private static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { //from appsettings... const string allowedAudience = "http://audience1/user/get"; const string rpRealm = "http://audience1/"; const string domain = ""; const bool requireSsl = false; const string issuer = "http://sts/token/create; const string certThumbprint = " mythumbprint "; const string authCookieName = " StsAuth "; var federationConfiguration = new FederationConfiguration(); federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(allowedAudience)); var issuingAuthority = new IssuingAuthority(internalSts); issuingAuthority.Thumbprints.Add(certThumbprint); issuingAuthority.Issuers.Add(internalSts); var issuingAuthorities = new List<IssuingAuthority> {issuingAuthority}; var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry {IssuingAuthorities = issuingAuthorities}; federationConfiguration.IdentityConfiguration.IssuerNameRegistry = validatingIssuerNameRegistry; federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None; var chunkedCookieHandler = new ChunkedCookieHandler {RequireSsl = false, Name = authCookieName, Domain = domain, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)}; federationConfiguration.CookieHandler = chunkedCookieHandler; federationConfiguration.WsFederationConfiguration.Issuer = issuer; federationConfiguration.WsFederationConfiguration.Realm = rpRealm; federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl; e.FederationConfiguration = federationConfiguration; }
public string Signout() { // Load Identity Configuration FederationConfiguration config = FederatedAuthentication.FederationConfiguration; // Get wtrealm from WsFederationConfiguation Section string wtrealm = config.WsFederationConfiguration.Realm; string wreply; // Construct wreply value from wtrealm if (wtrealm.Last().Equals('/')) { wreply = wtrealm + ""; } else { wreply = wtrealm + "/"; } // Read the ACS Ws-Federation endpoint from web.Config string wsFederationEndpoint = ConfigurationManager.AppSettings["ida:Issuer"]; SignOutRequestMessage signoutRequestMessage = new SignOutRequestMessage(new Uri(wsFederationEndpoint)); signoutRequestMessage.Parameters.Add("wreply", wreply); signoutRequestMessage.Parameters.Add("wtrealm", wtrealm); FederatedAuthentication.SessionAuthenticationModule.SignOut(); return(signoutRequestMessage.WriteQueryString()); }
public static FederationConfiguration Create(string relyingPartyUrl, string stsUrl, string domain, string certificateThumbprint, string authCookieName, bool requireSsl) { var federationConfiguration = new FederationConfiguration(); federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(relyingPartyUrl)); var issuingAuthority = new IssuingAuthority(stsUrl); issuingAuthority.Thumbprints.Add(certificateThumbprint); issuingAuthority.Issuers.Add(stsUrl); var issuingAuthorities = new List<IssuingAuthority> { issuingAuthority }; var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry { IssuingAuthorities = issuingAuthorities }; federationConfiguration.IdentityConfiguration.IssuerNameRegistry = validatingIssuerNameRegistry; federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None; var chunkedCookieHandler = new ChunkedCookieHandler { RequireSsl = requireSsl, Name = authCookieName, Domain = domain, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0) }; federationConfiguration.CookieHandler = chunkedCookieHandler; var issuerOfToken = stsUrl; federationConfiguration.WsFederationConfiguration.Issuer = issuerOfToken; federationConfiguration.WsFederationConfiguration.Realm = relyingPartyUrl; federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl; return federationConfiguration; }
[Authorize] //[AllowAnonymous] public void Logout() { Uri requestUrl = HttpContext.Request.Url; FederationConfiguration config = FederatedAuthentication.FederationConfiguration; string wtrealm = config.WsFederationConfiguration.Realm; var wreply = new StringBuilder(); wreply.Append(requestUrl.Scheme); wreply.Append("://"); String host = requestUrl.Host; host = host.Replace("127.0.0.1", "localhost"); host = host.Replace("127.0.0.2", "localhost"); wreply.Append(host); if (!wreply.ToString().EndsWith("/")) { wreply.Append("/"); } string wsFederationEndpoint = ConfigurationManager.AppSettings["ida:Issuer"]; SignOutRequestMessage signoutRequestMessage = new SignOutRequestMessage(new Uri(wsFederationEndpoint)); signoutRequestMessage.Parameters.Add("wreply", wreply.ToString()); signoutRequestMessage.Parameters.Add("wtrealm", wreply.ToString()); FederatedAuthentication.SessionAuthenticationModule.SignOut(); Response.Redirect(signoutRequestMessage.WriteQueryString()); }
