Esempio n. 1
0
        public async Task WsFederation_login_return_assertion_success()
        {
            var loginUrl = "/account/login?returnUrl=%2Fwsfederation%3Fwtrealm%3Durn%253Aowinrp%26wreply%3Dhttp%253A%252F%252Flocalhost%253A10313%252F%26wa%3Dwsignin1.0";
            var response = await _client.GetAsync(loginUrl);

            Assert.Equal(HttpStatusCode.Found, response.StatusCode);
            var wsEndpointUrl = "/wsfederation?wtrealm=urn%3Aowinrp&wreply=http%3A%2F%2Flocalhost%3A10313%2F&wa=wsignin1.0";

            Assert.Equal(wsEndpointUrl, response.Headers.Location.OriginalString);
            var request    = GetRequest(wsEndpointUrl, response);
            var wsResponse = await _client.SendAsync(request);

            Assert.Equal(HttpStatusCode.OK, wsResponse.StatusCode);
            var contentAsText = await wsResponse.Content.ReadAsStringAsync();

            Assert.Contains("action=\"http://localhost:10313/\"", contentAsText);
            var wreturn = ExtractInBetween(contentAsText, "wresult\" value=\"", "\"");

            Assert.False(wreturn.StartsWith("%EF%BB%BF")); //don't start with BOM (Byte Order Mark)
            var wsMessage = new WsFederationMessage
            {
                Wresult = WebUtility.HtmlDecode(wreturn),
            };
            var tokenString  = wsMessage.GetToken();
            var handler      = new SamlSecurityTokenHandler();
            var canReadToken = handler.CanReadToken(tokenString);

            Assert.True(canReadToken);
        }
        public async Task WsFederation_signin_request_with_wfresh_user_is_authenticated_wfresh_in_time_frame_return_assertion_success()
        {
            // login user
            var subjectId     = "user1";
            var loginUrl      = string.Format("/account/login?subjectId={0}", WebUtility.UrlEncode(subjectId));
            var loginResponse = await _client.GetAsync(loginUrl);

            var authTime = DateTime.UtcNow;

            // create ws fed sigin message with wfresh=5
            var wsMessage = new WsFederationMessage
            {
                Wa            = "wsignin1.0",
                IssuerAddress = "/wsfederation",
                Wtrealm       = "urn:owinrp",
                Wreply        = "http://localhost:10313/",
                Wfresh        = "5",
            };
            var signInUrl = wsMessage.CreateSignInUrl();
            var request   = new HttpRequestMessage(HttpMethod.Get, signInUrl);

            // test server doesnt save cookies between requests,
            // so we set them explicitly for the next request
            request.SetCookiesFromResponse(loginResponse);

            var response = await _client.SendAsync(request);

            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            var contentAsText = await response.Content.ReadAsStringAsync();

            Assert.NotEqual(String.Empty, contentAsText);
            Assert.Contains("action=\"http://localhost:10313/\"", contentAsText);

            // extract wreturn to use it later to check if our token is a valid token
            var wreturn           = ExtractInBetween(contentAsText, "wresult\" value=\"", "\"");
            var wsResponseMessage = new WsFederationMessage
            {
                Wresult = WebUtility.HtmlDecode(wreturn),
            };
            var tokenString  = wsResponseMessage.GetToken();
            var handler      = new SamlSecurityTokenHandler();
            var canReadToken = handler.CanReadToken(tokenString);

            Assert.True(canReadToken);
            var token          = handler.ReadSamlToken(tokenString);
            var authStatements = token.Assertion.Statements.OfType <SamlAuthenticationStatement>();

            Assert.Equal(1, authStatements.Count());
            var authStatement = authStatements.First();

            Assert.True(authStatement.AuthenticationInstant <= authTime.AddMinutes(5));
        }
        public async Task WsFederation_sigin_request_for_logged_in_user_return_assertion_success()
        {
            // login user
            var subjectId     = "user1";
            var loginUrl      = string.Format("/account/login?subjectId={0}", WebUtility.UrlEncode(subjectId));
            var loginResponse = await _client.GetAsync(loginUrl);

            Assert.Equal(HttpStatusCode.OK, loginResponse.StatusCode);

