public void LogIn(OpenIdConnectAuthenticationOptions openIdConnectOptions)
{
if (Context.User == null || !Context.User.Identity.IsAuthenticated)
{
// Generate the nonce and give the user a claim for it
// BROKEN: Can't get StringDataFormat.Protect()
//string nonce = openIdConnectOptions.ProtocolValidator.GenerateNonce();
//Context.User.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("nonce", nonce) }, OpenIdConnectAuthenticationDefaults.AuthenticationScheme));
//string protectedNonce = openIdConnectOptions.StringDataFormat.Protect(nonce);
//Response.Cookies.Append(".AspNet.OpenIdConnect.Nonce." + protectedNonce, "N", new CookieOptions { HttpOnly = true, Secure = Request.IsHttps });
Context.Response.Redirect(
$"https://login.microsoftonline.com/{Startup.Tenant}/oauth2/v2.0/authorize" +
$"?p={Startup.SignInPolicyId}" +
$"&client_id={Startup.ClientId}" +
"&response_type=id_token" +
"&scope=openid" +
"&response_mode=form_post" +
$"&redirect_uri={Startup.RedirectUrl}"
// + "&nonce=" + nonce
);
}
else
{
Context.Response.Redirect("/");
}
}
public void Signup(OpenIdConnectAuthenticationOptions openIdConnectOptions)
{
if (!Context.User.Identity.IsAuthenticated)
{
Context.Response.Redirect(
$"https://login.microsoftonline.com/{Startup.Tenant}/oauth2/v2.0/authorize" +
$"&client_id={Startup.SignUpPolicyId}" +
$"&client_id={Startup.ClientId}" +
"&response_type=id_token" +
"&scope=openid" +
"&response_mode=form_post" +
$"&redirect_uri={Startup.RedirectUrl}"
);
}
else
{
Context.Response.Redirect("/");
}
}
private static void StateInvalidOptions(OpenIdConnectAuthenticationOptions options)
{
DefaultOptions(options);
}
private static void SecurityTokenValidatedSkippedOptions(OpenIdConnectAuthenticationOptions options)
{
SecurityTokenValidatorValidatesAllTokens(options);
options.Notifications =
new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = (notification) =>
{
notification.SkipToNextMiddleware();
return Task.FromResult<object>(null);
}
};
}
private static void SecurityTokenValidatorValidatesAllTokens(OpenIdConnectAuthenticationOptions options)
{
DefaultOptions(options);
options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
options.ProtocolValidator.RequireTimeStampInNonce = false;
options.ProtocolValidator.RequireNonce = false;
}
private static void SecurityTokenValidatorThrows(OpenIdConnectAuthenticationOptions options)
{
AuthenticationErrorHandledOptions(options);
var mockValidator = new Mock<ISecurityTokenValidator>();
SecurityToken jwt = null;
mockValidator.Setup(v => v.ValidateToken(It.IsAny<string>(), It.IsAny<TokenValidationParameters>(), out jwt)).Throws<SecurityTokenSignatureKeyNotFoundException>();
mockValidator.Setup(v => v.CanReadToken(It.IsAny<string>())).Returns(true);
options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { mockValidator.Object };
}
private static void SecurityTokenValidatorCannotReadToken(OpenIdConnectAuthenticationOptions options)
{
AuthenticationErrorHandledOptions(options);
var mockValidator = new Mock<ISecurityTokenValidator>();
SecurityToken jwt = null;
mockValidator.Setup(v => v.ValidateToken(It.IsAny<string>(), It.IsAny<TokenValidationParameters>(), out jwt)).Returns(new ClaimsPrincipal());
mockValidator.Setup(v => v.CanReadToken(It.IsAny<string>())).Returns(false);
options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { mockValidator.Object };
}
private void SetOptions(OpenIdConnectAuthenticationOptions options, List<string> parameters, ExpectedQueryValues queryValues, ISecureDataFormat<AuthenticationProperties> secureDataFormat = null)
{
foreach (var param in parameters)
{
if (param.Equals(OpenIdConnectParameterNames.ClientId))
options.ClientId = queryValues.ClientId;
else if (param.Equals(OpenIdConnectParameterNames.RedirectUri))
options.RedirectUri = queryValues.RedirectUri;
else if (param.Equals(OpenIdConnectParameterNames.Resource))
options.Resource = queryValues.Resource;
else if (param.Equals(OpenIdConnectParameterNames.Scope))
options.Scope = queryValues.Scope;
}
options.Authority = queryValues.Authority;
options.Configuration = queryValues.Configuration;
options.StateDataFormat = secureDataFormat ?? new AuthenticationPropertiesFormaterKeyValue();
}
private static void MessageReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options)
{
DefaultOptions(options);
options.Notifications =
new OpenIdConnectAuthenticationNotifications
{
MessageReceived = (notification) =>
{
notification.SkipToNextMiddleware();
return Task.FromResult<object>(null);
}
};
}
private static void GetUserInfoFromUIEndpoint(OpenIdConnectAuthenticationOptions options)
{
DefaultOptions(options);
options.ResponseType = OpenIdConnectResponseTypes.Code;
options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
options.GetClaimsFromUserInfoEndpoint = true;
options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
options.Notifications =
new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = (notification) =>
{
var claimValue = notification.AuthenticationTicket.Principal.FindFirst("test claim");
Assert.Equal(claimValue.Value, "test value");
notification.HandleResponse();
return Task.FromResult<object>(null);
}
};
}
private static void CodeReceivedAndRedeemedSkippedOptions(OpenIdConnectAuthenticationOptions options)
{
DefaultOptions(options);
options.ResponseType = OpenIdConnectResponseTypes.Code;
options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
