コード例 #1
0
        public async Task AuthorizedRoute_WithCertificateAuthentication_ShouldFailWithUnauthorized_WhenClientCertificateSubjectNameDoesntMatch()
        {
            // Arrange
            string subjectKey = "subject", subjectValue = $"subject-{Guid.NewGuid()}";

            _testServer.AddService <ISecretProvider>(new InMemorySecretProvider((subjectKey, subjectValue)));
            _testServer.AddService(
                new CertificateAuthenticationValidator(
                    new CertificateAuthenticationConfigBuilder()
                    .WithSubject(X509ValidationLocation.SecretProvider, subjectKey)
                    .Build()));

            _testServer.AddFilter(new CertificateAuthenticationFilter());

            using (X509Certificate2 clientCertificate = SelfSignedCertificate.CreateWithSubject("unrecognized-subject-name"))
            {
                _testServer.SetClientCertificate(clientCertificate);
                using (HttpClient client = _testServer.CreateClient())
                {
                    var request = new HttpRequestMessage(
                        HttpMethod.Get,
                        NoneAuthenticationController.Route);

                    // Act
                    using (HttpResponseMessage response = await client.SendAsync(request))
                    {
                        // Arrange
                        Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
                    }
                }
            }
        }
コード例 #2
0
        public async Task GetHealthWithCorrectBearerToken_WithAzureManagedIdentityAuthorization_ReturnsOk()
        {
            // Arrange
            string issuer     = GenerateRandomUri();
            string authority  = GenerateRandomUri();
            string privateKey = GenerateRandomPrivateKey();

            using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_outputWriter))
            {
                TokenValidationParameters tokenValidationParameters = testOpenIdServer.GenerateTokenValidationParametersWithValidAudience(issuer, authority, privateKey);
                var reader = new JwtTokenReader(tokenValidationParameters, testOpenIdServer.OpenIdAddressConfiguration);
                _testServer.AddFilter(filters => filters.AddJwtTokenAuthorization(options => options.JwtTokenReader = reader));

                using (HttpClient client = _testServer.CreateClient())
                    using (var request = new HttpRequestMessage(HttpMethod.Get, HealthController.Route))
                    {
                        string accessToken = testOpenIdServer.RequestSecretToken(issuer, authority, privateKey, daysValid: 7);
                        request.Headers.Add(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken);

                        // Act
                        using (HttpResponseMessage response = await client.SendAsync(request))
                        {
                            // Assert
                            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
                        }
                    }
            }
        }
コード例 #3
0
        public async Task GetHealthWithCorrectBearerToken_WithIncorrectAzureManagedIdentityAuthorization_ReturnsUnauthorized()
        {
            // Arrange
            using (var testServer = new TestApiServer())
                using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_outputWriter))
                {
                    var validationParameters = new TokenValidationParameters
                    {
                        ValidateAudience         = false,
                        ValidateIssuer           = false,
                        ValidateIssuerSigningKey = true,
                        ValidateLifetime         = true
                    };
                    var reader = new JwtTokenReader(validationParameters, testOpenIdServer.OpenIdAddressConfiguration);
                    testServer.AddFilter(filters => filters.AddJwtTokenAuthorization(options => options.JwtTokenReader = reader));

                    using (HttpClient client = testServer.CreateClient())
                        using (var request = new HttpRequestMessage(HttpMethod.Get, HealthController.Route))
                        {
                            string accessToken = await testOpenIdServer.RequestAccessTokenAsync();

                            request.Headers.Add(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken);

                            // Act
                            using (HttpResponseMessage response = await client.SendAsync(request))
                            {
                                // Assert
                                Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
                            }
                        }
                }
        }
コード例 #4
0
        public async Task GetHealthWithIncorrectBearerToken_WithAzureManagedIdentityAuthorization_ReturnsUnauthorized()
        {
            // Arrange
            using (var testServer = new TestApiServer())
                using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_outputWriter))
                {
                    TokenValidationParameters validationParameters = await testOpenIdServer.GenerateTokenValidationParametersAsync();

                    var reader = new JwtTokenReader(validationParameters, testOpenIdServer.OpenIdAddressConfiguration);
                    testServer.AddFilter(filters => filters.AddJwtTokenAuthorization(options => options.JwtTokenReader = reader));

                    using (HttpClient client = testServer.CreateClient())
                        using (var request = new HttpRequestMessage(HttpMethod.Get, HealthController.Route))
                        {
                            string accessToken = $"Bearer {_bogusGenerator.Random.AlphaNumeric(10)}.{_bogusGenerator.Random.AlphaNumeric(50)}.{_bogusGenerator.Random.AlphaNumeric(40)}";
                            request.Headers.Add(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken);

                            // Act
                            using (HttpResponseMessage response = await client.SendAsync(request))
                            {
                                // Assert
                                Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
                            }
                        }
                }
        }
コード例 #5
0
        public async Task GetHealthWithCorrectBearerToken_WithAzureManagedIdentityAuthorization_ReturnsOk()
        {
            // Arrange
            using (var testServer = new TestApiServer())
                using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_outputWriter))
                {
                    TokenValidationParameters validationParameters = await testOpenIdServer.GenerateTokenValidationParametersAsync();

                    var reader = new JwtTokenReader(validationParameters, testOpenIdServer.OpenIdAddressConfiguration);
                    testServer.AddFilter(new AzureManagedIdentityAuthorizationFilter(reader));

                    using (HttpClient client = testServer.CreateClient())
                        using (var request = new HttpRequestMessage(HttpMethod.Get, HealthController.Route))
                        {
                            string accessToken = await testOpenIdServer.RequestAccessTokenAsync();

