geoSvc.GetClimbByID(id);

        //    //you can use the MvcUploader.GetUploadedFile in any where
        //    using (CuteWebUI.MvcUploader uploader = new CuteWebUI.MvcUploader(System.Web.HttpContext.Current))
        //    {
        //        foreach (string strguid in guidlist.Split('/'))
        //        {
        //            var item = new TempImageUploadJsonItem();
        //            item.FileGuid = strguid;
        //            CuteWebUI.MvcUploadFile file = uploader.GetUploadedFile(new Guid(strguid));
        //            if (file == null)
        //            {
        //                item.Exists = false;
        //                item.Error = "File not exists";
        //                continue;
        //            }
        //            item.FileName = file.FileName;
        //            item.FileSize = file.FileSize;
        //            //process this item..

        //            using (var stream = file.OpenStream())
        //            {
        //                //you should validate it here:
        //                var media = new cf.Entities.Media() { Title = item.FileName };
        //                if (climb.HasAvatar)
        //                {
        //                    medSvc.CreateImageMedia(media, climb.ID, stream);
        //                }
        //                else
        //                {
        //                    geoSvc.SaveClimbAvatar(climb, stream, null);
        //                }
        //            }

        //            items.Add(item);
        //        }
        //    }

        //    return new JsonResult() { Data = items };
        //}

        protected static bool IsAuthenticated(HttpContextBase context)
        {
            //-- If the WIF pipeline has already authenticated the user just return
            if (context.User.Identity.IsAuthenticated)
            {
                return(true);
            }

            //-- Otherwise try to authenticate by swt token in header
            SimpleWebToken swttoken = null;

            return(SwtAuthenticate(context, out swttoken).Identity.IsAuthenticated);
        }
Exemple #17
0
        public void SutYieldsInjectedClaims()
        {
            var expected = new[]
            {
                new Claim("foo", "bar"),
                new Claim("bax", "qux"),
                new Claim("quux", "corge")
            };
            var sut = new SimpleWebToken(expected);

            Assert.True(expected.SequenceEqual(sut));
            Assert.True(expected.Cast <object>().SequenceEqual(((System.Collections.IEnumerable)sut).OfType <object>()));
        }
        private static SimpleWebToken CreateSimpleWebToken(string issuer, string scope, TimeSpan validity, NameValueCollection additionalInfo)
        {
            var swt = new SimpleWebToken(issuer) { Audience = scope, TokenValidity = validity };

            if (additionalInfo != null)
            {
                foreach (string key in additionalInfo.AllKeys)
                {
                    swt.Parameters.Add(key, additionalInfo[key]);
                }
            }

            return swt;
        }
Exemple #19
0
        public void YieldEnumeratorOfClaims()
        {
            var expected = new[]
            {
                new Claim("foo", "bar"),
                new Claim("queue", "qux"),
                new Claim("Rafael", "Ricardo")
            };

            var sut = new SimpleWebToken(expected);

            Assert.True(expected.SequenceEqual(sut));
            Assert.True(expected.Cast <object>().SequenceEqual(sut.OfType <object>()));
        }
        public void TryParsevalidStringReturnsCorrectResult(string[] keysAndValues)
        {
            var expected = keysAndValues
               .Select(s => s.Split('|'))
               .Select(s => new Claim(s[0], s[1]))
               .ToArray();

            var tokenString = new SimpleWebToken(expected).ToString();
            SimpleWebToken actual;
            var isValid = SimpleWebToken.TryParse(tokenString, out actual);
            Assert.True(isValid, "Token string was not valid");

            Assert.True(expected.SequenceEqual(actual, new ClaimComparer()));
        }
        public void YieldEnumeratorOfClaims()
        {
            var expected = new[]
                {
                    new Claim("foo", "bar"),
                    new Claim("queue", "qux"),
                    new Claim("Rafael", "Ricardo")
                };

            var sut = new SimpleWebToken(expected);

