public void WhenAllowedCallersIsEmptyThrowException() { var unused = new AllowedCallersClaimsValidator(new BotSkillConfiguration() { AllowedCallers = new string[0] }); }
public async Task AcceptAllowedCallersArray(string allowedCallerClaimId, IList <string> allowList) { var validator = new AllowedCallersClaimsValidator(allowList); if (allowedCallerClaimId != null) { var claims = CreateCallerClaims(allowedCallerClaimId); if (allowList != null) { if (allowList.Contains(allowedCallerClaimId) || allowList.Contains("*")) { await validator.ValidateClaimsAsync(claims); } else { await ValidateUnauthorizedAccessException(allowedCallerClaimId, validator, claims); } } else { await ValidateUnauthorizedAccessException(allowedCallerClaimId, validator, claims); } } }
public void AcceptEmptyAllowedCallersArray() { var validator = new AllowedCallersClaimsValidator(new BotSkillConfiguration() { AllowedCallers = new string[0] }); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddControllers() .AddNewtonsoftJson(); // Register AuthConfiguration to enable custom claim validation. services.AddSingleton(sp => { var allowedCallers = new List <string>(sp.GetService <IConfiguration>().GetSection("AllowedCallers").Get <string[]>()); var claimsValidator = new AllowedCallersClaimsValidator(allowedCallers); // If TenantId is specified in config, add the tenant as a valid JWT token issuer for Bot to Skill conversation. // The token issuer for MSI and single tenant scenarios will be the tenant where the bot is registered. var validTokenIssuers = new List <string>(); var tenantId = sp.GetService <IConfiguration>().GetSection(MicrosoftAppCredentials.MicrosoftAppTenantIdKey)?.Value; if (!string.IsNullOrWhiteSpace(tenantId)) { // For SingleTenant/MSI auth, the JWT tokens will be issued from the bot's home tenant. // Therefore, these issuers need to be added to the list of valid token issuers for authenticating activity requests. validTokenIssuers.Add(string.Format(CultureInfo.InvariantCulture, AuthenticationConstants.ValidTokenIssuerUrlTemplateV1, tenantId)); validTokenIssuers.Add(string.Format(CultureInfo.InvariantCulture, AuthenticationConstants.ValidTokenIssuerUrlTemplateV2, tenantId)); validTokenIssuers.Add(string.Format(CultureInfo.InvariantCulture, AuthenticationConstants.ValidGovernmentTokenIssuerUrlTemplateV1, tenantId)); validTokenIssuers.Add(string.Format(CultureInfo.InvariantCulture, AuthenticationConstants.ValidGovernmentTokenIssuerUrlTemplateV2, tenantId)); } return(new AuthenticationConfiguration { ClaimsValidator = claimsValidator, ValidTokenIssuers = validTokenIssuers }); }); // Create the Bot Framework Authentication to be used with the Bot Adapter. services.AddSingleton <BotFrameworkAuthentication, ConfigurationBotFrameworkAuthentication>(); // Create the Bot Framework Adapter with error handling enabled. services.AddSingleton <IBotFrameworkHttpAdapter, SkillAdapterWithErrorHandler>(); // Create the storage we'll be using for User and Conversation state. (Memory is great for testing purposes.) services.AddSingleton <IStorage, MemoryStorage>(); // Create the Conversation state. (Used by the Dialog system itself.) services.AddSingleton <ConversationState>(); // Register LUIS recognizer. services.AddSingleton <DialogSkillBotRecognizer>(); // The Dialog that will be run by the bot. services.AddSingleton <ActivityRouterDialog>(); // Create the bot as a transient. In this case the ASP Controller is expecting an IBot. services.AddTransient <IBot, SkillBot <ActivityRouterDialog> >(); }
public async Task AllowAnyCaller() { var validator = new AllowedCallersClaimsValidator(new BotSkillConfiguration() { AllowedCallers = new string[] { "*" } }); var callerAppId = "BE3F9920-D42D-4D3A-9BDF-DBA62DAE3A00"; var claims = CreateCallerClaims(callerAppId); await validator.ValidateClaimsAsync(claims); }
public async Task NonAllowedCallerShouldThrowException() { var callerAppId = "BE3F9920-D42D-4D3A-9BDF-DBA62DAE3A00"; var validator = new AllowedCallersClaimsValidator(new BotSkillConfiguration() { AllowedCallers = new string[] { callerAppId } }); var claims = CreateCallerClaims("I'm not allowed"); await validator.ValidateClaimsAsync(claims); }
