public async Task WsFederation_signin_request_with_wfresh_user_is_authenticated_wfresh_in_time_frame_return_assertion_success() { // login user var subjectId = "user1"; var loginUrl = string.Format("/account/login?subjectId={0}", WebUtility.UrlEncode(subjectId)); var loginResponse = await _client.GetAsync(loginUrl); var authTime = DateTime.UtcNow; // create ws fed sigin message with wfresh=5 var wsMessage = new WsFederationMessage { Wa = "wsignin1.0", IssuerAddress = "/wsfederation", Wtrealm = "urn:owinrp", Wreply = "http://localhost:10313/", Wfresh = "5", }; var signInUrl = wsMessage.CreateSignInUrl(); var request = new HttpRequestMessage(HttpMethod.Get, signInUrl); // test server doesnt save cookies between requests, // so we set them explicitly for the next request request.SetCookiesFromResponse(loginResponse); var response = await _client.SendAsync(request); Assert.Equal(HttpStatusCode.OK, response.StatusCode); var contentAsText = await response.Content.ReadAsStringAsync(); Assert.NotEqual(String.Empty, contentAsText); Assert.Contains("action=\"http://localhost:10313/\"", contentAsText); // extract wreturn to use it later to check if our token is a valid token var wreturn = ExtractInBetween(contentAsText, "wresult\" value=\"", "\""); var wsResponseMessage = new WsFederationMessage { Wresult = WebUtility.HtmlDecode(wreturn), }; var tokenString = wsResponseMessage.GetToken(); var handler = new SamlSecurityTokenHandler(); var canReadToken = handler.CanReadToken(tokenString); Assert.True(canReadToken); var token = handler.ReadSamlToken(tokenString); var authStatements = token.Assertion.Statements.OfType <SamlAuthenticationStatement>(); Assert.Equal(1, authStatements.Count()); var authStatement = authStatements.First(); Assert.True(authStatement.AuthenticationInstant <= authTime.AddMinutes(5)); }
public async Task WsFederation_signin_request_with_wfresh_set_to_0_user_is_authenticated_force_resignin_return_assertion_success() { // login user var subjectId = "user1"; var loginUrl = string.Format("/account/login?subjectId={0}", WebUtility.UrlEncode(subjectId)); var loginResponse = await _client.GetAsync(loginUrl); var authTime = DateTime.UtcNow; Thread.Sleep(3000); // TODO: bad workaround to sumulate login for 3 seconds // create ws fed sigin message with wfresh var wsMessage = new WsFederationMessage { Wa = "wsignin1.0", IssuerAddress = "/wsfederation", Wtrealm = "urn:owinrp", Wreply = "http://localhost:10313/", Wfresh = "0", }; var uri = wsMessage.CreateSignInUrl(); var request = new HttpRequestMessage(HttpMethod.Get, uri); // test server doesnt save cookies between requests, // so we set them explicitly for the next request request.SetCookiesFromResponse(loginResponse); // make auth request, for allready logged in user var response = await _client.SendAsync(request); // redirect to sign in package because we enforce it with wfresh=0 Assert.Equal(HttpStatusCode.Redirect, response.StatusCode); uri = response.Headers.Location.OriginalString + "&subjectId=" + subjectId; request = new HttpRequestMessage(HttpMethod.Get, uri); request.SetCookiesFromResponse(response); // login again to satisfy wfresh=0 response = await _client.SendAsync(request); Assert.Equal(HttpStatusCode.Redirect, response.StatusCode); uri = response.Headers.Location.OriginalString; request = new HttpRequestMessage(HttpMethod.Get, uri); request.SetCookiesFromResponse(response); // do the redirect to auth endpoint response = await _client.SendAsync(request); Assert.Equal(HttpStatusCode.OK, response.StatusCode); var contentAsText = await response.Content.ReadAsStringAsync(); Assert.NotEqual(String.Empty, contentAsText); Assert.Contains("action=\"http://localhost:10313/\"", contentAsText); // extract wreturn to use it later to check if our token is a valid token var wreturn = ExtractInBetween(contentAsText, "wresult\" value=\"", "\""); var wsResponseMessage = new WsFederationMessage { Wresult = WebUtility.HtmlDecode(wreturn), }; var tokenString = wsResponseMessage.GetToken(); var handler = new SamlSecurityTokenHandler(); var canReadToken = handler.CanReadToken(tokenString); Assert.True(canReadToken); var token = handler.ReadSamlToken(tokenString); var authStatements = token.Assertion.Statements.OfType <SamlAuthenticationStatement>(); Assert.Equal(1, authStatements.Count()); var authStatement = authStatements.First(); Assert.True(authStatement.AuthenticationInstant <= authTime.AddMinutes(5)); }