            Assert.True(expected.SequenceEqual(sut));
            Assert.True(expected.Cast<object>().SequenceEqual(sut.OfType<object>()));
        }
        public void SutYieldInjectedClaims()
        {
            var expected = new[]
            {
                new Claim("foo", "bar"),
                new Claim("baz", "qux"),
                new Claim("quux", "corge")
            };

            var sut = new SimpleWebToken(expected);

            Assert.True(expected.SequenceEqual(sut));
            Assert.True(expected.Cast<object>().SequenceEqual(((IEnumerable)sut).OfType<object>()));
        }
        private void WrapSWT(NameValueCollection collection, SimpleWebToken token, bool deflate)
        {
            var rawToken = token.RawToken;

            if (deflate)
            {
                var zipped = ZipStr(rawToken);
                rawToken = Convert.ToBase64String(zipped);
                collection["wrap_deflated"] = "true";
            }
            collection["wrap_access_token"] = _httpUtility.UrlEncode(rawToken);
            var seconds = Convert.ToInt32((token.ValidTo - token.ValidFrom).TotalSeconds);

            collection["wrap_access_token_expires_in"] = seconds.ToString();
        }
Exemple #24
0
        protected static IClaimsPrincipal SwtAuthenticate(HttpContextBase context, out SimpleWebToken swttoken)
        {
            IClaimsIdentity  currentIdentiy    = context.User.Identity as IClaimsIdentity;
            IClaimsPrincipal incomingPrincipal = context.User as IClaimsPrincipal;

            //if (!incomingPrincipal.Identity.IsAuthenticated)
            //{
            if (new cf.Identity.CfIdentityInflater().TryGetSwtClaimsIdentity(out currentIdentiy, out swttoken))
            {
                incomingPrincipal.Identities[0] = currentIdentiy;
            }
            //}

            return(incomingPrincipal);
        }
        public void SutYieldsInjectedClaims()
        {
            var expected = new[]
            {
                new Claim("foo", "bar"),
                new Claim("baz", "qux"),
                new Claim("quux", "corge"),
            };
            var sut = new SimpleWebToken(expected);

            Assert.True(expected.SequenceEqual(sut));
            Assert.True(
                expected.SequenceEqual(
                    sut.OfType <object>()));
        }
        private static string CreateSwtToken()
        {
            var signingKey = "wAVkldQiFypTQ+kdNdGWCYCHRcee8XmXxOvgmak8vSY=";
            var audience = "http://websample";
            var issuer = "http://self";

            var token = new SimpleWebToken(issuer, audience, Convert.FromBase64String(signingKey));

            token.AddClaim(ClaimTypes.Name, "dominick");
            token.AddClaim(ClaimTypes.Email, "*****@*****.**");
            token.AddClaim(ClaimTypes.Role, "Users");
            token.AddClaim(ClaimTypes.Role, "Administrators");
            token.AddClaim("simple", "test");

            return token.ToString();
        }
Exemple #27
0
        public void TestSimpleWebToken()
        {
            var       payload   = new { i = "", n = "", e = DateTime.Now.ToString() };
            var       token     = string.Empty;
            Stopwatch stopwatch = new Stopwatch();

            stopwatch.Reset();
            stopwatch.Start();
            for (int i = 0; i < 10; i++)
            {
                token = SimpleWebToken.Encode(payload, "MD5");
                Console.WriteLine(Newtonsoft.Json.JsonConvert.SerializeObject(SimpleWebToken.Decode(token)));
            }
            stopwatch.Stop();
            Console.WriteLine(stopwatch.ElapsedTicks);
        }
        public void NewToken()
        {
            const string issuer = "http://unittest-ip.com/";
            const string audience = "http://unittest-rt.com/";
            var expiresOn = new DateTime(2034, 4, 7, 23, 12, 34, DateTimeKind.Utc);
            const string signingKey = "nh0BPopBTc7MAzviohoUbWNhO6NlV+LYm+sXOTPULxk=";

