private void ValidateLoginToken(string token, AppServiceAuthenticationOptions options)
{
// validate the token and get the claims principal
ClaimsPrincipal claimsPrincipal = null;
Assert.True(this.tokenHandler.TryValidateLoginToken(token, options.SigningKey, this.testWebsiteUrls, this.testWebsiteUrls, out claimsPrincipal));
}
public void Authenticate_CorrectlyAuthenticates(string otherSigningKey, bool expectAuthenticated)
{
// Arrange
HttpConfiguration config = new HttpConfiguration();
AppServiceAuthenticationOptions optionsDefault = CreateTestOptions(config);
optionsDefault.SigningKey = SigningKeyAlpha;
AppServiceAuthenticationOptions optionsOtherSigningKey = CreateTestOptions(config);
optionsOtherSigningKey.SigningKey = otherSigningKey;
var mock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object);
var request = CreateAuthRequest(new Uri(TestWebsiteUrl), GetTestToken());
// Act
AuthenticationTicket authTicket = mock.Authenticate(request, optionsOtherSigningKey);
// Assert
if (expectAuthenticated)
{
// ensure the AuthenticationTicket is set correctly
Assert.NotNull(authTicket);
Assert.NotNull(authTicket.Identity);
Assert.True(authTicket.Identity.IsAuthenticated);
}
else
{
Assert.NotNull(authTicket);
Assert.NotNull(authTicket.Identity);
Assert.False(authTicket.Identity.IsAuthenticated);
}
}
private AppServiceAuthenticationOptions CreateTestOptions()
{
AppServiceAuthenticationOptions options = new AppServiceAuthenticationOptions
{
SigningKey = TestSigningKey,
};
return(options);
}
public void TryValidateLoginToken_RejectsMalformedTokens()
{
AppServiceAuthenticationOptions options = this.CreateTestOptions();
ClaimsPrincipal claimsPrincipal = null;
bool result = this.tokenHandler.TryValidateLoginToken("this is not a valid jwt", options.SigningKey, this.testWebsiteUrls, this.testWebsiteUrls, out claimsPrincipal);
Assert.False(result);
Assert.Null(claimsPrincipal);
}
private static AppServiceAuthenticationOptions CreateTestOptions(HttpConfiguration config)
{
AppServiceAuthenticationOptions options = new AppServiceAuthenticationOptions
{
ValidAudiences = new[] { TestWebsiteUrl },
ValidIssuers = new[] { TestWebsiteUrl },
SigningKey = SigningKeyAlpha,
TokenHandler = config.GetAppServiceTokenHandler()
};
return(options);
}
public void CreateTokenInfo_AndValidateLoginToken_Works()
{
AppServiceAuthenticationOptions options = this.CreateTestOptions();
Claim[] claims = new Claim[]
{
new Claim("sub", this.credentials.UserId),
};
// Create a login token for the provider
JwtSecurityToken token = AppServiceLoginHandler.CreateToken(claims, this.testSecretKey, this.testWebsiteUrls[0], this.testWebsiteUrls[0], Lifetime);
this.ValidateLoginToken(token.RawData, options);
}
public void ConfigureAuth(IAppBuilder app)
{
#if DEBUG
// It is useful to be able to debug the API app locally, but this becomes challenging
// once authentication is involved - Azure App Service does the authentication for
// us, and of course if we're running locally then Azure App Service is no longer in
// the picture.
// What we can do, though, is arrange for the client to authenticate against the real
// service, but then talk to localhost for everything else. That wouldn't normally work
// because the local service would have no way of validating the token. But the following
// code configures the token handling so that it will work correctly with tokens supplied
// by the real service.when running locally.
// On the client side, this
// First, we need to detect whether we are in fact running locally, or up in Azure:
var config = GlobalConfiguration.Configuration;
MobileAppSettingsDictionary settings = config.GetMobileAppSettingsProvider().GetMobileAppSettings();
var cons = settings.Connections;
if (string.IsNullOrEmpty(settings.HostName))
{
// By default, HostName will only have a value when running in an App Service application,
// so if we get here it means we're running locally.
// Next, has the developer supplied the config we require to be able to validate
// Azure-supplied keys locally?