public static IEnumerable <Claim> Validate(string user, string password) { string serviceTokenUrl = ConfigurationManager.AppSettings["ADFS_ServiceTokenUrl_usernamemixed"]; string relyingPartyURL = ConfigurationManager.AppSettings["ADFS_RelyingPartyURL"]; WSTrustChannelFactory factory = new WSTrustChannelFactory( WSTrust13Bindings.UsernameMixed, new EndpointAddress(serviceTokenUrl)); factory.TrustVersion = TrustVersion.WSTrust13; RequestSecurityToken rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, TokenType = "urn:oasis:names:tc:SAML:2.0:assertion", AppliesTo = new EndpointReference(relyingPartyURL) }; factory.Credentials.UserName.UserName = user; // "YOUR_USER_NAME"; factory.Credentials.UserName.Password = password; // "***********"; RequestSecurityTokenResponse rstrr = null; SecurityToken issuedToken = factory.CreateChannel().Issue(rst, out rstrr); // Validate the token and get the claims RequestSecurityTokenResponse r = factory.CreateChannel().Validate(rst); // ?? var genericToken = issuedToken as GenericXmlSecurityToken; FederationConfiguration f = new FederationConfiguration(true); var handlers = f.IdentityConfiguration.SecurityTokenHandlerCollectionManager.SecurityTokenHandlerCollections.First(); var cToken = handlers.ReadToken(new XmlTextReader(new StringReader(genericToken.TokenXml.OuterXml))); var identity = handlers.ValidateToken(cToken).First(); var userIdenity = new ClaimsPrincipal(identity); Console.WriteLine(userIdenity.Identity.Name); Console.WriteLine(userIdenity.Identity.IsAuthenticated); foreach (Claim claim in userIdenity.Claims) { Console.WriteLine("----------------------------------------------"); Console.WriteLine("Type =" + claim.Type); Console.WriteLine("Value =" + claim.Value); Console.WriteLine("ValueType =" + claim.ValueType); Console.WriteLine("Issuer =" + claim.Issuer); Console.WriteLine("OriginalIssuer =" + claim.OriginalIssuer); Console.WriteLine("Properties =" + claim.Properties); Console.WriteLine("Subject =" + claim.Subject); } return(userIdenity.Claims); }
public FederationPassiveTokenReceiver(FederationConfiguration serviceConfiguration) { if (serviceConfiguration == null) { throw new ArgumentNullException(); } this._serviceConfiguration = serviceConfiguration; }
public MockWikiApplication(FederationConfiguration configuration, LinkMaker linkMaker, OutputFormat outputFormat, ITimeProvider timeProvider) { _configuration = configuration; _linkMaker = linkMaker; _ouputFormat = outputFormat; _timeProvider = timeProvider; }
private bool HandleResponseMessage() { try { var responseMessage = FederationAuthenticationModule.GetSignInResponseMessage(new HttpRequestWrapper(this.Context.Request)); if (responseMessage != null) { string xmlTokenFromMessage = this.FederationAuthenticationModule.GetXmlTokenFromMessage(responseMessage, null); FederationConfiguration serviceConfiguration = this.FederationAuthenticationModule.FederationConfiguration; //ServiceConfiguration serviceConfiguration = CUFSSecurityTokenServiceConfiguration.Current; FederationPassiveTokenReceiver tokenReceiver = new FederationPassiveTokenReceiver(serviceConfiguration); SecurityToken securityToken = tokenReceiver.ReadToken(xmlTokenFromMessage); SecurityTokenReceivedEventArgs securityTokenReceivedEventArgs = new SecurityTokenReceivedEventArgs(securityToken); this.OnSecurityTokenReceived(securityTokenReceivedEventArgs); if (!securityTokenReceivedEventArgs.Cancel) { ClaimsPrincipal claimsPrincipal = tokenReceiver.AuthenticateToken(securityTokenReceivedEventArgs.SecurityToken, true, HttpContext.Current.Request.RawUrl); if (claimsPrincipal != null) { SecurityTokenValidatedEventArgs securityTokenValidatedEventArgs = new SecurityTokenValidatedEventArgs(claimsPrincipal); this.OnSecurityTokenValidated(securityTokenValidatedEventArgs); if (!securityTokenValidatedEventArgs.Cancel) { SessionAuthenticationModule current = FederatedAuthentication.SessionAuthenticationModule; DateTime validFrom; DateTime validTo; tokenReceiver.ComputeSessionTokenLifeTime(securityTokenReceivedEventArgs.SecurityToken, out validFrom, out validTo); SessionSecurityToken sessionToken = current.CreateSessionSecurityToken(securityTokenValidatedEventArgs.ClaimsPrincipal, this.GetSessionTokenContext(), validFrom, validTo, false); SessionSecurityTokenCreatedEventArgs sessionSecurityTokenCreatedEventArgs = new SessionSecurityTokenCreatedEventArgs(sessionToken); sessionSecurityTokenCreatedEventArgs.WriteSessionCookie = true; this.OnSessionSecurityTokenCreated(sessionSecurityTokenCreatedEventArgs); this.FederationAuthenticationModule.SetPrincipalAndWriteSessionToken(sessionSecurityTokenCreatedEventArgs.SessionToken, sessionSecurityTokenCreatedEventArgs.WriteSessionCookie); this.OnSignedIn(EventArgs.Empty); return(true); } } } } return(false); } catch (Exception ex) { this.ErrorText = ex.Message; return(false); } }
public ActionResult Logout() { // Load Identity Configuration FederationConfiguration config = FederatedAuthentication.FederationConfiguration; // Sign out of WIF. WSFederationAuthenticationModule.FederatedSignOut(new Uri(ConfigurationManager.AppSettings["ida:Issuer"]), new Uri(config.WsFederationConfiguration.Realm)); return(View()); }
public void SerializeAuthorization() { FederationConfiguration configuration = new FederationConfiguration(); AuthorizationRule rule = new AuthorizationRule(new AuthorizationRuleWho(AuthorizationRuleWhoType.GenericAnonymous), AuthorizationRulePolarity.Allow, AuthorizationRuleScope.Wiki, SecurableAction.Edit, 0); configuration.AuthorizationRules.Add(new WikiAuthorizationRule(rule)); XmlSerializer serializer = new XmlSerializer(typeof(FederationConfiguration)); serializer.Serialize(Console.Out, configuration); Assert.Fail("Need to add real verification to this."); }