public void WhenAllowedCallersIsNullThrowException() { var unused = new AllowedCallersClaimsValidator(new BotSkillConfiguration()); }
private static async Task ValidateUnauthorizedAccessException(string allowedCallerClaimId, AllowedCallersClaimsValidator validator, List <Claim> claims) { Exception ex = await Assert.ThrowsAsync <UnauthorizedAccessException>(() => validator.ValidateClaimsAsync(claims)); Assert.Contains(allowedCallerClaimId, ex.Message); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddControllers() .AddNewtonsoftJson(); // Register AuthConfiguration to enable custom claim validation. services.AddSingleton(sp => { var allowedCallers = new List <string>(sp.GetService <IConfiguration>().GetSection(CallersConfigKey).Get <string[]>()); var claimsValidator = new AllowedCallersClaimsValidator(allowedCallers); // If TenantId is specified in config, add the tenant as a valid JWT token issuer for Bot to Skill conversation. // The token issuer for MSI and single tenant scenarios will be the tenant where the bot is registered. var validTokenIssuers = new List <string>(); var tenantId = sp.GetService <IConfiguration>().GetSection(MicrosoftAppCredentials.MicrosoftAppTenantIdKey)?.Value; if (!string.IsNullOrWhiteSpace(tenantId)) { // For SingleTenant/MSI auth, the JWT tokens will be issued from the bot's home tenant. // Therefore, these issuers need to be added to the list of valid token issuers for authenticating activity requests. validTokenIssuers.Add(string.Format(CultureInfo.InvariantCulture, AuthenticationConstants.ValidTokenIssuerUrlTemplateV1, tenantId)); validTokenIssuers.Add(string.Format(CultureInfo.InvariantCulture, AuthenticationConstants.ValidTokenIssuerUrlTemplateV2, tenantId)); validTokenIssuers.Add(string.Format(CultureInfo.InvariantCulture, AuthenticationConstants.ValidGovernmentTokenIssuerUrlTemplateV1, tenantId)); validTokenIssuers.Add(string.Format(CultureInfo.InvariantCulture, AuthenticationConstants.ValidGovernmentTokenIssuerUrlTemplateV2, tenantId)); } return(new AuthenticationConfiguration { ClaimsValidator = claimsValidator, ValidTokenIssuers = validTokenIssuers }); }); services.AddSingleton <BotFrameworkAuthentication, ConfigurationBotFrameworkAuthentication>(); // Register the Cloud Adapter with error handling enabled. // Note: some classes use the base BotAdapter so we add an extra registration that pulls the same instance. services.AddSingleton <CloudAdapter, SkillAdapterWithErrorHandler>(); services.AddSingleton <IBotFrameworkHttpAdapter>(sp => sp.GetService <CloudAdapter>()); services.AddSingleton <BotAdapter>(sp => sp.GetService <CloudAdapter>()); // Register the skills conversation ID factory, the client and the request handler. services.AddSingleton <SkillConversationIdFactoryBase, SkillConversationIdFactory>(); services.AddSingleton <ChannelServiceHandlerBase, CloudSkillHandler>(); // Create the storage we'll be using for User and Conversation state. (Memory is great for testing purposes.) services.AddSingleton <IStorage, MemoryStorage>(); // Create the Conversation state. (Used by the Dialog system itself.) services.AddSingleton <ConversationState>(); // The Dialog that will be run by the bot. services.AddSingleton <ActivityRouterDialog>(); // The Bot needs an HttpClient to download and upload files. services.AddHttpClient(); // Create a global dictionary for our ConversationReferences (used by proactive) services.AddSingleton <ConcurrentDictionary <string, ContinuationParameters> >(); // Create the bot as a transient. In this case the ASP Controller is expecting an IBot. services.AddTransient <IBot, SkillBot <ActivityRouterDialog> >(); // Gives us access to HttpContext so we can create URLs with the host name. services.AddHttpContextAccessor(); }
public void AcceptNullAllowedCallersArray() { var validator = new AllowedCallersClaimsValidator(new BotSkillConfiguration()); }