public void LogIn(OpenIdConnectAuthenticationOptions openIdConnectOptions) { if (Context.User == null || !Context.User.Identity.IsAuthenticated) { // Generate the nonce and give the user a claim for it // BROKEN: Can't get StringDataFormat.Protect() //string nonce = openIdConnectOptions.ProtocolValidator.GenerateNonce(); //Context.User.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("nonce", nonce) }, OpenIdConnectAuthenticationDefaults.AuthenticationScheme)); //string protectedNonce = openIdConnectOptions.StringDataFormat.Protect(nonce); //Response.Cookies.Append(".AspNet.OpenIdConnect.Nonce." + protectedNonce, "N", new CookieOptions { HttpOnly = true, Secure = Request.IsHttps }); Context.Response.Redirect( $"https://login.microsoftonline.com/{Startup.Tenant}/oauth2/v2.0/authorize" + $"?p={Startup.SignInPolicyId}" + $"&client_id={Startup.ClientId}" + "&response_type=id_token" + "&scope=openid" + "&response_mode=form_post" + $"&redirect_uri={Startup.RedirectUrl}" // + "&nonce=" + nonce ); } else { Context.Response.Redirect("/"); } }
public void Signup(OpenIdConnectAuthenticationOptions openIdConnectOptions) { if (!Context.User.Identity.IsAuthenticated) { Context.Response.Redirect( $"https://login.microsoftonline.com/{Startup.Tenant}/oauth2/v2.0/authorize" + $"&client_id={Startup.SignUpPolicyId}" + $"&client_id={Startup.ClientId}" + "&response_type=id_token" + "&scope=openid" + "&response_mode=form_post" + $"&redirect_uri={Startup.RedirectUrl}" ); } else { Context.Response.Redirect("/"); } }
private static void StateInvalidOptions(OpenIdConnectAuthenticationOptions options) { DefaultOptions(options); }
private static void SecurityTokenValidatedSkippedOptions(OpenIdConnectAuthenticationOptions options) { SecurityTokenValidatorValidatesAllTokens(options); options.Notifications = new OpenIdConnectAuthenticationNotifications { SecurityTokenValidated = (notification) => { notification.SkipToNextMiddleware(); return Task.FromResult<object>(null); } }; }
private static void SecurityTokenValidatorValidatesAllTokens(OpenIdConnectAuthenticationOptions options) { DefaultOptions(options); options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() }; options.ProtocolValidator.RequireTimeStampInNonce = false; options.ProtocolValidator.RequireNonce = false; }
private static void SecurityTokenValidatorThrows(OpenIdConnectAuthenticationOptions options) { AuthenticationErrorHandledOptions(options); var mockValidator = new Mock<ISecurityTokenValidator>(); SecurityToken jwt = null; mockValidator.Setup(v => v.ValidateToken(It.IsAny<string>(), It.IsAny<TokenValidationParameters>(), out jwt)).Throws<SecurityTokenSignatureKeyNotFoundException>(); mockValidator.Setup(v => v.CanReadToken(It.IsAny<string>())).Returns(true); options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { mockValidator.Object }; }
private static void SecurityTokenValidatorCannotReadToken(OpenIdConnectAuthenticationOptions options) { AuthenticationErrorHandledOptions(options); var mockValidator = new Mock<ISecurityTokenValidator>(); SecurityToken jwt = null; mockValidator.Setup(v => v.ValidateToken(It.IsAny<string>(), It.IsAny<TokenValidationParameters>(), out jwt)).Returns(new ClaimsPrincipal()); mockValidator.Setup(v => v.CanReadToken(It.IsAny<string>())).Returns(false); options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { mockValidator.Object }; }
private void SetOptions(OpenIdConnectAuthenticationOptions options, List<string> parameters, ExpectedQueryValues queryValues, ISecureDataFormat<AuthenticationProperties> secureDataFormat = null) { foreach (var param in parameters) { if (param.Equals(OpenIdConnectParameterNames.ClientId)) options.ClientId = queryValues.ClientId; else if (param.Equals(OpenIdConnectParameterNames.RedirectUri)) options.RedirectUri = queryValues.RedirectUri; else if (param.Equals(OpenIdConnectParameterNames.Resource)) options.Resource = queryValues.Resource; else if (param.Equals(OpenIdConnectParameterNames.Scope)) options.Scope = queryValues.Scope; } options.Authority = queryValues.Authority; options.Configuration = queryValues.Configuration; options.StateDataFormat = secureDataFormat ?? new AuthenticationPropertiesFormaterKeyValue(); }
private static void MessageReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options) { DefaultOptions(options); options.Notifications = new OpenIdConnectAuthenticationNotifications { MessageReceived = (notification) => { notification.SkipToNextMiddleware(); return Task.FromResult<object>(null); } }; }
private static void GetUserInfoFromUIEndpoint(OpenIdConnectAuthenticationOptions options) { DefaultOptions(options); options.ResponseType = OpenIdConnectResponseTypes.Code; options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue(); options.GetClaimsFromUserInfoEndpoint = true; options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() }; options.Notifications = new OpenIdConnectAuthenticationNotifications { SecurityTokenValidated = (notification) => { var claimValue = notification.AuthenticationTicket.Principal.FindFirst("test claim"); Assert.Equal(claimValue.Value, "test value"); notification.HandleResponse(); return Task.FromResult<object>(null); } }; }
private static void CodeReceivedAndRedeemedSkippedOptions(OpenIdConnectAuthenticationOptions options) { DefaultOptions(options); options.ResponseType = OpenIdConnectResponseTypes.Code; options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue(); options.Notifications = new OpenIdConnectAuthenticationNotifications { AuthorizationCodeRedeemed = (notification) => { notification.SkipToNextMiddleware(); return Task.FromResult<object>(null); } }; }