            // create ws fed sign in message
            var wsSignInMessage = new WsFederationMessage
            {
                Wa            = "wsignin1.0",
                IssuerAddress = "/wsfederation",
                Wtrealm       = "urn:owinrp",
                Wreply        = "http://localhost:10313/",
            };
            var signInUrl = wsSignInMessage.CreateSignInUrl();
            var request   = new HttpRequestMessage(HttpMethod.Get, signInUrl);

            // test server doesnt save cookies between requests,
            // so we set them explicitly for the next request
            request.SetCookiesFromResponse(loginResponse);

            // send ws fed sign in request
            var wsResponse = await _client.SendAsync(request);

            Assert.Equal(HttpStatusCode.OK, wsResponse.StatusCode);
            var contentAsText = await wsResponse.Content.ReadAsStringAsync();

            Assert.NotEqual(String.Empty, contentAsText);
            Assert.Contains("action=\"http://localhost:10313/\"", contentAsText);
            // extract wreturn to use it later to check if our token is a valid token
            var wreturn = ExtractInBetween(contentAsText, "wresult\" value=\"", "\"");

            Assert.False(wreturn.StartsWith("%EF%BB%BF")); //don't start with BOM (Byte Order Mark)
            var wsMessage = new WsFederationMessage
            {
                Wresult = WebUtility.HtmlDecode(wreturn),
            };
            var tokenString  = wsMessage.GetToken();
            var handler      = new SamlSecurityTokenHandler();
            var canReadToken = handler.CanReadToken(tokenString);

            Assert.True(canReadToken);
        }
        public async Task WsFederation_signin_request_with_wfresh_set_to_0_user_is_authenticated_force_resignin_return_assertion_success()
        {
            // login user
            var subjectId     = "user1";
            var loginUrl      = string.Format("/account/login?subjectId={0}", WebUtility.UrlEncode(subjectId));
            var loginResponse = await _client.GetAsync(loginUrl);

            var authTime = DateTime.UtcNow;

            Thread.Sleep(3000); // TODO: bad workaround to sumulate login for 3 seconds

            // create ws fed sigin message with wfresh
            var wsMessage = new WsFederationMessage
            {
                Wa            = "wsignin1.0",
                IssuerAddress = "/wsfederation",
                Wtrealm       = "urn:owinrp",
                Wreply        = "http://localhost:10313/",
                Wfresh        = "0",
            };
            var uri     = wsMessage.CreateSignInUrl();
            var request = new HttpRequestMessage(HttpMethod.Get, uri);

            // test server doesnt save cookies between requests,
            // so we set them explicitly for the next request
            request.SetCookiesFromResponse(loginResponse);

            // make auth request, for allready logged in user
            var response = await _client.SendAsync(request);

            // redirect to sign in package because we enforce it with wfresh=0
            Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);

            uri     = response.Headers.Location.OriginalString + "&subjectId=" + subjectId;
            request = new HttpRequestMessage(HttpMethod.Get, uri);
            request.SetCookiesFromResponse(response);

            // login again to satisfy wfresh=0
            response = await _client.SendAsync(request);

            Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);

            uri     = response.Headers.Location.OriginalString;
            request = new HttpRequestMessage(HttpMethod.Get, uri);
            request.SetCookiesFromResponse(response);

            // do the redirect to auth endpoint
            response = await _client.SendAsync(request);

            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            var contentAsText = await response.Content.ReadAsStringAsync();

            Assert.NotEqual(String.Empty, contentAsText);
            Assert.Contains("action=\"http://localhost:10313/\"", contentAsText);

            // extract wreturn to use it later to check if our token is a valid token
            var wreturn           = ExtractInBetween(contentAsText, "wresult\" value=\"", "\"");
            var wsResponseMessage = new WsFederationMessage
            {
                Wresult = WebUtility.HtmlDecode(wreturn),
            };
            var tokenString  = wsResponseMessage.GetToken();
            var handler      = new SamlSecurityTokenHandler();
            var canReadToken = handler.CanReadToken(tokenString);

            Assert.True(canReadToken);
            var token          = handler.ReadSamlToken(tokenString);
            var authStatements = token.Assertion.Statements.OfType <SamlAuthenticationStatement>();

            Assert.Equal(1, authStatements.Count());
            var authStatement = authStatements.First();

            Assert.True(authStatement.AuthenticationInstant <= authTime.AddMinutes(5));
        }