// See
// http://www.systemsabuse.com/2015/12/04/local-debugging-with-user-authentication-of-an-azure-mobile-app-service/
// for details on how to get these settings.
var signingKey = ConfigurationManager.AppSettings["SigningKey"];
if (!string.IsNullOrWhiteSpace(signingKey))
{
// The dev has supplied a signing key (and we assume if they've worked
// out how to do that, they've also filled in the audience and issuer)
// so let's configure the middleware to be able to process tokens from
// Azure.
var options = new AppServiceAuthenticationOptions
{
SigningKey = ConfigurationManager.AppSettings["SigningKey"],
ValidAudiences = new[] { ConfigurationManager.AppSettings["ValidAudience"] },
ValidIssuers = new[] { ConfigurationManager.AppSettings["ValidIssuer"] },
TokenHandler = config.GetAppServiceTokenHandler()
};
app.UseAppServiceAuthentication(options);
}
}
#endif
// If we're not debugging locally, we rely entirely on Azure App
// Service authentication, so there's nothing for us to do.
}
public void Authenticate_Fails_WithInvalidIssuer()
{
// Arrange
AppServiceAuthenticationOptions options = CreateTestOptions(new HttpConfiguration());
var mock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object);
var request = CreateAuthRequest(new Uri(TestWebsiteUrl), GetTestToken(issuer: "https://invalidIssuer/"));
// Act
AuthenticationTicket authticket = mock.Authenticate(request, options);
// Assert
Assert.NotNull(authticket);
Assert.NotNull(authticket.Identity);
Assert.False(authticket.Identity.IsAuthenticated, "Expected Authenticate to fail with invalid issuer");
}
/// <summary>
/// Create a test user
/// </summary>
private ClaimsPrincipal CreateTestUser()
{
AppServiceAuthenticationOptions options = CreateTestOptions();
Claim[] claims = new Claim[]
{
new Claim("sub", this.facebookCredentials.UserId)
};
JwtSecurityToken token = AppServiceLoginHandler.CreateToken(claims, TestSigningKey, TestLocalhostUrl, TestLocalhostUrl, TimeSpan.FromDays(10));
ClaimsPrincipal user = null;
string[] validIssAud = new[] { TestLocalhostUrl };
this.tokenHandler.TryValidateLoginToken(token.RawData, options.SigningKey, validIssAud, validIssAud, out user);
return(user);
}
public void Authenticate_FailsToAuthenticate_ValidIdentity_WithoutSigningKey()
{
// Arrange
AppServiceAuthenticationOptions options = CreateTestOptions(new HttpConfiguration());
var mock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object);
var request = CreateAuthRequest(new Uri(TestWebsiteUrl), GetTestToken());
options.SigningKey = null;
// Act
AuthenticationTicket authticket = mock.Authenticate(request, options);
// Assert
Assert.NotNull(authticket);
Assert.NotNull(authticket.Identity);
Assert.False(authticket.Identity.IsAuthenticated, "Expected Authenticate to fail without signing key specified in MobileAppAuthenticationOptions");
}
public void UseMobileAppAuthentication_ConfiguresServiceAuthentication_WhenAuthEnabled()
{
// Arrange
MobileAppConfiguration configOptions = new MobileAppConfiguration();
this.config.SetMobileAppConfiguration(configOptions);
AppServiceAuthenticationOptions options = new AppServiceAuthenticationOptions();
this.appBuilderMock.Setup(p => p.Use(It.IsAny <object>(), It.IsAny <object[]>()))
.Callback <object, object[]>((mockObject, mockArgs) =>
{
options = (AppServiceAuthenticationOptions)mockArgs[1];
})
.Returns(this.appBuilder)
.Verifiable();
// Act
this.appBuilder.UseAppServiceAuthentication(options);
// Assert
this.appBuilderMock.Verify(p => p.Use(It.IsAny <object>(), It.IsAny <object[]>()), Times.Once);
Assert.Equal("MobileApp", options.AuthenticationType);
}
public void TryValidateLoginToken_AcceptsPreviousTokenVersions(string tokenValue)
{
AppServiceAuthenticationOptions options = this.CreateTestOptions();
this.ValidateLoginToken(tokenValue, options);
}
public new AuthenticationTicket Authenticate(IOwinRequest request, AppServiceAuthenticationOptions options)
{
return(base.Authenticate(request, options));
}
public static IAppBuilder UseAppServiceAuthentication(this IAppBuilder appBuilder, AppServiceAuthenticationOptions options)
{
if (appBuilder == null)
{
throw new ArgumentNullException("appBuilder");
}
if (options == null)
{
throw new ArgumentNullException("options");
}
appBuilder.Use(typeof(AppServiceAuthenticationMiddleware), new object[]
{
appBuilder,
options
});
return(appBuilder);
}
public MobileAppAuthenticationOptionsTests()
{
this.options = new AppServiceAuthenticationOptions();
this.options.SigningKey = SigningKey;
}