            var swt = new SimpleWebToken(issuer, audience, expiresOn, signingKey);
            Assert.AreEqual(expiresOn, swt.ExpiresOn);
            Assert.AreEqual(issuer, swt.Issuer);
            Assert.AreEqual(audience, swt.Audience);
            Assert.IsNotNull(swt.RawToken);
            Assert.IsNotNull(swt.Signature);
            Assert.IsTrue(swt.ValidateSignature(signingKey));
            Assert.AreEqual(0, swt.Keys.Count());
        }
Exemple #29
0
        private static string CreateSwtToken()
        {
            var signingKey = "wAVkldQiFypTQ+kdNdGWCYCHRcee8XmXxOvgmak8vSY=";
            var audience   = "http://websample";
            var issuer     = "http://self";

            var token = new SimpleWebToken(issuer, audience, Convert.FromBase64String(signingKey));

            token.AddClaim(ClaimTypes.Name, "dominick");
            token.AddClaim(ClaimTypes.Email, "*****@*****.**");
            token.AddClaim(ClaimTypes.Role, "Users");
            token.AddClaim(ClaimTypes.Role, "Administrators");
            token.AddClaim("simple", "test");

            return(token.ToString());
        }
        public void ToStringReturnsCorrectResult(
            string[] keysAndValues,
            string expected)
        {
            // Fixture setup
            var claims = keysAndValues
                         .Select(s => s.Split('|'))
                         .Select(a => new Claim(a[0], a[1]))
                         .ToArray();
            var sut = new SimpleWebToken(claims);
            // Exercise system
            var actual = sut.ToString();

            // Verify outcome
            Assert.Equal(expected, actual);
        }
        public string AuthenticateUser(string userName, string password, Uri scope)
        {
            string token = null;
            string role  = userName == "Administrator" ? "adminis" : "everyone";

            if (_validUsers.Any(u => string.Equals(u, userName, StringComparison.OrdinalIgnoreCase)))
            {
                token = SimpleWebToken.Create(_tokenIssuer, scope, DateTime.UtcNow.AddHours(1), _tokenSignatureKey,
                                              new Claim(ClaimTypes.Name, userName),
                                              new Claim(ClaimTypes.NameIdentifier, "ID"),
                                              new Claim(ClaimTypes.Role, role)
                                              );
            }

            return(token);
        }
Exemple #32
0
        public void TryParseCorrectStringReturnsCorrectResult(
            string[] keysAndValues)
        {
            var expected = keysAndValues
                           .Select(s => s.Split('|'))
                           .Select(a => new Claim(a[0], a[1]))
                           .ToArray();

            var tokenString = new SimpleWebToken(expected).ToString();

            SimpleWebToken actual;
            var            isValid = SimpleWebToken.TryParse(tokenString, out actual);

            Assert.True(isValid, "Token string was not considered valid");
            Assert.True(expected.SequenceEqual(actual, new ClaimComparer()));
        }
        /// <summary>
        /// Tries to retrieve the clients ClaimsIdentity from the current request context.
        /// </summary>
        /// <param name="identity">The identity.</param>
        /// <returns>True when a valid identity was found - otherwise false.</returns>
        public virtual bool TryGetSwtClaimsIdentity(out IClaimsIdentity identity, out SimpleWebToken swttoken)
        {
            identity = null;

            // check header first - authorization and x-authorization
            var authZheader = HttpContext.Current.Request.Headers["cf-Authorization"];

            if (!string.IsNullOrEmpty(authZheader))
            {
                try
                {
                    if (authZheader.StartsWith("cfST="))
                    {
                        var encryptedBase64TokenString = authZheader.Substring("cfST=".Length);
                        var encryptedTokenBytes        = Convert.FromBase64String(encryptedBase64TokenString);
                        var encryptedTokenString       = enc.GetString(encryptedTokenBytes);
                        var tokenString = cf.Identity.DHDRSA.DecryptWithSymmetricAid((RSACryptoServiceProvider)cert.PrivateKey, encryptedTokenString);