private ClaimsPrincipal ValidateToken(SignInResponseMessage signInResponse) { var serviceConfig = new FederationConfiguration(); var fam = new WSFederationAuthenticationModule { FederationConfiguration = serviceConfig }; var tokenFromAcs = fam.GetSecurityToken(signInResponse); var icp = ValidateToken(tokenFromAcs); return(icp); }
public FederationAuthenticationMiddleware( OwinMiddleware next, IAppBuilder app, FederationAuthenticationOptions options) : base(next, options) { _logger = app.CreateLogger <FederationAuthenticationMiddleware>(); _federationConfiguration = Options.FederationConfiguration ?? new FederationConfiguration(loadConfig: true); if (Options.StateDataFormat == null) { var dataProtector = app.CreateDataProtector( typeof(FederationAuthenticationMiddleware).FullName, Options.AuthenticationType, "v1"); Options.StateDataFormat = new PropertiesDataFormat(dataProtector); } }
//will delete session and call the identity provider public ActionResult Logout() { //delete authentication session Session[Const.CLAIM.USER_ACCESS_LEVEL] = null; Session[Const.CLAIM.USER_ACCOUNT] = null; Session[Const.CLAIM.USER_ID] = null; Session[Const.CLAIM.USER_FIRST_NAME] = null; Session[Const.CLAIM.USER_LAST_NAME] = null; // Load Identity Configuration FederationConfiguration config = FederatedAuthentication.FederationConfiguration; // Sign out of WIF. WSFederationAuthenticationModule.FederatedSignOut(new Uri(ConfigurationManager.AppSettings["ida:Issuer"]), new Uri(config.WsFederationConfiguration.Realm)); return(View()); }
public string GetLogoutUrl() { // Load Identity Configuration FederationConfiguration config = FederatedAuthentication.FederationConfiguration; // Get wtrealm from WsFederationConfiguation Section string wtrealm = config.WsFederationConfiguration.Realm; string wsFederationEndpoint = ConfigurationManager.AppSettings["ida:Issuer"]; SignOutRequestMessage signoutRequestMessage = new SignOutRequestMessage(new Uri(wsFederationEndpoint), wtrealm); signoutRequestMessage.Parameters.Add("wtrealm", wtrealm); FederatedAuthentication.SessionAuthenticationModule.SignOut(); string signoutUrl = signoutRequestMessage.WriteQueryString(); return(signoutUrl); }
public static FederationConfiguration LoadConfigurationSection() { var allowedAudience = MortysMixedAuthenticationConfiguration.Settings.ClientApplicationUri; var rpRealm = MortysMixedAuthenticationConfiguration.Settings.ClientApplicationUri; var domain = ""; var requireSsl = true; var issuer = MortysMixedAuthenticationConfiguration.Settings.SecurityTokenIssuerUri; var certThumbprint = MortysMixedAuthenticationConfiguration.Settings.TokenSigningSertificateThumbprint; var issuingAuthorityUri = MortysMixedAuthenticationConfiguration.Settings.TokenIssuingAuthorityUri; var authCookieName = "FocusFederatedAuth"; var federationConfiguration = new FederationConfiguration(); federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(allowedAudience)); var issuingAuthority = new IssuingAuthority(issuingAuthorityUri); issuingAuthority.Thumbprints.Add(certThumbprint); issuingAuthority.Issuers.Add(issuingAuthorityUri); var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry { IssuingAuthorities = new List <IssuingAuthority> { issuingAuthority } }; federationConfiguration.IdentityConfiguration.IssuerNameRegistry = validatingIssuerNameRegistry; federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None; var chunkedCookieHandler = new ChunkedCookieHandler { RequireSsl = false, Name = authCookieName, Domain = domain, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0) }; federationConfiguration.CookieHandler = chunkedCookieHandler; federationConfiguration.WsFederationConfiguration.Issuer = issuer; federationConfiguration.WsFederationConfiguration.Realm = rpRealm; federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl; federationConfiguration.WsFederationConfiguration.PassiveRedirectEnabled = true; return(federationConfiguration); }
public void SetUp() { FederationConfiguration configuration = new FederationConfiguration(); // Grant everyone full control so we don't have security issues for the test. configuration.AuthorizationRules.Add(new WikiAuthorizationRule( new AuthorizationRule(new AuthorizationRuleWho(AuthorizationRuleWhoType.GenericAll), AuthorizationRulePolarity.Allow, AuthorizationRuleScope.Wiki, SecurableAction.ManageNamespace, 0))); MockWikiApplication application = new MockWikiApplication( configuration, new LinkMaker("http://boobar"), OutputFormat.HTML, new MockTimeProvider(TimeSpan.FromSeconds(1))); Federation = new Federation(application); _base = WikiTestUtilities.CreateMockStore(Federation, "FlexWiki.Projects.Wiki"); _imp1 = WikiTestUtilities.CreateMockStore(Federation, "FlexWiki.Projects.Wiki1"); _imp2 = WikiTestUtilities.CreateMockStore(Federation, "FlexWiki.Projects.Wiki2"); string author = "tester-joebob"; WikiTestUtilities.WriteTestTopicAndNewVersion( _base, _base.DefinitionTopicName.LocalName, @" Description: Test description Import: FlexWiki.Projects.Wiki1", author); WikiTestUtilities.WriteTestTopicAndNewVersion( _imp1, _imp1.DefinitionTopicName.LocalName, @" Description: Test1 description Import: FlexWiki.Projects.Wiki2", author); WikiTestUtilities.WriteTestTopicAndNewVersion( _imp2, _imp2.DefinitionTopicName.LocalName, @" Description: Test1 description Import: FlexWiki.Projects.Wiki", author); }