private static void AuthenticationErrorSkippedOptions(OpenIdConnectAuthenticationOptions options) { DefaultOptions(options); options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() }; options.ProtocolValidator = MockProtocolValidator(); options.Notifications = new OpenIdConnectAuthenticationNotifications { AuthenticationFailed = (notification) => { notification.SkipToNextMiddleware(); return Task.FromResult<object>(null); } }; }
private static void AuthorizationCodeReceivedHandledOptions(OpenIdConnectAuthenticationOptions options) { DefaultOptions(options); options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() }; options.ProtocolValidator = MockProtocolValidator(); options.Notifications = new OpenIdConnectAuthenticationNotifications { AuthorizationCodeReceived = (notification) => { notification.HandleResponse(); return Task.FromResult<object>(null); } }; }
private void ConfigureOpenIdConnectAuthentication(OpenIdConnectAuthenticationOptions options) { // from original template options.AutomaticAuthentication = true; options.ClientId = Configuration["Authentication:AzureAd:ClientId"]; options.Authority = Configuration["Authentication:AzureAd:AADInstance"] + Configuration["Authentication:AzureAd:Tenant"]; options.PostLogoutRedirectUri = Configuration["Authentication:AzureAd:PostLogoutRedirectUri"]; options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.RedirectUri = Configuration["Authentication:AzureAd:PostLogoutRedirectUri"]; options.Scope = "openid"; options.ResponseType = "id_token"; //options.ConfigurationManager = new PolicyConfigurationManager(options.Authority + "/v2.0/.well-known/openid-configuration", // new string[] { "B2C_1_SiUp", "b2c_1_siin", "B2C_1_SiPe" }); var configurationManager = new PolicyConfigurationManager(); configurationManager.AddPolicy("common", "https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration"); configurationManager.AddPolicy("b2c_1_siup", string.Format(CultureInfo.InvariantCulture, "{0}{1}?p={2}", options.Authority, "/v2.0/.well-known/openid-configuration", "b2c_1_siup")); configurationManager.AddPolicy("b2c_1_siin", string.Format(CultureInfo.InvariantCulture, "{0}{1}?p={2}", options.Authority, "/v2.0/.well-known/openid-configuration", "b2c_1_siin")); configurationManager.AddPolicy("b2c_1_sipe", string.Format(CultureInfo.InvariantCulture, "{0}{1}?p={2}", options.Authority, "/v2.0/.well-known/openid-configuration", "b2c_1_sipe")); options.ConfigurationManager = configurationManager; options.TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters() { //NameClaimType = "name" ValidateIssuer = false }; options.Notifications = CreateOpenIdConnectAuthenticationNotifications(); }
// Setup a notification to check for expected state. // The state gets set by the runtime after the 'MessageReceivedNotification' private static void SetStateOptions(OpenIdConnectAuthenticationOptions options) { options.AuthenticationScheme = "OpenIdConnectHandlerTest"; options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager; options.ClientId = Guid.NewGuid().ToString(); options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue(); options.Notifications = new OpenIdConnectAuthenticationNotifications { AuthorizationCodeRedeemed = notification => { notification.HandleResponse(); if (notification.ProtocolMessage.State == null && !notification.ProtocolMessage.Parameters.ContainsKey(ExpectedStateParameter)) return Task.FromResult<object>(null); if (notification.ProtocolMessage.State == null || !notification.ProtocolMessage.Parameters.ContainsKey(ExpectedStateParameter)) Assert.True(false, "(notification.ProtocolMessage.State=!= null || !notification.ProtocolMessage.Parameters.ContainsKey(expectedState)"); Assert.Equal(notification.ProtocolMessage.State, notification.ProtocolMessage.Parameters[ExpectedStateParameter]); return Task.FromResult<object>(null); } }; }
private static void SetProtocolMessageOptions(OpenIdConnectAuthenticationOptions options) { var mockOpenIdConnectMessage = new Mock<OpenIdConnectMessage>(); mockOpenIdConnectMessage.Setup(m => m.CreateAuthenticationRequestUrl()).Returns(ExpectedAuthorizeRequest); mockOpenIdConnectMessage.Setup(m => m.CreateLogoutRequestUrl()).Returns(ExpectedLogoutRequest); options.AutomaticAuthentication = true; options.Notifications = new OpenIdConnectAuthenticationNotifications { RedirectToIdentityProvider = (notification) => { notification.ProtocolMessage = mockOpenIdConnectMessage.Object; return Task.FromResult<object>(null); } }; }
private static void MessageWithErrorOptions(OpenIdConnectAuthenticationOptions options) { AuthenticationErrorHandledOptions(options); }
private static void DefaultChallengeOptions(OpenIdConnectAuthenticationOptions options) { options.AuthenticationScheme = "OpenIdConnectHandlerTest"; options.AutomaticAuthentication = true; options.ClientId = Guid.NewGuid().ToString(); options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager; options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue(); }
private static void SecurityTokenReceivedHandledOptions(OpenIdConnectAuthenticationOptions options) { DefaultOptions(options); options.Notifications = new OpenIdConnectAuthenticationNotifications { SecurityTokenReceived = (notification) => { notification.HandleResponse(); return Task.FromResult<object>(null); } }; }