                        tokenString = tokenString.Replace("_ws", "http%3a%2f%2fschemas.xmlsoap.org%2fws%2f2005%2f05%2fidentity%2fclaims%2f").
                                      Replace("_ms", "http%3a%2f%2fschemas.microsoft.com%2fws%2f2008%2f06%2fidentity%2fclaims%2f").
                                      Replace("_ma", "http%3a%2f%2fschemas.microsoft.com%2fws%2f2008%2f06%2fidentity%2fauthenticationmethod%2f").
                                      Replace("_cf", "http%3a%2f%2fclimbfind.com%2fclaims%2f").
                                      Replace("_ct", "http%3a%2f%2faccounts.climbfind.com%2ftrust");

                        swttoken = new SimpleWebToken(HttpUtility.UrlDecode(tokenString));
                        identity = swttoken.ToClaimsIdentity();
                    }
                    else
                    {
                        throw new AccessViolationException("Client usage of cf-Auth is invalid. This request has been logged & legal action will be taken if the client illegally access Climbfinds systems");
                    }

                    return(true);
                }
                catch
                {
                    swttoken = null;
                    return(false);
                }
            }
            else
            {
                swttoken = null;
            }

            return(false);
        }
Exemple #34
0
        public void NewToken()
        {
            const string issuer     = "http://unittest-ip.com/";
            const string audience   = "http://unittest-rt.com/";
            var          expiresOn  = new DateTime(2034, 4, 7, 23, 12, 34, DateTimeKind.Utc);
            const string signingKey = "nh0BPopBTc7MAzviohoUbWNhO6NlV+LYm+sXOTPULxk=";

            var swt = new SimpleWebToken().CreateToken(issuer, audience, expiresOn, signingKey);

            Assert.AreEqual(expiresOn, swt.ExpiresOn);
            Assert.AreEqual(issuer, swt.Issuer);
            Assert.AreEqual(audience, swt.Audience);
            Assert.IsNotNull(swt.RawToken);
            Assert.IsNotNull(swt.Signature);
            Assert.IsTrue(swt.ValidateSignature(signingKey));
            Assert.AreEqual(0, swt.Keys.Count());
        }
Exemple #35
0
        private static SimpleWebToken CreateSimpleWebToken(string issuer, string scope, TimeSpan validity, NameValueCollection additionalInfo)
        {
            var swt = new SimpleWebToken(issuer)
            {
                Audience = scope, TokenValidity = validity
            };

            if (additionalInfo != null)
            {
                foreach (string key in additionalInfo.AllKeys)
                {
                    swt.Parameters.Add(key, additionalInfo[key]);
                }
            }