options.Notifications =
new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeRedeemed = (notification) =>
{
notification.SkipToNextMiddleware();
return Task.FromResult<object>(null);
}
};
}
private static void AuthenticationErrorSkippedOptions(OpenIdConnectAuthenticationOptions options)
{
DefaultOptions(options);
options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
options.ProtocolValidator = MockProtocolValidator();
options.Notifications =
new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = (notification) =>
{
notification.SkipToNextMiddleware();
return Task.FromResult<object>(null);
}
};
}
private static void AuthorizationCodeReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
{
DefaultOptions(options);
options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
options.ProtocolValidator = MockProtocolValidator();
options.Notifications =
new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = (notification) =>
{
notification.HandleResponse();
return Task.FromResult<object>(null);
}
};
}
private void ConfigureOpenIdConnectAuthentication(OpenIdConnectAuthenticationOptions options)
{
// from original template
options.AutomaticAuthentication = true;
options.ClientId = Configuration["Authentication:AzureAd:ClientId"];
options.Authority = Configuration["Authentication:AzureAd:AADInstance"] + Configuration["Authentication:AzureAd:Tenant"];
options.PostLogoutRedirectUri = Configuration["Authentication:AzureAd:PostLogoutRedirectUri"];
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.RedirectUri = Configuration["Authentication:AzureAd:PostLogoutRedirectUri"];
options.Scope = "openid";
options.ResponseType = "id_token";
//options.ConfigurationManager = new PolicyConfigurationManager(options.Authority + "/v2.0/.well-known/openid-configuration",
// new string[] { "B2C_1_SiUp", "b2c_1_siin", "B2C_1_SiPe" });
var configurationManager = new PolicyConfigurationManager();
configurationManager.AddPolicy("common", "https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration");
configurationManager.AddPolicy("b2c_1_siup", string.Format(CultureInfo.InvariantCulture, "{0}{1}?p={2}",
options.Authority, "/v2.0/.well-known/openid-configuration", "b2c_1_siup"));
configurationManager.AddPolicy("b2c_1_siin", string.Format(CultureInfo.InvariantCulture, "{0}{1}?p={2}",
options.Authority, "/v2.0/.well-known/openid-configuration", "b2c_1_siin"));
configurationManager.AddPolicy("b2c_1_sipe", string.Format(CultureInfo.InvariantCulture, "{0}{1}?p={2}",
options.Authority, "/v2.0/.well-known/openid-configuration", "b2c_1_sipe"));
options.ConfigurationManager = configurationManager;
options.TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters()
{
//NameClaimType = "name"
ValidateIssuer = false
};
options.Notifications = CreateOpenIdConnectAuthenticationNotifications();
}
// Setup a notification to check for expected state.
// The state gets set by the runtime after the 'MessageReceivedNotification'
private static void SetStateOptions(OpenIdConnectAuthenticationOptions options)
{
options.AuthenticationScheme = "OpenIdConnectHandlerTest";
options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager;
options.ClientId = Guid.NewGuid().ToString();
options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
options.Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeRedeemed = notification =>
{
notification.HandleResponse();
if (notification.ProtocolMessage.State == null && !notification.ProtocolMessage.Parameters.ContainsKey(ExpectedStateParameter))
return Task.FromResult<object>(null);
if (notification.ProtocolMessage.State == null || !notification.ProtocolMessage.Parameters.ContainsKey(ExpectedStateParameter))
Assert.True(false, "(notification.ProtocolMessage.State=!= null || !notification.ProtocolMessage.Parameters.ContainsKey(expectedState)");
Assert.Equal(notification.ProtocolMessage.State, notification.ProtocolMessage.Parameters[ExpectedStateParameter]);
return Task.FromResult<object>(null);
}
};
}
private static void SetProtocolMessageOptions(OpenIdConnectAuthenticationOptions options)
{
var mockOpenIdConnectMessage = new Mock<OpenIdConnectMessage>();
mockOpenIdConnectMessage.Setup(m => m.CreateAuthenticationRequestUrl()).Returns(ExpectedAuthorizeRequest);
mockOpenIdConnectMessage.Setup(m => m.CreateLogoutRequestUrl()).Returns(ExpectedLogoutRequest);
options.AutomaticAuthentication = true;
options.Notifications =
new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = (notification) =>
{
notification.ProtocolMessage = mockOpenIdConnectMessage.Object;
return Task.FromResult<object>(null);
}
};
}
private static void MessageWithErrorOptions(OpenIdConnectAuthenticationOptions options)
{
AuthenticationErrorHandledOptions(options);
}
private static void DefaultChallengeOptions(OpenIdConnectAuthenticationOptions options)
{
options.AuthenticationScheme = "OpenIdConnectHandlerTest";
options.AutomaticAuthentication = true;
options.ClientId = Guid.NewGuid().ToString();
options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager;
options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
}
private static void SecurityTokenReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
{
DefaultOptions(options);
options.Notifications =
new OpenIdConnectAuthenticationNotifications
{
SecurityTokenReceived = (notification) =>
{
notification.HandleResponse();
return Task.FromResult<object>(null);
}
};
}