public static FederationConfiguration Create(string relyingPartyUrl, string stsUrl, string domain, string certificateThumbprint, string authCookieName, bool requireSsl) { var federationConfiguration = new FederationConfiguration(); federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(relyingPartyUrl)); var issuingAuthority = new IssuingAuthority(stsUrl); issuingAuthority.Thumbprints.Add(certificateThumbprint); issuingAuthority.Issuers.Add(stsUrl); var issuingAuthorities = new List <IssuingAuthority> { issuingAuthority }; var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry { IssuingAuthorities = issuingAuthorities }; federationConfiguration.IdentityConfiguration.IssuerNameRegistry = validatingIssuerNameRegistry; federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None; var chunkedCookieHandler = new ChunkedCookieHandler { RequireSsl = requireSsl, Name = authCookieName, Domain = domain, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0) }; federationConfiguration.CookieHandler = chunkedCookieHandler; var issuerOfToken = stsUrl; federationConfiguration.WsFederationConfiguration.Issuer = issuerOfToken; federationConfiguration.WsFederationConfiguration.Realm = relyingPartyUrl; federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl; return(federationConfiguration); }
internal static Federation SetupFederation(string siteUrl, TestContentSet content, MockSetupOptions options, FederationConfiguration federationConfiguration) { LinkMaker linkMaker = new LinkMaker(siteUrl); MockWikiApplication application = new MockWikiApplication( federationConfiguration, linkMaker, OutputFormat.HTML, new MockTimeProvider(TimeSpan.FromSeconds(1))); Federation federation = new Federation(application); foreach (TestNamespace ns in content.Namespaces) { NamespaceManager storeManager = CreateMockStore(federation, ns.Name, options, ns.Parameters); foreach (TestTopic topic in ns.Topics) { WriteTestTopicAndNewVersion(storeManager, topic.Name, topic.Content, topic.Author); } } return federation; }
public FedCertificateDetails() { _fedConfig = FederatedAuthentication.FederationConfiguration; }
public void DeleteTopicDenied() { // Use the default configuration, where everything is denied FederationConfiguration configuration = new FederationConfiguration(); Federation federation = WikiTestUtilities.SetupFederation("test://AuthorizationProviderTests", TestContentSets.SingleTopicNoImports, configuration); NamespaceManager manager = WikiTestUtilities.GetNamespaceManagerBypassingSecurity(federation, "NamespaceOne"); AuthorizationProvider provider = GetSecurityProvider(manager); // Grant the Read permission, which should be insufficient. AuthorizationRule allow = new AuthorizationRule(new AuthorizationRuleWho(AuthorizationRuleWhoType.User, "someuser"), AuthorizationRulePolarity.Allow, AuthorizationRuleScope.Namespace, SecurableAction.Read, 0); WikiTestUtilities.WriteTopicAndNewVersionBypassingSecurity(manager, manager.DefinitionTopicName.LocalName, allow.ToString("T"), "test"); using (new TestSecurityContext("someuser", "somerole")) { Assert.AreEqual(4, manager.AllTopics(ImportPolicy.DoNotIncludeImports).Count, "Checking that the right number of topics were returned before deletion"); provider.DeleteTopic(new UnqualifiedTopicName("TopicOne"), false); Assert.Fail("A security exception should have been thrown"); } }
private void AddWikiRule(FederationConfiguration federationConfiguration, AuthorizationRule rule) { federationConfiguration.AuthorizationRules.Add(new WikiAuthorizationRule(rule)); }
public void HasPermission() { foreach (AuthorizationRule firstRule in AuthorizationRules.GetAll("someuser", "somerole", 0)) { foreach (AuthorizationRule secondRule in AuthorizationRules.GetAll("someuser", "somerole", 1)) { FederationConfiguration federationConfiguration = new FederationConfiguration(); if (firstRule.Scope == AuthorizationRuleScope.Wiki) { AddWikiRule(federationConfiguration, firstRule); } if (secondRule.Scope == AuthorizationRuleScope.Wiki) { AddWikiRule(federationConfiguration, secondRule); } Federation federation = WikiTestUtilities.SetupFederation("test://AuthorizationProviderTests", new TestContentSet( new TestNamespace("NamespaceOne") ), federationConfiguration ); NamespaceManager manager = WikiTestUtilities.GetNamespaceManagerBypassingSecurity(federation, "NamespaceOne"); string namespaceContent = ""; if (firstRule.Scope == AuthorizationRuleScope.Namespace) { namespaceContent += firstRule.ToString("T") + "\n"; } if (secondRule.Scope == AuthorizationRuleScope.Namespace) { namespaceContent += secondRule.ToString("T") + "\n"; } WikiTestUtilities.WriteTopicAndNewVersionBypassingSecurity(manager, manager.DefinitionTopicName.LocalName, namespaceContent, "test"); string content = ""; if (firstRule.Scope == AuthorizationRuleScope.Topic) { content = firstRule.ToString("T") + "\n"; } if (secondRule.Scope == AuthorizationRuleScope.Topic) { content += secondRule.ToString("T") + "\n"; } content += "Some content"; WikiTestUtilities.WriteTopicAndNewVersionBypassingSecurity(manager, "TopicOne", content, "test"); bool isReadGrantExpected = AuthorizationRules.GetGrantExpectation( TopicPermission.Read, new