            return(swt);
        }
 public void FromValidEncoded()
 {
     const string tokenString = "http%3a%2f%2fschemas.xmlsoap.org%2fws%2f2005%2f05%2fidentity%2fclaims%2fnameidentifier=upwJyUGTUPWMEiU3ds61jcsJUeUFjRza6sNEcdyNYnw%3d&http%3a%2f%2fschemas.microsoft.com%2faccesscontrolservice%2f2010%2f07%2fclaims%2fidentityprovider=uri%3aWindowsLiveID&Audience=http%3a%2f%2fnoisesentinel-dev-adminapi.azurewebsites.net%2f&ExpiresOn=1356650451&Issuer=https%3a%2f%2fbruelandkjaer.accesscontrol.windows.net%2f&HMACSHA256=npM6PtfuNUtG6EJ1gpS0s9rVvEx%2buP4UIXe3GB1t4CM%3d";
     var swt = new SimpleWebToken(tokenString);
     Assert.AreEqual(tokenString, swt.RawToken);
     Assert.AreEqual(new DateTime(2012, 12, 27, 23, 20, 51, DateTimeKind.Utc), swt.ExpiresOn);
     Assert.AreEqual("https://bruelandkjaer.accesscontrol.windows.net/", swt.Issuer);
     Assert.AreEqual("http://noisesentinel-dev-adminapi.azurewebsites.net/", swt.Audience);
     Assert.AreEqual("uri:WindowsLiveID", swt["http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider"]);
     Assert.AreEqual("upwJyUGTUPWMEiU3ds61jcsJUeUFjRza6sNEcdyNYnw=", swt["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"]);
     Assert.AreEqual("npM6PtfuNUtG6EJ1gpS0s9rVvEx+uP4UIXe3GB1t4CM=", swt.Signature);
     Assert.IsTrue(swt.ValidateSignature("eP+VgZq3YVUXSDt71lKnCRoxdoGngCT9WR4vTprH9TY="));
     Assert.IsFalse(swt.ValidateSignature("nh0BPopBTc7MAzviohoUbWNhO6NlV+LYm+sXOTPULxk="));
     Assert.IsNotNull(swt);
     Assert.AreEqual(2, swt.Keys.Count());
     Assert.IsTrue(swt.Keys.Contains("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider"));
     Assert.IsTrue(swt.Keys.Contains("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"));
 }
Exemple #37
0
        public void WhenParsing_ThenExposesClaimsButNotIntrinsicProperties()
        {
            var expiration = DateTime.UtcNow.ToEpochTime();
            var token      = new SimpleWebToken(new TokenData
            {
                IdClaim   = "23",
                NameClaim = "kzu",
                Audience  = "http://netfx.codeplex.com",
                Issuer    = "clarius",
                ExpiresOn = expiration,
            }.ToString());

            Assert.Equal(2, token.Claims.Count);
            Assert.Equal("23", token.Claims["IdClaim"]);
            Assert.Equal("kzu", token.Claims["NameClaim"]);
            Assert.Equal("http://netfx.codeplex.com", token.Audience);
            Assert.Equal("clarius", token.Issuer);
            Assert.Equal(expiration, token.ExpiresOn.ToEpochTime());
        }
Exemple #38
0
        public void FromValidEncoded()
        {
            const string tokenString = "http%3a%2f%2fschemas.xmlsoap.org%2fws%2f2005%2f05%2fidentity%2fclaims%2fnameidentifier=upwJyUGTUPWMEiU3ds61jcsJUeUFjRza6sNEcdyNYnw%3d&http%3a%2f%2fschemas.microsoft.com%2faccesscontrolservice%2f2010%2f07%2fclaims%2fidentityprovider=uri%3aWindowsLiveID&Audience=http%3a%2f%2fnoisesentinel-dev-adminapi.azurewebsites.net%2f&ExpiresOn=1356650451&Issuer=https%3a%2f%2fbruelandkjaer.accesscontrol.windows.net%2f&HMACSHA256=npM6PtfuNUtG6EJ1gpS0s9rVvEx%2buP4UIXe3GB1t4CM%3d";
            var          swt         = new SimpleWebToken().CreateTokenFromRaw(tokenString);