                            request.Headers.Add(AzureManagedIdentityAuthorizationFilter.DefaultHeaderName, accessToken);

                            // Act
                            using (HttpResponseMessage response = await client.SendAsync(request))
                            {
                                // Assert
                                Assert.Equal(HttpStatusCode.OK, response.StatusCode);
                            }
                        }
                }
        }
コード例 #6
0
        public async Task GetHealthWithCorrectBearerToken_WithAzureManagedIdentityAuthorizationAndCustomClaims_ReturnsOk()
        {
            // Arrange
            string issuer    = $"http://{Util.GetRandomString(10).ToLower()}.com";
            string authority = $"http://{Util.GetRandomString(10).ToLower()}.com";

            RSA    rsa        = new RSACryptoServiceProvider(512);
            string privateKey = rsa.ToCustomXmlString(true);

            using (var testServer = new TestApiServer())
                using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_outputWriter))
                {
                    TokenValidationParameters tokenValidationParameters = testOpenIdServer.GenerateTokenValidationParametersWithValidAudience(issuer, authority, privateKey);
                    var reader = new JwtTokenReader(tokenValidationParameters, testOpenIdServer.OpenIdAddressConfiguration);
                    Dictionary <string, string> claimCheck = new Dictionary <string, string> {
                        { JwtClaimTypes.Audience, Guid.NewGuid().ToString() }
                    };
                    testServer.AddFilter(filters => filters.AddJwtTokenAuthorization(options => options.JwtTokenReader = reader, claimCheck));

                    using (HttpClient client = testServer.CreateClient())
                        using (var request = new HttpRequestMessage(HttpMethod.Get, HealthController.Route))
                        {
                            string accessToken = testOpenIdServer.RequestSecretToken(issuer, authority, privateKey, 7, claimCheck);
                            request.Headers.Add(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken);

                            // Act
                            using (HttpResponseMessage response = await client.SendAsync(request))
                            {
                                // Assert
                                Assert.Equal(HttpStatusCode.OK, response.StatusCode);
                            }
                        }
                }
        }
コード例 #7
0
        public async Task SharedAccessKeyAuthorizedRoute_WithBypassAttributeOnMethod_SkipsAuthentication(string route)
        {
            // Arrange
            _testServer.AddFilter(new SharedAccessKeyAuthenticationFilter(HeaderName, queryParameterName: null, SecretName));

            // Act
            using (HttpResponseMessage response = await SendAuthorizedHttpRequest(route, headerValue: null))
            {
                // Assert
                Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            }
        }
コード例 #8
0
        public async Task GetHealthWithCorrectBearerToken_WithIncorrectAzureManagedIdentityAuthorization_ReturnsUnauthorized()
        {
            // Arrange
            string issuer    = $"http://{Util.GetRandomString(10).ToLower()}.com";
            string authority = $"http://{Util.GetRandomString(10).ToLower()}.com";

            RSA    rsa        = new RSACryptoServiceProvider(512);
            string privateKey = rsa.ToCustomXmlString(true);

            using (var testServer = new TestApiServer())
                using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_outputWriter))
                {
                    var validationParameters = new TokenValidationParameters
                    {
                        ValidateAudience         = false,
                        ValidateIssuer           = false,
                        ValidateIssuerSigningKey = true,
                        ValidateLifetime         = true
                    };

                    var reader = new JwtTokenReader(validationParameters, testOpenIdServer.OpenIdAddressConfiguration);
                    testServer.AddFilter(filters => filters.AddJwtTokenAuthorization(options => options.JwtTokenReader = reader));

                    using (HttpClient client = testServer.CreateClient())
                        using (var request = new HttpRequestMessage(HttpMethod.Get, HealthController.Route))
                        {
                            string accessToken = testOpenIdServer.RequestSecretToken(issuer, authority, privateKey, 7);
                            request.Headers.Add(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken);

                            // Act
                            using (HttpResponseMessage response = await client.SendAsync(request))
                            {
                                // Assert
                                Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
                            }
                        }
                }
        }
コード例 #9
0
        public async Task CertificateAuthorizedRoute_WithBypassAttribute_SkipsAuthentication(string route)
        {
            // Arrange
            using (X509Certificate2 clientCertificate = SelfSignedCertificate.CreateWithIssuerAndSubjectName("issuer", "subject"))
            {
                _testServer.SetClientCertificate(clientCertificate);
                _testServer.AddFilter(new CertificateAuthenticationFilter());
                _testServer.AddService <ISecretProvider>(new InMemorySecretProvider((IssuerKey, "CN=issuer")));
                _testServer.AddService(
                    new CertificateAuthenticationValidator(
                        new CertificateAuthenticationConfigBuilder()
                        .WithIssuer(X509ValidationLocation.SecretProvider, IssuerKey)
                        .Build()));

                using (HttpClient client = _testServer.CreateClient())
                    // Act
                    using (HttpResponseMessage response = await client.GetAsync(route))
                    {
                        // Assert
                        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
                    }
            }
        }