TestIdentity("someuser", "somerole"), firstRule, secondRule); bool isEditGrantExpected = AuthorizationRules.GetGrantExpectation( TopicPermission.Edit, new TestIdentity("someuser", "somerole"), firstRule, secondRule); AuthorizationProvider provider = GetSecurityProvider(federation, "NamespaceOne"); using (new TestSecurityContext("someuser", "somerole")) { Assert.AreEqual(isReadGrantExpected, provider.HasPermission(new UnqualifiedTopicName("TopicOne"), TopicPermission.Read), string.Format("Checking that user should {0}have read permission on topic. (Rule one: {1}. Rule two: {2}.)", isReadGrantExpected ? "" : "not ", firstRule, secondRule)); Assert.AreEqual(isEditGrantExpected, provider.HasPermission(new UnqualifiedTopicName("TopicOne"), TopicPermission.Edit), string.Format("Checking that user should {0}have edit permission on topic. (Rule one: {1}. Rule two: {2}.)", isEditGrantExpected ? "" : "not ", firstRule, secondRule)); } } } }
private ClaimsPrincipal ValidateToken(SignInResponseMessage signInResponse) { var serviceConfig = new FederationConfiguration(); var fam = new WSFederationAuthenticationModule { FederationConfiguration = serviceConfig }; var tokenFromAcs = fam.GetSecurityToken(signInResponse); var icp = ValidateToken(tokenFromAcs); return icp; }
internal static Federation SetupFederation(string siteUrl, TestContentSet content, FederationConfiguration federationConfiguration) { return SetupFederation(siteUrl, content, MockSetupOptions.Default, federationConfiguration); }
public void HasPermissionDefinitionTopic() { FederationConfiguration configuration = new FederationConfiguration(); Federation federation = WikiTestUtilities.SetupFederation("test://AuthorizationProviderTests", TestContentSets.SingleEmptyNamespace, configuration); NamespaceManager manager = WikiTestUtilities.GetNamespaceManagerBypassingSecurity(federation, "NamespaceOne"); AuthorizationProvider provider = GetSecurityProvider(manager); // Set it up so we have Edit but not ManageNamespace AuthorizationRule allowEdit = new AuthorizationRule(new AuthorizationRuleWho(AuthorizationRuleWhoType.User, "someuser"), AuthorizationRulePolarity.Allow, AuthorizationRuleScope.Namespace, SecurableAction.Edit, 0); WikiTestUtilities.WriteTopicAndNewVersionBypassingSecurity(manager, manager.DefinitionTopicName.LocalName, allowEdit.ToString("T"), "test"); using (new TestSecurityContext("someuser", "somerole")) { Assert.IsFalse(provider.HasPermission(new UnqualifiedTopicName(manager.DefinitionTopicName.LocalName), TopicPermission.Edit), "Checking that allowing edit is not enough to grant editpermisison on the definition topic."); } // Now try it where we're granted ManageNamespace AuthorizationRule allow = new AuthorizationRule(new AuthorizationRuleWho(AuthorizationRuleWhoType.User, "someuser"), AuthorizationRulePolarity.Allow, AuthorizationRuleScope.Namespace, SecurableAction.ManageNamespace, 0); WikiTestUtilities.WriteTopicAndNewVersionBypassingSecurity(manager, manager.DefinitionTopicName.LocalName, allow.ToString("T"), "test"); using (new TestSecurityContext("someuser", "somerole")) { Assert.IsTrue(provider.HasPermission(new UnqualifiedTopicName(manager.DefinitionTopicName.LocalName), TopicPermission.Edit), "Checking that granting ManageNamespace implies ability to edit definition topic."); } }
public void WriteTopicDefinitionTopicAllowed() { FederationConfiguration configuration = new FederationConfiguration(); // Grant the ManageNamespace permission, which should be enough. AuthorizationRule allow = new AuthorizationRule(new AuthorizationRuleWho(AuthorizationRuleWhoType.User, "someuser"), AuthorizationRulePolarity.Allow, AuthorizationRuleScope.Wiki, SecurableAction.ManageNamespace, 0); configuration.AuthorizationRules.Add(new WikiAuthorizationRule(allow)); Federation federation = WikiTestUtilities.SetupFederation("test://AuthorizationProviderTests", TestContentSets.SingleTopicNoImports, configuration); NamespaceManager manager = WikiTestUtilities.GetNamespaceManagerBypassingSecurity(federation, "NamespaceOne"); AuthorizationProvider provider = GetSecurityProvider(manager); using (new TestSecurityContext("someuser", "somerole")) { provider.WriteTopic(new UnqualifiedTopicRevision(manager.DefinitionTopicName.LocalName), "New content"); } }
public void WriteNewTopicDenied() { FederationConfiguration configuration = new FederationConfiguration(); Federation federation = WikiTestUtilities.SetupFederation("test://AuthorizationProviderTests", TestContentSets.SingleEmptyNamespace, configuration); NamespaceManager manager = WikiTestUtilities.GetNamespaceManagerBypassingSecurity(federation, "NamespaceOne"); AuthorizationProvider provider = GetSecurityProvider(manager); // Set it up so we have Read AuthorizationRule allow = new AuthorizationRule(new AuthorizationRuleWho(AuthorizationRuleWhoType.User, "someuser"), AuthorizationRulePolarity.Allow, AuthorizationRuleScope.Namespace, SecurableAction.Read, 0); WikiTestUtilities.WriteTopicAndNewVersionBypassingSecurity(manager, manager.DefinitionTopicName.LocalName, allow.ToString("T"), "test"); UnqualifiedTopicRevision revision = new UnqualifiedTopicRevision("NewTopic"); string content = "New content to be written"; using (new TestSecurityContext("someuser", "somerole")) { provider.WriteTopic(revision, content); } }