            Assert.AreEqual(tokenString, swt.RawToken);
            Assert.AreEqual(new DateTime(2012, 12, 27, 23, 20, 51, DateTimeKind.Utc), swt.ExpiresOn);
            Assert.AreEqual("https://bruelandkjaer.accesscontrol.windows.net/", swt.Issuer);
            Assert.AreEqual("http://noisesentinel-dev-adminapi.azurewebsites.net/", swt.Audience);
            Assert.AreEqual("uri:WindowsLiveID", swt["http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider"]);
            Assert.AreEqual("upwJyUGTUPWMEiU3ds61jcsJUeUFjRza6sNEcdyNYnw=", swt["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"]);
            Assert.AreEqual("npM6PtfuNUtG6EJ1gpS0s9rVvEx+uP4UIXe3GB1t4CM=", swt.Signature);
            Assert.IsTrue(swt.ValidateSignature("eP+VgZq3YVUXSDt71lKnCRoxdoGngCT9WR4vTprH9TY="));
            Assert.IsFalse(swt.ValidateSignature("nh0BPopBTc7MAzviohoUbWNhO6NlV+LYm+sXOTPULxk="));
            Assert.IsNotNull(swt);
            Assert.AreEqual(2, swt.Keys.Count());
            Assert.IsTrue(swt.Keys.Contains("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider"));
            Assert.IsTrue(swt.Keys.Contains("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"));
        }
Exemple #39
0
        private static string SerializeToken(SimpleWebToken accessToken, SecurityTokenHandlerCollection handlers)
        {
            if (handlers.CanWriteToken(accessToken))
            {
                string token = String.Empty;
                using (var sw = new StringWriter())
                {
                    var writer = new XmlTextWriter(sw);
                    handlers.WriteToken(writer, accessToken);

                    // remove the envelope <stringToken>
                    var envelope = sw.ToString();
                    token = XElement.Parse(envelope).Value;
                }

                return(token);
            }

            return(null);
        }
Exemple #40
0
        public override string GetIssuerName(SecurityToken securityToken)
        {
            if (securityToken == null)
            {
                throw new ArgumentNullException("securityToken");
            }

            SimpleWebToken token = securityToken as SimpleWebToken;

            if (token != null)
            {
                string issuer = token.Issuer.ToLowerInvariant();
                if (this.configuredTrustedIssuers.ContainsKey(issuer))
                {
                    return(this.configuredTrustedIssuers[issuer]);
                }
            }

            return(null);
        }
        private static string SerializeToken(SimpleWebToken accessToken, SecurityTokenHandlerCollection handlers)
        {
            if (handlers.CanWriteToken(accessToken))
            {
                string token = String.Empty;
                using (var sw = new StringWriter())
                {
                    var writer = new XmlTextWriter(sw);
                    handlers.WriteToken(writer, accessToken);

                    // remove the envelope <stringToken>
                    var envelope = sw.ToString();
                    token = XElement.Parse(envelope).Value;
                }

                return token;
            }

            return null;
        }
 private static void CheckToken(SimpleWebToken swt, string testKey, string trustedIssuer, string expectedAudience)
 {
     SimpleWebTokenValidationResult validationResult = SimpleWebToken.Validate(swt, testKey, trustedIssuer, expectedAudience);
     Assert.IsTrue(validationResult == SimpleWebTokenValidationResult.Valid, string.Format("Invalid Token: {0}", validationResult.ToString()));
 }
        private static void CheckPrinciple(SimpleWebToken swt)
        {
            IClaimsPrincipal principle = swt.ToPrinciple(nameClaimType: ClaimTypes.NameIdentifier);
            Assert.IsNotNull(principle);

            IClaimsIdentity identity = principle.Identity as IClaimsIdentity;
            Assert.IsNotNull(identity);

            if (identity != null)
            {
                foreach (var claim in identity.Claims)
                {
                    System.Console.WriteLine(string.Format("Claim Type: {0}, Claim Value: {1}", claim.ClaimType, claim.Value));
                }
            }
        }
        public void TestTokenConstructor()
        {
            string testKey = "ZncEZCBioztYEE3iC6dSnv+lJC4NmFX7Ns5pDgPKCwU=";
            string trustedIssuer = "https://clazure.accesscontrol.windows.net/";
            string expectedAudience = "http://www.robblackwell.org.uk/";

            NameValueCollection claims = new NameValueCollection();

            claims.Add("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "robblackwell");
            claims.Add("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "https://clazure.accesscontrol.windows.net/");

            SimpleWebToken swt = new SimpleWebToken("https://clazure.accesscontrol.windows.net/",
                    "http://www.robblackwell.org.uk/", DateTime.UtcNow.AddHours(1), claims);

            swt.Sign(testKey);

