public async Task WsFederation_signin_request_with_wfresh_set_to_0_user_is_authenticated_wfresh_exceeded_redirect_to_login_page_success() { // login user var subjectId = "user1"; var loginUrl = string.Format("/account/login?subjectId={0}", WebUtility.UrlEncode(subjectId)); var loginResponse = await _client.GetAsync(loginUrl); // create ws fed sigin message with wfresh var wsMessage = new WsFederationMessage { Wa = "wsignin1.0", IssuerAddress = "/wsfederation", Wtrealm = "urn:owinrp", Wreply = "http://localhost:10313/", Wfresh = "0", }; var signInUrl = wsMessage.CreateSignInUrl(); var request = new HttpRequestMessage(HttpMethod.Get, signInUrl); // test server doesnt save cookies between requests, // so we set them explicitly for the next request request.SetCookiesFromResponse(loginResponse); var response = await _client.SendAsync(request); Assert.Equal(HttpStatusCode.Found, response.StatusCode); var expectedLocation = "/Account/Login?ReturnUrl=%2Fwsfederation%3Fwa%3Dwsignin1.0%26wtrealm%3Durn%253Aowinrp%26wreply%3Dhttp%253A%252F%252Flocalhost%253A10313%252F"; Assert.Equal(expectedLocation, response.Headers.Location.OriginalString); }
/// <summary> /// Handles Challenge /// </summary> /// <returns></returns> protected override async Task HandleChallengeAsync(AuthenticationProperties properties) { if (_configuration == null) { _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); } // Save the original challenge URI so we can redirect back to it when we're done. if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = OriginalPathBase + OriginalPath + Request.QueryString; } var wsFederationMessage = new WsFederationMessage() { IssuerAddress = _configuration.TokenEndpoint ?? string.Empty, Wtrealm = Options.Wtrealm, Wa = WsFederationConstants.WsFederationActions.SignIn, }; if (!string.IsNullOrEmpty(Options.Wreply)) { wsFederationMessage.Wreply = Options.Wreply; } else { wsFederationMessage.Wreply = BuildRedirectUri(Options.CallbackPath); } GenerateCorrelationId(properties); var redirectContext = new RedirectContext(Context, Scheme, Options, properties) { ProtocolMessage = wsFederationMessage }; await Events.RedirectToIdentityProvider(redirectContext); if (redirectContext.Handled) { return; } wsFederationMessage = redirectContext.ProtocolMessage; if (!string.IsNullOrEmpty(wsFederationMessage.Wctx)) { properties.Items[WsFederationDefaults.UserstatePropertiesKey] = wsFederationMessage.Wctx; } wsFederationMessage.Wctx = Uri.EscapeDataString(Options.StateDataFormat.Protect(properties)); var redirectUri = wsFederationMessage.CreateSignInUrl(); if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute)) { Logger.MalformedRedirectUri(redirectUri); } Response.Redirect(redirectUri); }
public async Task WsFederation_signin_request_with_wfresh_user_is_authenticated_wfresh_in_time_frame_return_assertion_success() { // login user var subjectId = "user1"; var loginUrl = string.Format("/account/login?subjectId={0}", WebUtility.UrlEncode(subjectId)); var loginResponse = await _client.GetAsync(loginUrl); var authTime = DateTime.UtcNow; // create ws fed sigin message with wfresh=5 var wsMessage = new WsFederationMessage { Wa = "wsignin1.0", IssuerAddress = "/wsfederation", Wtrealm = "urn:owinrp", Wreply = "http://localhost:10313/", Wfresh = "5", }; var signInUrl = wsMessage.CreateSignInUrl(); var request = new HttpRequestMessage(HttpMethod.Get, signInUrl); // test server doesnt save cookies between requests, // so we set them explicitly for the next request request.SetCookiesFromResponse(loginResponse); var response = await _client.SendAsync(request); Assert.Equal(HttpStatusCode.OK, response.StatusCode); var contentAsText = await response.Content.ReadAsStringAsync(); Assert.NotEqual(String.Empty, contentAsText); Assert.Contains("action=\"http://localhost:10313/\"", contentAsText); // extract wreturn to use it later to check if our token is a valid token var wreturn = ExtractInBetween(contentAsText, "wresult\" value=\"", "\""); var wsResponseMessage = new WsFederationMessage { Wresult = WebUtility.HtmlDecode(wreturn), }; var tokenString = wsResponseMessage.GetToken(); var handler = new SamlSecurityTokenHandler(); var canReadToken = handler.CanReadToken(tokenString); Assert.True(canReadToken); var token = handler.ReadSamlToken(tokenString); var authStatements = token.Assertion.Statements.OfType <SamlAuthenticationStatement>(); Assert.Equal(1, authStatements.Count()); var authStatement = authStatements.First(); Assert.True(authStatement.AuthenticationInstant <= authTime.AddMinutes(5)); }