public void WriteTopicRegularTopicDenied() { FederationConfiguration configuration = new FederationConfiguration(); // Grant the Read permission, which should not be enough. AuthorizationRule allow = new AuthorizationRule(new AuthorizationRuleWho(AuthorizationRuleWhoType.User, "someuser"), AuthorizationRulePolarity.Allow, AuthorizationRuleScope.Wiki, SecurableAction.Read, 0); configuration.AuthorizationRules.Add(new WikiAuthorizationRule(allow)); Federation federation = WikiTestUtilities.SetupFederation("test://AuthorizationProviderTests", TestContentSets.SingleTopicNoImports, configuration); NamespaceManager manager = WikiTestUtilities.GetNamespaceManagerBypassingSecurity(federation, "NamespaceOne"); AuthorizationProvider provider = GetSecurityProvider(manager); using (new TestSecurityContext("someuser", "somerole")) { UnqualifiedTopicRevision topic = new UnqualifiedTopicRevision("TopicOne"); provider.WriteTopic(topic, "New content"); Assert.Fail("A security exception should have been thrown."); } }
public FederationPassiveTokenReceiver( FederationConfiguration serviceConfiguration ) { if ( serviceConfiguration == null ) throw new ArgumentNullException(); this._serviceConfiguration = serviceConfiguration; }
public FederationAuthenticationMiddleware( OwinMiddleware next, FederationAuthenticationOptions options) : base(next, options) { _federationConfiguration = Options.FederationConfiguration ?? new FederationConfiguration(loadConfig: true); }
public void SetUp() { string author = "tester-joebob"; _lm = new LinkMaker(_bh); // Allow everyone all permissions FederationConfiguration configuration = new FederationConfiguration(); configuration.AuthorizationRules.Add(new WikiAuthorizationRule( new AuthorizationRule(new AuthorizationRuleWho(AuthorizationRuleWhoType.GenericAll, null), AuthorizationRulePolarity.Allow, AuthorizationRuleScope.Wiki, SecurableAction.ManageNamespace, 0))); MockWikiApplication application = new MockWikiApplication( configuration, _lm, OutputFormat.HTML, new MockTimeProvider(TimeSpan.FromSeconds(1))); Federation = new Federation(application); _base = WikiTestUtilities.CreateMockStore(Federation, "FlexWiki.Base"); _other1 = WikiTestUtilities.CreateMockStore(Federation, "FlexWiki.Other1"); _other2 = WikiTestUtilities.CreateMockStore(Federation, "Other2"); _other3 = WikiTestUtilities.CreateMockStore(Federation, "Other3"); _namespaceManager5 = WikiTestUtilities.CreateMockStore(Federation, "Space5"); WikiTestUtilities.WriteTestTopicAndNewVersion(_base, _base.DefinitionTopicName.LocalName, @"Import: FlexWiki.Other1, Other2", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_base, "TopicOne", @"OtherOneHello", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_base, "TopicTwo", @"FlexWiki.Other1.OtherOneGoodbye", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_base, "TopicThree", @"No.Such.Namespace.FooBar", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_base, "TopicFour", @".TopicOne", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_base, "TopicFive", @"FooBar Role:Designer", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_base, "TopicSix", @".GooBar Role:Developer", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_other1, _other1.DefinitionTopicName.LocalName, @"Import: Other3,Other2", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_other1, "OtherOneHello", @"hello Role:Developer", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_other1, "OtherOneGoodbye", @"goodbye", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_other1, "OtherOneRefThree", @"OtherThreeTest", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_other1, "OtherOneTopicOne", @"OtherTwoHello", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_other1, "OtherOneTopicTwo", @"Other2.OtherTwoGoodbye", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_other1, "OtherOneTopicThree", @"No.Such.Namespace.FooBar", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_other1, "OtherOneTopicFour", @".OtherOneTopicOne", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_other1, "OtherOneTopicFive", @"FooBar", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_other1, "OtherOneTopicSix", @".GooBar", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_other2, "OtherTwoHello", @"hello", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_other2, "OtherTwoGoodbye", @"goodbye", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_other3, "OtherThreeTest", @"yo", author); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager5, "AbsRef", @"Other2.OtherTwoHello", author); }
