public async Task UnsolicitedAssertion() {
var opStore = new StandardProviderApplicationStore();
Handle(RPUri).By(
async req => {
var rp = new OpenIdRelyingParty(new StandardRelyingPartyApplicationStore(), this.HostFactories);
IAuthenticationResponse response = await rp.GetResponseAsync(req);
Assert.That(response, Is.Not.Null);
Assert.AreEqual(AuthenticationStatus.Authenticated, response.Status);
return new HttpResponseMessage();
});
Handle(OPUri).By(
async (req, ct) => {
var op = new OpenIdProvider(opStore, this.HostFactories);
return await this.AutoProviderActionAsync(op, req, ct);
});
this.RegisterMockRPDiscovery(ssl: false);
{
var op = new OpenIdProvider(opStore, this.HostFactories);
Identifier id = GetMockIdentifier(ProtocolVersion.V20);
var assertion = await op.PrepareUnsolicitedAssertionAsync(OPUri, RPRealmUri, id, OPLocalIdentifiers[0]);
using (var httpClient = this.HostFactories.CreateHttpClient()) {
using (var response = await httpClient.GetAsync(assertion.Headers.Location)) {
response.EnsureSuccessStatusCode();
}
}
}
}
public AuthorizationServerHost()
{
// Use a default in-memory provider application store. This is a class that is ideal for use in test
// applications as it requires no further setup and can be used as both the crypto key- and nonce store.
// In real-life situations you would of course implement your own crypto key- and nonce store, which will
// most likely use some kind of persistent storage to store keys and nonces. As the nonces are kept in memory
// only, it is not possible to refresh tokens as the issued tokens will have been removed from memory the moment
// the refresh token request is being processed
this.standardProviderApplicationStore = new StandardProviderApplicationStore();
}
protected void Application_Start()
{
RouteConfig.RegisterRoutes(RouteTable.Routes);
// DotNetOpenAuth only issues access tokens when the client uses an HTTPS connection. As we will most
// likely run the server on our local development machine with only a self-signed SSL certificate, setting up
// connection to the server will fail as the SSL certificate is considered invalid by the .NET framework.
// To circumvent this, we add the line below that will consider all SSL certificates as valid, including
// self-signed certificaties. Note: this should only be used for testing purposes.
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;
// Use a default in-memory provider application store. This is a class that is ideal for use in test
// applications as it requires no further setup and can be used as both the crypto key- and nonce store.
// In real-life situations you would of course implement your own crypto key- and nonce store, which will
// most likely use some kind of persistent storage to store keys and nonces. As the nonces are kept in memory
// only, it is not possible to refresh tokens as the issued tokens will have been removed from memory the moment
// the refresh token request is being processed
var standardProviderApplicationStore = new StandardProviderApplicationStore();
var clientRepository = new InMemoryClientRepository();
clientRepository.Save(new Client()
{
Id = "demo-client-auth-code-identifier",
SecretKey = "demo-client-auth-code-secret-key",
CallbackUrl = new Uri("http://localhost/OAuth2WebClient/")
});
clientRepository.Save(new Client()
{
Id = "demo-client-credentials-identifier",
SecretKey = "demo-client-credentials-secret-key"
});
clientRepository.Save(new Client()
{
Id = "demo-client-res-owner-identifier"
});
var userRepository = new InMemoryUserRepository();
userRepository.Save(new User
{
Name = "demo-user-username",
Password = "******"
});
var authorizationServerHost = new AuthorizationServerHost(standardProviderApplicationStore, standardProviderApplicationStore, clientRepository, userRepository);
// Create our authorization server using our own, custom IAuthorizationServerHost implementation
AuthorizationServer = new AuthorizationServer(authorizationServerHost);
}
public async Task AssertionWithEndpointFilter() {
var opStore = new StandardProviderApplicationStore();
Handle(RPUri).By(
async req => {
var rp = new OpenIdRelyingParty(new StandardRelyingPartyApplicationStore(), this.HostFactories);
// Rig it to always deny the incoming OP
rp.EndpointFilter = op => false;
// Receive the unsolicited assertion
var response = await rp.GetResponseAsync(req);
Assert.That(response, Is.Not.Null);
Assert.AreEqual(AuthenticationStatus.Failed, response.Status);
return new HttpResponseMessage();
});
this.RegisterAutoProvider();
{
var op = new OpenIdProvider(opStore, this.HostFactories);
Identifier id = GetMockIdentifier(ProtocolVersion.V20);
var assertion = await op.PrepareUnsolicitedAssertionAsync(OPUri, GetMockRealm(false), id, id);
using (var httpClient = this.HostFactories.CreateHttpClient()) {
using (var response = await httpClient.GetAsync(assertion.Headers.Location)) {
response.EnsureSuccessStatusCode();
}
}
}
}
/// <summary>
/// Gets the standard state storage mechanism that uses ASP.NET's
/// HttpApplication state dictionary to store associations and nonces.