public async Task WsFederation_signin_request_user_not_authenticated_redirect_to_login_page_success() { var wsMessage = new WsFederationMessage { IssuerAddress = "/wsfederation", Wtrealm = "urn:owinrp", Wreply = "http://localhost:10313/", }; var signInUrl = wsMessage.CreateSignInUrl(); var response = await _client.GetAsync(signInUrl); Assert.Equal(HttpStatusCode.Found, response.StatusCode); var expectedLocation = "/Account/Login?ReturnUrl=%2Fwsfederation%3Fwtrealm%3Durn%253Aowinrp%26wreply%3Dhttp%253A%252F%252Flocalhost%253A10313%252F%26wa%3Dwsignin1.0"; Assert.Equal(expectedLocation, response.Headers.Location.OriginalString); }
public async Task WsFederation_sigin_request_for_logged_in_user_return_assertion_success() { // login user var subjectId = "user1"; var loginUrl = string.Format("/account/login?subjectId={0}", WebUtility.UrlEncode(subjectId)); var loginResponse = await _client.GetAsync(loginUrl); Assert.Equal(HttpStatusCode.OK, loginResponse.StatusCode); // create ws fed sign in message var wsSignInMessage = new WsFederationMessage { Wa = "wsignin1.0", IssuerAddress = "/wsfederation", Wtrealm = "urn:owinrp", Wreply = "http://localhost:10313/", }; var signInUrl = wsSignInMessage.CreateSignInUrl(); var request = new HttpRequestMessage(HttpMethod.Get, signInUrl); // test server doesnt save cookies between requests, // so we set them explicitly for the next request request.SetCookiesFromResponse(loginResponse); // send ws fed sign in request var wsResponse = await _client.SendAsync(request); Assert.Equal(HttpStatusCode.OK, wsResponse.StatusCode); var contentAsText = await wsResponse.Content.ReadAsStringAsync(); Assert.NotEqual(String.Empty, contentAsText); Assert.Contains("action=\"http://localhost:10313/\"", contentAsText); // extract wreturn to use it later to check if our token is a valid token var wreturn = ExtractInBetween(contentAsText, "wresult\" value=\"", "\""); Assert.False(wreturn.StartsWith("%EF%BB%BF")); //don't start with BOM (Byte Order Mark) var wsMessage = new WsFederationMessage { Wresult = WebUtility.HtmlDecode(wreturn), }; var tokenString = wsMessage.GetToken(); var handler = new SamlSecurityTokenHandler(); var canReadToken = handler.CanReadToken(tokenString); Assert.True(canReadToken); }
public async Task WsFederation_signin_request_with_wfresh_set_to_0_user_is_authenticated_force_resignin_return_assertion_success() { // login user var subjectId = "user1"; var loginUrl = string.Format("/account/login?subjectId={0}", WebUtility.UrlEncode(subjectId)); var loginResponse = await _client.GetAsync(loginUrl); var authTime = DateTime.UtcNow; Thread.Sleep(3000); // TODO: bad workaround to sumulate login for 3 seconds // create ws fed sigin message with wfresh var wsMessage = new WsFederationMessage { Wa = "wsignin1.0", IssuerAddress = "/wsfederation", Wtrealm = "urn:owinrp", Wreply = "http://localhost:10313/", Wfresh = "0", }; var uri = wsMessage.CreateSignInUrl(); var request = new HttpRequestMessage(HttpMethod.Get, uri); // test server doesnt save cookies between requests, // so we set them explicitly for the next request request.SetCookiesFromResponse(loginResponse); // make auth request, for allready logged in user var response = await _client.SendAsync(request); // redirect to sign in package because we enforce it with wfresh=0 Assert.Equal(HttpStatusCode.Redirect, response.StatusCode); uri = response.Headers.Location.OriginalString + "&subjectId=" + subjectId; request = new HttpRequestMessage(HttpMethod.Get, uri); request.SetCookiesFromResponse(response); // login again to satisfy wfresh=0 response = await _client.SendAsync(request); Assert.Equal(HttpStatusCode.Redirect, response.StatusCode); uri = response.Headers.Location.OriginalString; request = new HttpRequestMessage(HttpMethod.Get, uri); request.SetCookiesFromResponse(response); // do the redirect to auth endpoint response = await _client.SendAsync(request); Assert.Equal(HttpStatusCode.OK, response.StatusCode); var contentAsText = await response.Content.ReadAsStringAsync(); Assert.NotEqual(String.Empty, contentAsText); Assert.Contains("action=\"http://localhost:10313/\"", contentAsText); // extract wreturn to use it later to check if our token is a valid token var wreturn = ExtractInBetween(contentAsText, "wresult\" value=\"", "\""); var wsResponseMessage = new WsFederationMessage { Wresult = WebUtility.HtmlDecode(wreturn), }; var tokenString = wsResponseMessage.GetToken(); var handler = new SamlSecurityTokenHandler(); var canReadToken = handler.CanReadToken(tokenString); Assert.True(canReadToken); var token = handler.ReadSamlToken(tokenString); var authStatements = token.Assertion.Statements.OfType <SamlAuthenticationStatement>(); Assert.Equal(1, authStatements.Count()); var authStatement = authStatements.First(); Assert.True(authStatement.AuthenticationInstant <= authTime.AddMinutes(5)); }