private static void ApplyCookies(CommandResult commandResult, IOwinContext context, IDataProtector dataProtector)
{
var serializedCookieData = commandResult.GetSerializedRequestState();
if (serializedCookieData != null)
{
var protectedData = HttpRequestData.ConvertBinaryData(
dataProtector.Protect(serializedCookieData));
context.Response.Cookies.Append(
commandResult.SetCookieName,
protectedData,
new CookieOptions()
{
HttpOnly = true,
});
}
commandResult.ApplyClearCookie(context);
}
public void CommandResultExtensions_Apply_Cookie()
{
var cr = new CommandResult()
{
RequestState = new StoredRequestState(
new EntityId("http://idp.example.com"),
new Uri("http://sp.example.com/loggedout"),
new Saml2Id("id123"),
null),
SetCookieName = "CookieName"
};
var context = OwinTestHelpers.CreateOwinContext();
var dataProtector = new StubDataProtector();
cr.Apply(context, dataProtector);
var setCookieHeader = context.Response.Headers["Set-Cookie"];
var protectedData = HttpRequestData.ConvertBinaryData(
StubDataProtector.Protect(cr.GetSerializedRequestState()));
var expected = $"CookieName={protectedData}; path=/; HttpOnly";
setCookieHeader.Should().Be(expected);
}