internal static Federation CreateFederation(string root, TestContent content) { string contentDir = Path.Combine(Path.GetFullPath(root), "WikiBases"); if (Directory.Exists(contentDir)) { Directory.Delete(contentDir, true); } Directory.CreateDirectory(contentDir); TestUtilities.SetDirectoryWebWritable(contentDir); FederationConfiguration configuration = new FederationConfiguration(); FileSystemNamespaceProvider provider = new FileSystemNamespaceProvider(); bool defaultNamespaceSpecified = false; foreach (TestNamespace ns in content.Namespaces) { provider.Root = Path.Combine(contentDir, ns.Name); provider.Namespace = ns.Name; NamespaceProviderDefinition definition = new NamespaceProviderDefinition(); definition.Id = Guid.NewGuid().ToString(); provider.SavePersistentParametersToDefinition(definition); definition.Type = provider.GetType().FullName; definition.AssemblyName = provider.GetType().Assembly.FullName; configuration.NamespaceMappings.Add(definition); // We always set the first namespace to be the default one if (defaultNamespaceSpecified == false) { configuration.DefaultNamespace = ns.Name; defaultNamespaceSpecified = true; } } string configFilePath = TestUtilities.ReadConfigFilePath(); configuration.WriteToFile(configFilePath); Federation federation = new Federation(OutputFormat.HTML, new LinkMaker(TestUtilities.BaseUrl)); federation.LoadFromConfiguration(configuration); foreach (TestNamespace ns in content.Namespaces) { FlexWiki.ContentBase contentBase = federation.ContentBaseForNamespace(ns.Name); foreach (TestTopic topic in ns.Topics) { LocalTopicName name = new LocalTopicName(topic.Name); foreach (string text in topic.ContentHistory) { name.Version = FlexWiki.AbsoluteTopicName.NewVersionStringForUser("BuildVerificationTests"); contentBase.WriteTopicAndNewVersion(name, text); //CA We need to sleep a little while so we don't try to write two topics //CA within the same time slice, or they get the same version name. System.Threading.Thread.Sleep(30); } } } RestartWebApplication(); return federation; }
public RenderDriverApplication(FederationConfiguration federationConfiguration, LinkMaker linkMaker) { _federationConfiguration = federationConfiguration; _linkMaker = linkMaker; }
public void HasPermissionNonexistentTopicDenied() { FederationConfiguration configuration = new FederationConfiguration(); Federation federation = WikiTestUtilities.SetupFederation("test://AuthorizationProviderTests", TestContentSets.SingleEmptyNamespace, configuration); NamespaceManager manager = WikiTestUtilities.GetNamespaceManagerBypassingSecurity(federation, "NamespaceOne"); AuthorizationProvider provider = GetSecurityProvider(manager); // Set it up so we only have Read AuthorizationRule allow = new AuthorizationRule(new AuthorizationRuleWho(AuthorizationRuleWhoType.User, "someuser"), AuthorizationRulePolarity.Allow, AuthorizationRuleScope.Namespace, SecurableAction.Read, 0); WikiTestUtilities.WriteTopicAndNewVersionBypassingSecurity(manager, manager.DefinitionTopicName.LocalName, allow.ToString("T"), "test"); using (new TestSecurityContext("someuser", "somerole")) { Assert.IsTrue(provider.HasPermission(new UnqualifiedTopicName("NoSuchTopic"), TopicPermission.Read), "Checking that allowing read at the namespace level grants read on nonexistent topics."); Assert.IsFalse(provider.HasPermission(new UnqualifiedTopicName("NoSuchTopic"), TopicPermission.Edit), "Checking that allowing read at the namespace level denies edit on nonexistent topics."); } }
public void Init() { _lm = new LinkMaker(_base); FederationConfiguration configuration = new FederationConfiguration(); AuthorizationRule rule = new AuthorizationRule(new AuthorizationRuleWho(AuthorizationRuleWhoType.GenericAll, null), AuthorizationRulePolarity.Allow, AuthorizationRuleScope.Wiki, SecurableAction.ManageNamespace, 0); configuration.AuthorizationRules.Add(new WikiAuthorizationRule(rule)); MockWikiApplication application = new MockWikiApplication( configuration, _lm, OutputFormat.HTML, new MockTimeProvider(TimeSpan.FromSeconds(1))); Federation = new Federation(application); Federation.WikiTalkVersion = 1; string ns = "FlexWiki"; string ns2 = "FlexWiki2"; _namespaceManager = WikiTestUtilities.CreateMockStore(Federation, ns); _namespaceManager2 = WikiTestUtilities.CreateMockStore(Federation, ns2); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "HomePage", "", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, _namespaceManager.DefinitionTopicName.LocalName, @"Import: FlexWiki2", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "QualifiedLocalPropertyRef", @" Color: green color=@@topics.QualifiedLocalPropertyRef.Color@@", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "UnqualifiedLocalPropertyRef", @" Color: green color=@@Color@@", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "QualifiedLocalMethodRef", @" len=@@topics.QualifiedLocalMethodRef.DirectStringLength(""hello"")@@ DirectStringLength: { str | str.Length } ", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "UnqualifiedLocalMethodRef", @" len=@@DirectStringLength(""hello"")@@ DirectStringLength: { str | str.Length } ", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "LocalMethodIndirection", @" len=@@StringLength(""hello"")@@ StringLength: { str | Len(str) } Len: { str | str.Length } ", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "LocalMethodIndirection2", @" len=@@StringLength(""hello"")@@ StringLength: { str | Len(str) } Len: { s | s.Length } ", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "CallerBlockLocalsShouldBeInvisible", @" len=@@StringLength(""hello"")@@ StringLength: { str | Len(str) } Len: { s | str.Length } ", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager2, "Profile", @"Color: puce", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "ReferAcrossNamespaces", @"@@topics.Profile.Color@@", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "TestChecker", @" Test: { FearFactor } Color: green", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "CallTestChecker", @" FearFactor: nighttime test=@@topics.TestChecker.Test@@ ", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "Topic1", @" Function: { arg1 | topics.Topic2.FunctionTwo( { arg1 } ) } ", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "Topic2", @" FunctionTwo: { someArg | someArg.Value } ", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "Topic3", @"@@topics.Topic1.Function(100)@@", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "BlockCanSeeLexicalScopeCaller", @" result=@@ topics.BlockCanSeeLexicalScopeCallee.BlockValue( { Color } ) @@ Color: green", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "BlockCanSeeLexicalScopeCallee", @" BlockValue: {aBlock | aBlock.Value }", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "ThisTests", @" topicName=@@topicName.Name@@ namespace=@@namespace.Name@@ nscount=@@federation.Namespaces.Count@@ color=@@this.Color@@ Color: red ", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "WikiTalkHomeObject", @" @@topics@@ namespace=@@namespace@@ federation=@@federation@@ color=@@this.Color@@ Color: red true = @@true@@ empty = @@empty@@(this is empty) false = @@false@@ null = @@null@@ ", _user); }
public FederationAuthenticationHandler(ILogger logger, FederationConfiguration federationConfiguration) { _logger = logger; _federationConfiguration = federationConfiguration; }
public void SetUp() { _lm = new LinkMaker(c_siteUrl); FederationConfiguration configuration = new FederationConfiguration(); AuthorizationRule rule = new AuthorizationRule(new AuthorizationRuleWho(AuthorizationRuleWhoType.GenericAll, null), AuthorizationRulePolarity.Allow, AuthorizationRuleScope.Wiki, SecurableAction.ManageNamespace, 0); configuration.AuthorizationRules.Add(new WikiAuthorizationRule(rule)); MockWikiApplication application = new MockWikiApplication( configuration, _lm, OutputFormat.HTML, new MockTimeProvider(TimeSpan.FromSeconds(1))); Federation = new Federation(application); Federation.WikiTalkVersion = 1; _namespaceManager = WikiTestUtilities.CreateMockStore(Federation, "FlexWiki"); //_namespaceManager.Title = "Friendly Title"; WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "_ContentBaseDefinition", "Title: Friendly Title", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "HomePage", "Home is where the heart is", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "BigPolicy", "This is ", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "BigDog", "This is ", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "BigAddress", "This is ", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "BigBox", "This is ", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "IncludeOne", "inc1", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "IncludeTwo", "!inc2", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "IncludeThree", "!!inc3", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "IncludeFour", "!inc4", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "IncludeNest", @" {{IncludeNest1}} {{IncludeNest2}}", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "TopicWithColor", "Color: Yellow", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "IncludeNest1", "!hey there", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "IncludeNest2", "!black dog", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "IncludeNestURI", @"wiki://IncludeNest1 wiki://IncludeNest2 ", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "ResourceReference", @"URI: http://www.google.com/$$$", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "FlexWiki", "flex ", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "InlineTestTopic", @"aaa @@""foo""@@ zzz", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "OneMinuteWiki", "one ", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "TestIncludesBehaviors", "@@ProductName@@ somthing @@Now@@ then @@Now@@", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "_Underscore", "Underscore", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "TopicWithBehaviorProperties", @" Face: {""hello"".Length} one FaceWithArg: {arg | arg.Length } FaceSpanningLines:{ arg | arg.Length } ", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "TestTopicWithBehaviorProperties", @" len=@@topics.TopicWithBehaviorProperties.Face@@ lenWith=@@topics.TopicWithBehaviorProperties.FaceWithArg(""superb"")@@ lenSpanning=@@topics.TopicWithBehaviorProperties.FaceSpanningLines(""parsing is wonderful"")@@ ", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "TestTopicWithBehaviorProperty", @"lenSpanning=@@topics.TopicWithBehaviorProperties.FaceSpanningLines(""parsing is wonderful"")@@", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "TopicWithInclude", "{{TopicOneNoRead}}", _user); WikiTestUtilities.WriteTestTopicAndNewVersion(_namespaceManager, "TopicOneNoRead", @"DenyRead: all PropertyOne: ValueOne PropertyTwo: Value Two PropertyOne: List, of, values", _user); _externals = new ExternalReferencesMap(); }
public FederationAuthenticationHandler(FederationConfiguration federationConfiguration) { _federationConfiguration = federationConfiguration; }