Esempio n. 1
0
        public static void AddValidateAudienceTheoryData(List <TokenTheoryData> theoryData)
        {
            theoryData.Add(new TokenTheoryData
            {
                Audiences            = new List <string>(),
                First                = true,
                ExpectedException    = ExpectedException.ArgumentNullException("IDX10000:"),
                TestId               = "TokenValidationParameters null",
                ValidationParameters = null,
            });

            theoryData.Add(new TokenTheoryData
            {
                Audiences            = new List <string>(),
                TestId               = "ValidateAudience = false",
                ValidationParameters = new TokenValidationParameters
                {
                    ValidateAudience = false,
                },
            });

            theoryData.Add(new TokenTheoryData
            {
                Audiences            = new List <string>(),
                ExpectedException    = ExpectedException.SecurityTokenInvalidAudienceException("IDX10208:"),
                TestId               = "no audiences in validationParameters",
                ValidationParameters = new TokenValidationParameters
                {
                    ValidateAudience = true,
                },
            });

            theoryData.Add(new TokenTheoryData
            {
                Audiences = new List <string> {
                    "John"
                },
                ExpectedException    = ExpectedException.SecurityTokenInvalidAudienceException("IDX10208:"),
                TestId               = "audience has value, tvp has no values",
                ValidationParameters = new TokenValidationParameters
                {
                    ValidateAudience = true,
                },
            });

            theoryData.Add(new TokenTheoryData
            {
                Audiences = new List <string> {
                    "John"
                },
                ExpectedException    = ExpectedException.SecurityTokenInvalidAudienceException("IDX10214:"),
                TestId               = "audience not matched",
                ValidationParameters = new TokenValidationParameters
                {
                    ValidateAudience = true,
                    ValidAudience    = "frank"
                },
            });

            theoryData.Add(new TokenTheoryData
            {
                Audiences = new List <string> {
                    "John"
                },
                TestId = "AudienceValidator returns true",
                ValidationParameters = new TokenValidationParameters
                {
                    AudienceValidator = (aud, token, type) =>
                    {
                        return(true);
                    },
                    ValidateAudience = true,
                    ValidAudience    = "frank"
                },
            });

            theoryData.Add(new TokenTheoryData
            {
                Audiences = new List <string> {
                    "John"
                },
                TestId = "AudienceValidator throws, validateAudience false",
                ValidationParameters = new TokenValidationParameters
                {
                    AudienceValidator = ValidationDelegates.AudienceValidatorThrows,
                    ValidateAudience  = false,
                    ValidAudience     = "frank"
                },
            });
        }
        private void ValidateAudience()
        {
            Saml2SecurityTokenHandler tokenHandler = new Saml2SecurityTokenHandler();
            ExpectedException         expectedException;
            string samlString = IdentityUtilities.CreateSaml2Token();

            TokenValidationParameters validationParameters =
                new TokenValidationParameters
            {
                IssuerSigningKey      = IdentityUtilities.DefaultAsymmetricSigningKey,
                RequireExpirationTime = false,
                RequireSignedTokens   = false,
                ValidIssuer           = IdentityUtilities.DefaultIssuer,
            };

            // Do not validate audience
            validationParameters.ValidateAudience = false;
            expectedException = ExpectedException.NoExceptionExpected;
            TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);

            // no valid audiences
            validationParameters.ValidateAudience = true;
            expectedException = ExpectedException.SecurityTokenInvalidAudienceException("IDX10208");
            TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);

            validationParameters.ValidateAudience = true;
            validationParameters.ValidAudience    = "John";
            expectedException = new ExpectedException(typeExpected: typeof(SecurityTokenInvalidAudienceException), substringExpected: "IDX10214");
            TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);

            // UriKind.Absolute, no match.
            validationParameters.ValidateAudience = true;
            validationParameters.ValidAudience    = IdentityUtilities.NotDefaultAudience;
            expectedException = new ExpectedException(typeExpected: typeof(SecurityTokenInvalidAudienceException), substringExpected: "IDX10214");
            TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);

            expectedException = ExpectedException.NoExceptionExpected;
            validationParameters.ValidAudience  = IdentityUtilities.DefaultAudience;
            validationParameters.ValidAudiences = null;
            TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);

            // !UriKind.Absolute
            List <string> audiences = new List <string> {
                "John", "Paul", "George", "Ringo"
            };

            validationParameters.ValidAudience    = null;
            validationParameters.ValidAudiences   = audiences;
            validationParameters.ValidateAudience = false;
            expectedException = ExpectedException.NoExceptionExpected;
            TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);

            // UriKind.Absolute, no match
            audiences = new List <string> {
                "http://www.John.com", "http://www.Paul.com", "http://www.George.com", "http://www.Ringo.com", "    "
            };
            validationParameters.ValidAudience    = null;
            validationParameters.ValidAudiences   = audiences;
            validationParameters.ValidateAudience = false;
            expectedException = ExpectedException.NoExceptionExpected;
            TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);

            validationParameters.ValidateAudience = true;
            expectedException = new ExpectedException(typeExpected: typeof(SecurityTokenInvalidAudienceException), substringExpected: "IDX10214");
            TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);

            validationParameters.ValidateAudience = true;
            expectedException = ExpectedException.NoExceptionExpected;
            audiences.Add(IdentityUtilities.DefaultAudience);
            TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);

            validationParameters.AudienceValidator =
                (aud, token, tvp) =>
            {
                return(false);
            };
            expectedException = new ExpectedException(typeExpected: typeof(SecurityTokenInvalidAudienceException), substringExpected: "IDX10231:");
            audiences.Add(IdentityUtilities.DefaultAudience);
            TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);

            validationParameters.ValidateAudience  = false;
            validationParameters.AudienceValidator = IdentityUtilities.AudienceValidatorThrows;
            TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: ExpectedException.NoExceptionExpected);
        }