            CheckToken(swt, testKey, trustedIssuer, expectedAudience);
            CheckPrinciple(swt);
        }
        public void Test3()
        {
            string testKey = "ZncEZCBioztYEE3iC6dSnv+lJC4NmFX7Ns5pDgPKCwU=";

            NameValueCollection claims = new NameValueCollection();

            claims.Add("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "robblackwell");
            claims.Add("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "https://clazure.accesscontrol.windows.net/");

            SimpleWebToken swt = new SimpleWebToken("https://clazure.accesscontrol.windows.net/",
                    "http://www.robblackwell.org.uk/", 1331740071, claims);

            swt.Sign(testKey);

            Assert.IsTrue(swt.CheckSignature(testKey));
        }
        public override SecurityToken GetTokenFromString(string token)
        {
            // TODO: validate                        
            var items = HttpUtility.ParseQueryString(token);
            var issuer = items[IssuerLabel];
            items.Remove(IssuerLabel);
            var audience = items[AudienceLabel];
            items.Remove(AudienceLabel);
            var expiresOn = items[ExpiresOnLabel];
            items.Remove(ExpiresOnLabel);
            var id = items[IdLabel];
            items.Remove(IdLabel);
            var algorithm = items[SignatureAlgorithmLabel];
            items.Remove(SignatureAlgorithmLabel);
            
            // Treat signature differently to avoid loosing characters like '+' in the decoding
            var signature = ExtractSignature(HttpUtility.UrlDecode(token));
            items.Remove(SignatureLabel);
            
            byte[] signatureBytes = Convert.FromBase64String(signature);
            DateTime validTo = this.GetDateTimeFromExpiresOn((ulong)Convert.ToInt64(expiresOn));

            var swt = new SimpleWebToken(issuer)
            {
                Audience = audience,
                Signature = signatureBytes,
                TokenValidity = validTo - DateTime.UtcNow
            };

            if (id != null)
            {
                swt.SetId(id);
            }

            if (string.IsNullOrEmpty(algorithm))
            {
                swt.SignatureAlgorithm = algorithm;
            }

            foreach (string key in items.AllKeys)
            {
                swt.AddClaim(key, items[key]);
            }

            swt.RawToken = token;

            return swt;
        }
        private bool IsIssuerTrusted(SimpleWebToken accessToken, out string issuerName)
        {
            issuerName = null;
            if (!string.IsNullOrEmpty(accessToken.Issuer))
            {
                if (this.IssuerNameRegistry != null)
                {
                    issuerName = this.IssuerNameRegistry.GetIssuerName(accessToken);
                    if (!string.IsNullOrEmpty(issuerName))
                    {
                        return true;
                    }
                }
            }

            return false;
        }
        protected bool IsAudienceTrusted(SimpleWebToken accessToken)
        {
            if (this.AudienceRestriction.AudienceMode == AudienceUriMode.Never)
            {
                return true;
            }

            if (!string.IsNullOrEmpty(accessToken.Audience))
            {
                return this.AudienceRestriction.AllowedAudienceUris.Contains(new Uri(accessToken.Audience));
            }

            return false;
        }
 private void WrapSWT(NameValueCollection collection, SimpleWebToken token, bool deflate)
 {
     var rawToken = token.RawToken;
     if (deflate)
     {
         var zipped = this.ZipStr(rawToken);
         rawToken = Convert.ToBase64String(zipped);
         collection["wrap_deflated"] = "true";
     }
     collection["wrap_access_token"] = HttpUtility.UrlEncode(rawToken);
     var seconds = Convert.ToInt32((token.ValidTo - token.ValidFrom).TotalSeconds);
     collection["wrap_access_token_expires_in"] = seconds.ToString();
 }
        protected bool IsExpired(SimpleWebToken accessToken)
        {
            if (accessToken.ValidTo > DateTime.UtcNow)
            {
                return false;
            }

