public async Task WsFederation_signin_request_with_wfresh_user_is_authenticated_wfresh_in_time_frame_return_assertion_success()
{
// login user
var subjectId = "user1";
var loginUrl = string.Format("/account/login?subjectId={0}", WebUtility.UrlEncode(subjectId));
var loginResponse = await _client.GetAsync(loginUrl);
var authTime = DateTime.UtcNow;
// create ws fed sigin message with wfresh=5
var wsMessage = new WsFederationMessage
{
Wa = "wsignin1.0",
IssuerAddress = "/wsfederation",
Wtrealm = "urn:owinrp",
Wreply = "http://localhost:10313/",
Wfresh = "5",
};
var signInUrl = wsMessage.CreateSignInUrl();
var request = new HttpRequestMessage(HttpMethod.Get, signInUrl);
// test server doesnt save cookies between requests,
// so we set them explicitly for the next request
request.SetCookiesFromResponse(loginResponse);
var response = await _client.SendAsync(request);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var contentAsText = await response.Content.ReadAsStringAsync();
Assert.NotEqual(String.Empty, contentAsText);
Assert.Contains("action=\"http://localhost:10313/\"", contentAsText);
// extract wreturn to use it later to check if our token is a valid token
var wreturn = ExtractInBetween(contentAsText, "wresult\" value=\"", "\"");
var wsResponseMessage = new WsFederationMessage
{
Wresult = WebUtility.HtmlDecode(wreturn),
};
var tokenString = wsResponseMessage.GetToken();
var handler = new SamlSecurityTokenHandler();
var canReadToken = handler.CanReadToken(tokenString);
Assert.True(canReadToken);
var token = handler.ReadSamlToken(tokenString);
var authStatements = token.Assertion.Statements.OfType <SamlAuthenticationStatement>();
Assert.Equal(1, authStatements.Count());
var authStatement = authStatements.First();
Assert.True(authStatement.AuthenticationInstant <= authTime.AddMinutes(5));
}
public async Task WsFederation_signin_request_with_wfresh_set_to_0_user_is_authenticated_force_resignin_return_assertion_success()
{
// login user
var subjectId = "user1";
var loginUrl = string.Format("/account/login?subjectId={0}", WebUtility.UrlEncode(subjectId));
var loginResponse = await _client.GetAsync(loginUrl);
var authTime = DateTime.UtcNow;
Thread.Sleep(3000); // TODO: bad workaround to sumulate login for 3 seconds
// create ws fed sigin message with wfresh
var wsMessage = new WsFederationMessage
{
Wa = "wsignin1.0",
IssuerAddress = "/wsfederation",
Wtrealm = "urn:owinrp",
Wreply = "http://localhost:10313/",
Wfresh = "0",
};
var uri = wsMessage.CreateSignInUrl();
var request = new HttpRequestMessage(HttpMethod.Get, uri);
// test server doesnt save cookies between requests,
// so we set them explicitly for the next request
request.SetCookiesFromResponse(loginResponse);
// make auth request, for allready logged in user
var response = await _client.SendAsync(request);
// redirect to sign in package because we enforce it with wfresh=0
Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
uri = response.Headers.Location.OriginalString + "&subjectId=" + subjectId;
request = new HttpRequestMessage(HttpMethod.Get, uri);
request.SetCookiesFromResponse(response);
// login again to satisfy wfresh=0
response = await _client.SendAsync(request);
Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
uri = response.Headers.Location.OriginalString;
request = new HttpRequestMessage(HttpMethod.Get, uri);
request.SetCookiesFromResponse(response);
// do the redirect to auth endpoint
response = await _client.SendAsync(request);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var contentAsText = await response.Content.ReadAsStringAsync();
Assert.NotEqual(String.Empty, contentAsText);
Assert.Contains("action=\"http://localhost:10313/\"", contentAsText);
// extract wreturn to use it later to check if our token is a valid token
var wreturn = ExtractInBetween(contentAsText, "wresult\" value=\"", "\"");
var wsResponseMessage = new WsFederationMessage
{
Wresult = WebUtility.HtmlDecode(wreturn),
};
var tokenString = wsResponseMessage.GetToken();
var handler = new SamlSecurityTokenHandler();
var canReadToken = handler.CanReadToken(tokenString);
Assert.True(canReadToken);
var token = handler.ReadSamlToken(tokenString);
var authStatements = token.Assertion.Statements.OfType <SamlAuthenticationStatement>();
Assert.Equal(1, authStatements.Count());
var authStatement = authStatements.First();
Assert.True(authStatement.AuthenticationInstant <= authTime.AddMinutes(5));
}
