public async Task AuthenticateRequestTestX509ApiProxyIgnoresAuthorizationHeader_Success() { string iothubHostName = "TestHub.azure-devices.net"; string deviceId = "device_2"; string moduleId = "module_1"; var httpContext = new DefaultHttpContext(); var certContentBytes = CertificateHelper.GenerateSelfSignedCert($"test_cert").Export(X509ContentType.Cert); string certContentBase64 = Convert.ToBase64String(certContentBytes); string clientCertString = $"-----BEGIN CERTIFICATE-----\n{certContentBase64}\n-----END CERTIFICATE-----\n"; clientCertString = WebUtility.UrlEncode(clientCertString); httpContext.Request.Headers.Add(Constants.ClientCertificateHeaderKey, new StringValues(clientCertString)); httpContext.Request.Headers.Add(HeaderNames.Authorization, new StringValues("blah")); httpContext.Request.QueryString = new QueryString("?api-version=2017-10-20"); var authenticator = new Mock <IAuthenticator>(); authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(true); var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName)); var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName); HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), Option.None <string>(), httpContext); Assert.True(result.Authenticated); Assert.Equal(string.Empty, result.ErrorMessage); }
public async Task AuthenticateRequestTest_Success() { string iothubHostName = "TestHub.azure-devices.net"; string deviceId = "device_2"; string moduleId = "module_1"; var httpContext = new DefaultHttpContext(); httpContext.Connection.LocalPort = Constants.ApiProxyPort; string sasToken = TokenHelper.CreateSasToken($"{iothubHostName}/devices/{deviceId}/modules/{moduleId}"); httpContext.Request.Headers.Add(HeaderNames.Authorization, new StringValues(sasToken)); httpContext.Request.QueryString = new QueryString("?api-version=2017-10-20"); var authenticator = new Mock <IAuthenticator>(); authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(true); var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName)); var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName); HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), Option.None <string>(), httpContext); Assert.True(result.Authenticated); Assert.Equal(string.Empty, result.ErrorMessage); }
public async Task AuthenticateRequestTestX509ApiProxyForward_NoProxyAuthorization_AuthFailed() { string iothubHostName = "TestHub.azure-devices.net"; string deviceId = "device_2"; string moduleId = "module_1"; string apiProxyId = "iotedgeApiProxy"; var httpContext = new DefaultHttpContext(); httpContext.Connection.RemoteIpAddress = new IPAddress(0); var certContentBytes = CertificateHelper.GenerateSelfSignedCert($"test_cert").Export(X509ContentType.Cert); string certContentBase64 = Convert.ToBase64String(certContentBytes); string clientCertString = $"-----BEGIN CERTIFICATE-----\n{certContentBase64}\n-----END CERTIFICATE-----\n"; clientCertString = WebUtility.UrlEncode(clientCertString); httpContext.Request.Headers.Add(Constants.ClientCertificateHeaderKey, new StringValues(clientCertString)); httpContext.Request.QueryString = new QueryString("?api-version=2017-10-20"); var authenticator = new Mock <IAuthenticator>(); authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(true); var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName)); var httpProxiedCertificateExtractor = new Mock <IHttpProxiedCertificateExtractor>(); httpProxiedCertificateExtractor.Setup(p => p.GetClientCertificate(httpContext)).ThrowsAsync(new AuthenticationException($"Unable to authorize proxy {apiProxyId} to forward device certificate - Authorization header missing")); var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName, httpProxiedCertificateExtractor.Object); HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), Option.None <string>(), httpContext); Assert.False(result.Authenticated); Assert.Equal($"Unable to authenticate device with Id device_2/module_1 - Unable to authorize proxy {apiProxyId} to forward device certificate - Authorization header missing", result.ErrorMessage); }
protected override void Load(ContainerBuilder builder) { // IValidator builder.Register(c => new MethodRequestValidator()) .As <IValidator <MethodRequest> >() .SingleInstance(); // IWebSocketListenerRegistry builder.Register(c => new WebSocketListenerRegistry()) .As <IWebSocketListenerRegistry>() .SingleInstance(); // IHttpAuthenticator builder.Register( async c => { var authenticator = await c.Resolve <Task <IAuthenticator> >(); var credFactory = c.Resolve <IClientCredentialsFactory>(); IHttpRequestAuthenticator httpAuthenticator = new HttpRequestAuthenticator(authenticator, credFactory, this.iothubHostName); return(httpAuthenticator); }) .As <Task <IHttpRequestAuthenticator> >() .SingleInstance(); base.Load(builder); }
public async Task AuthenticateRequestX509Test_NoApiVersion_Success() { string iothubHostName = "TestHub.azure-devices.net"; string deviceId = "device_2"; string moduleId = "module_1"; var httpContext = new DefaultHttpContext(); var clientCert = CertificateHelper.GenerateSelfSignedCert($"test_cert"); httpContext.Request.Headers.Add(HeaderNames.Authorization, new StringValues("blah")); httpContext.Connection.ClientCertificate = clientCert; var authenticator = new Mock <IAuthenticator>(); authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(true); var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName)); var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName, Mock.Of <IHttpProxiedCertificateExtractor>()); HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), Option.None <string>(), httpContext); Assert.True(result.Authenticated); Assert.Equal(string.Empty, result.ErrorMessage); }