/// </summary>
/// <param name="context">The context.</param>
/// <returns>The application store.</returns>
public static IOpenIdApplicationStore GetHttpApplicationStore(HttpContextBase context = null) {
if (context == null) {
ErrorUtilities.VerifyOperation(HttpContext.Current != null, Strings.StoreRequiredWhenNoHttpContextAvailable, typeof(IOpenIdApplicationStore).Name);
context = new HttpContextWrapper(HttpContext.Current);
}
var store = (IOpenIdApplicationStore)context.Application[ApplicationStoreKey];
if (store == null) {
context.Application.Lock();
try {
if ((store = (IOpenIdApplicationStore)context.Application[ApplicationStoreKey]) == null) {
context.Application[ApplicationStoreKey] = store = new StandardProviderApplicationStore();
}
} finally {
context.Application.UnLock();
}
}
return store;
}
public async Task ExtensionsAreIdentifiedAsSignedOrUnsigned() {
Protocol protocol = Protocol.Default;
var opStore = new StandardProviderApplicationStore();
int rpStep = 0;
Handle(RPUri).By(
async req => {
var rp = new OpenIdRelyingParty(new StandardRelyingPartyApplicationStore(), this.HostFactories);
RegisterMockExtension(rp.Channel);
switch (++rpStep) {
case 1:
var response = await rp.Channel.ReadFromRequestAsync<IndirectSignedResponse>(req, CancellationToken.None);
Assert.AreEqual(1, response.SignedExtensions.Count(), "Signed extension should have been received.");
Assert.AreEqual(0, response.UnsignedExtensions.Count(), "No unsigned extension should be present.");
break;
case 2:
response = await rp.Channel.ReadFromRequestAsync<IndirectSignedResponse>(req, CancellationToken.None);
Assert.AreEqual(0, response.SignedExtensions.Count(), "No signed extension should have been received.");
Assert.AreEqual(1, response.UnsignedExtensions.Count(), "Unsigned extension should have been received.");
break;
default:
throw Assumes.NotReachable();
}
return new HttpResponseMessage();
});
Handle(OPUri).By(
async req => {
var op = new OpenIdProvider(opStore, this.HostFactories);
return await AutoProviderActionAsync(op, req, CancellationToken.None);
});
{
var op = new OpenIdProvider(opStore, this.HostFactories);
RegisterMockExtension(op.Channel);
var redirectingResponse = await op.Channel.PrepareResponseAsync(CreateResponseWithExtensions(protocol));
using (var httpClient = this.HostFactories.CreateHttpClient()) {
using (var response = await httpClient.GetAsync(redirectingResponse.Headers.Location)) {
response.EnsureSuccessStatusCode();
}
}
op.SecuritySettings.SignOutgoingExtensions = false;
redirectingResponse = await op.Channel.PrepareResponseAsync(CreateResponseWithExtensions(protocol));
using (var httpClient = this.HostFactories.CreateHttpClient()) {
using (var response = await httpClient.GetAsync(redirectingResponse.Headers.Location)) {
response.EnsureSuccessStatusCode();
}
}
}
}