            return true;
        }
        protected bool IsValidSignature(SimpleWebToken token, byte[] signingKey)
        {
            var unsignedToken = this.GetUnsignedToken(token.RawToken);
            if (string.IsNullOrEmpty(unsignedToken))
            {
                return false;
            }

            var localSignature = GenerateSignature(unsignedToken, signingKey);
            var incomingSignature = HttpUtility.UrlEncode(Convert.ToBase64String(token.Signature));

            return localSignature.Equals(incomingSignature, StringComparison.Ordinal);
        }        
        private static IDictionary<string, string> ToDictionary(SimpleWebToken token)
        {
            var dictionary = new Dictionary<string, string>
            {
                { "Issuer", token.Issuer },
                { "Audience", token.Audience }                
            };

            return dictionary;
        }
        /// <summary>
        /// Check if the user is authenticated with a valid token
        /// </summary>
        /// <param name="context"></param>
        /// <returns></returns>
        protected static bool IsAuthenticated(HttpContext context, out SimpleWebToken swttoken)
        {
            IClaimsIdentity currentIdentiy = context.User.Identity as IClaimsIdentity;
            IClaimsPrincipal incomingPrincipal = context.User as IClaimsPrincipal;

            //if (!incomingPrincipal.Identity.IsAuthenticated)
            //{
            if (new cf.Identity.CfIdentityInflater().TryGetSwtClaimsIdentity(out currentIdentiy, out swttoken))
            {
                incomingPrincipal.Identities[0] = currentIdentiy;
            }
            //}

            return incomingPrincipal.Identity.IsAuthenticated;
        }
        protected static string SerializeToken(SimpleWebToken swt, SecurityTokenResolver tokenResolver)
        {
            StringBuilder builder = new StringBuilder(64);
            builder.Append("Id=");
            builder.Append(swt.Id);
            builder.Append('&');

            builder.Append(IssuerLabel);
            builder.Append('=');
            builder.Append(swt.Issuer);

            if (swt.Parameters.Count > 0)
            {
                builder.Append('&');
                foreach (string key in swt.Parameters.AllKeys)
                {
                    builder.Append(key);
                    builder.Append('=');
                    builder.Append(swt.Parameters[key]);
                    builder.Append('&');
                }
            }
            else
            {
                builder.Append('&');
            }

            builder.Append(ExpiresOnLabel);
            builder.Append('=');
            builder.Append(GetExpiresOn(swt.TokenValidity));

            if (!string.IsNullOrEmpty(swt.Audience))
            {
                builder.Append('&');
                builder.Append(AudienceLabel);
                builder.Append('=');
                builder.Append(swt.Audience);
            }

            builder.Append('&');
            builder.Append(SignatureAlgorithmLabel);
            builder.Append('=');
            builder.Append(SignatureAlgorithm);

            var keyIdentifierClause = new DictionaryBasedKeyIdentifierClause(ToDictionary(swt));
            InMemorySymmetricSecurityKey securityKey;
            try
            {
                securityKey = (InMemorySymmetricSecurityKey)tokenResolver.ResolveSecurityKey(keyIdentifierClause);
            }
            catch (InvalidOperationException)
            {
                throw new SecurityTokenValidationException(string.Format(CultureInfo.InvariantCulture, "Simmetryc key was not found for the key identifier clause: Keys='{0}', Values='{1}'", string.Join(",", keyIdentifierClause.Dictionary.Keys.ToArray()), string.Join(",", keyIdentifierClause.Dictionary.Values.ToArray())));
            }

            string signature = GenerateSignature(builder.ToString(), securityKey.GetSymmetricKey());
            builder.Append("&" + SignatureLabel + "=");
            builder.Append(signature);

            return builder.ToString();
        }
 public void SutIsIteratorOfClaims()
 {
     var sut = new SimpleWebToken();
     Assert.IsAssignableFrom<IEnumerable<Claim>>(sut);
 }