public async Task InvalidCredentialsRequestX509Test_AuthFailed() { string iothubHostName = "TestHub.azure-devices.net"; string deviceId = "device_2"; string moduleId = "module_1"; var httpContext = new DefaultHttpContext(); var clientCert = CertificateHelper.GenerateSelfSignedCert($"test_cert"); httpContext.Request.QueryString = new QueryString("?api-version=2017-10-20"); httpContext.Connection.ClientCertificate = clientCert; var authenticator = new Mock <IAuthenticator>(); authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(false); var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName)); var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName, Mock.Of <IHttpProxiedCertificateExtractor>()); HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), Option.None <string>(), httpContext); Assert.False(result.Authenticated); Assert.Equal("Unable to authenticate device with Id device_2/module_1", result.ErrorMessage); }
public async Task InvalidAuthenticateRequestTest_InvalidToken() { string iothubHostName = "TestHub.azure-devices.net"; string deviceId = "device_2"; string moduleId = "module_1"; var httpContext = new DefaultHttpContext(); httpContext.Request.Headers.Add(HeaderNames.Authorization, new StringValues("invalidSasToken")); httpContext.Request.QueryString = new QueryString("?api-version=2017-10-20"); var authenticator = new Mock <IAuthenticator>(); authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(true); var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName)); var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName); HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), httpContext); Assert.False(result.Authenticated); Assert.Equal("Invalid Authorization header. Only SharedAccessSignature is supported.", result.ErrorMessage); }
public async Task AuthenticateRequestTestX509_Success() { string iothubHostName = "TestHub.azure-devices.net"; string deviceId = "device_2"; string moduleId = "module_1"; var httpContext = new DefaultHttpContext(); var clientCert = CertificateHelper.GenerateSelfSignedCert($"test_cert"); httpContext.Request.QueryString = new QueryString("?api-version=2017-10-20"); httpContext.Connection.ClientCertificate = clientCert; var authenticator = new Mock <IAuthenticator>(); authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(true); var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName)); var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName); HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), httpContext); Assert.True(result.Authenticated); Assert.Equal(string.Empty, result.ErrorMessage); }
public async Task InvalidAuthenticateRequestTest_MultipleAuthHeaders() { string iothubHostName = "TestHub.azure-devices.net"; string deviceId = "device_2"; string moduleId = "module_1"; var httpContext = new DefaultHttpContext(); httpContext.Request.Headers.Add(HeaderNames.Authorization, new StringValues(new[] { "sasToken1", "sasToken2" })); httpContext.Request.QueryString = new QueryString("?api-version=2017-10-20"); var authenticator = new Mock <IAuthenticator>(); authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(true); var httpProxiedCertificateExtractor = Mock.Of <IHttpProxiedCertificateExtractor>(); var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName)); var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName, httpProxiedCertificateExtractor); HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), Option.None <string>(), httpContext); Assert.False(result.Authenticated); Assert.Equal("Invalid authorization header count", result.ErrorMessage); }
public async Task InvalidCredentialsRequestTest_AuthFailed() { string iothubHostName = "TestHub.azure-devices.net"; string deviceId = "device_2"; string moduleId = "module_1"; var httpContext = new DefaultHttpContext(); string sasToken = TokenHelper.CreateSasToken($"{iothubHostName}/devices/{deviceId}/modules/{moduleId}"); httpContext.Request.Headers.Add(HeaderNames.Authorization, new StringValues(sasToken)); httpContext.Request.QueryString = new QueryString("?api-version=2017-10-20"); var authenticator = new Mock <IAuthenticator>(); authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(false); var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName)); var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName); HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), httpContext); Assert.False(result.Authenticated); Assert.Equal("Unable to authenticate device with Id device_2/module_1", result.ErrorMessage); }
public async Task InvalidAuthenticateRequestTest_TokenExpired() { string iothubHostName = "TestHub.azure-devices.net"; string deviceId = "device_2"; string moduleId = "module_1"; var httpContext = new DefaultHttpContext(); string sasToken = TokenHelper.CreateSasToken($"{iothubHostName}/devices/{deviceId}/modules/{moduleId}", expired: true); httpContext.Request.Headers.Add(HeaderNames.Authorization, new StringValues(sasToken)); httpContext.Request.QueryString = new QueryString("?api-version=2017-10-20"); var authenticator = new Mock <IAuthenticator>(); authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(true); var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName)); var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName); HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), httpContext); Assert.False(result.Authenticated); Assert.Equal("Cannot parse SharedAccessSignature because of the following error - The specified SAS token is expired", result.ErrorMessage); }
public GatewayController() { _restSharpComponent = new HttpRequestAuthenticator(); }
public PublishArticle(HttpRequestAuthenticator authenticator, CosmosArticleDb cmsDb) { Authenticator = authenticator; CmsDb = cmsDb; }
public GetImageUploadSasToken(HttpRequestAuthenticator authenticator, CosmosArticleDb cmsDb) { Authenticator = authenticator; CmsDb = cmsDb; }
public UpdateArticle(HttpRequestAuthenticator authenticator, CosmosArticleDb db) { Authenticator = authenticator; CmsDb = db; }
public DeleteArticle(HttpRequestAuthenticator authenticator, CosmosArticleDb db) { CmsDb = db; Authenticator = authenticator; }
public GetArticles(HttpRequestAuthenticator authenticator, CosmosArticleDb db) { Authenticator = authenticator; CmsDb = db; }
public LoanFeaturesSteps() { _restSharpComponent = new HttpRequestAuthenticator(); _loans = new List <Loan>(); }