/// <summary> /// Method to generate the credential file content /// </summary> /// <param name="managementCert">management cert</param> /// <param name="acsDetails">ACS details</param> /// <param name="channelIntegrityKey">Integrity key</param> /// <param name="vault">vault object</param> /// <param name="site">site object</param> /// <returns>vault credential object</returns> private ASRVaultCreds GenerateCredentialObject( X509Certificate2 managementCert, VaultCertificateResponse acsDetails, string channelIntegrityKey, ARSVault vault, ASRSite site) { string serializedCertificate = Convert.ToBase64String(managementCert.Export(X509ContentType.Pfx)); AcsNamespace acsNamespace = new AcsNamespace(acsDetails.Properties as ResourceCertificateAndAcsDetails); string resourceProviderNamespace = string.Empty; string resourceType = string.Empty; Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType); ASRVaultCreds vaultCreds = new ASRVaultCreds( vault.SubscriptionId, vault.Name, serializedCertificate, acsNamespace, channelIntegrityKey, vault.ResourceGroupName, site.ID, site.Name, resourceProviderNamespace, resourceType, vault.Location); return(vaultCreds); }
public void AddMyCoolWebsiteRelyingPartyWithSamlTokenDetails() { var encryptionCert = new X509Certificate(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer")); var signingCertBytes = this.ReadBytesFromPfxFile(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx")); var temp = new X509Certificate2(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx"), "xyz"); var startDate = temp.NotBefore.ToUniversalTime(); var endDate = temp.NotAfter.ToUniversalTime(); var acsNamespace = new AcsNamespace(this.namespaceDesc); acsNamespace.AddRelyingParty( rp => rp .Name("MyCoolWebsite") .RealmAddress("http://mycoolwebsite.com/") .ReplyAddress("http://mycoolwebsite.com/") .AllowGoogleIdentityProvider() .AllowWindowsLiveIdentityProvider() .SamlToken() .TokenLifetime(120) .SigningCertificate(sc => sc.Bytes(signingCertBytes).Password("xyz").StartDate(startDate).EndDate(endDate)) .EncryptionCertificate(encryptionCert.GetRawCertData())); acsNamespace.SaveChanges(); Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite")); Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite", 2)); }
public override void ExecuteCmdlet() { ExecutionBlock(() => { base.ExecuteCmdlet(); if (!Directory.Exists(TargetLocation)) { throw new ArgumentException(Resources.VaultCredPathException); } string subscriptionId = DefaultContext.Subscription.Id.ToString(); string resourceType = "BackupVault"; string displayName = subscriptionId + "_" + Vault.ResourceGroupName + "_" + Vault.Name; WriteDebug(string.Format(CultureInfo.InvariantCulture, Resources.ExecutingGetVaultCredCmdlet, subscriptionId, Vault.ResourceGroupName, Vault.Name, TargetLocation)); X509Certificate2 cert = CertUtils.CreateSelfSignedCert(CertUtils.DefaultIssuer, CertUtils.GenerateCertFriendlyName(subscriptionId, Vault.Name), CertUtils.DefaultPassword, DateTime.UtcNow.AddMinutes(-10), DateTime.UtcNow.AddHours(this.GetCertificateExpiryInHours())); AcsNamespace acsNamespace = new AcsNamespace(); string channelIntegrityKey = string.Empty; try { // Upload cert into ID Mgmt WriteDebug(string.Format(CultureInfo.InvariantCulture, Resources.UploadingCertToIdmgmt)); acsNamespace = UploadCert(cert, subscriptionId, Vault.Name, resourceType, Vault.ResourceGroupName); WriteDebug(string.Format(CultureInfo.InvariantCulture, Resources.UploadedCertToIdmgmt)); } catch (Exception exception) { throw exception; } // generate vault credentials string vaultCredsFileContent = GenerateVaultCreds(cert, subscriptionId, resourceType, acsNamespace); // NOTE: One of the scenarios for this cmdlet is to generate a file which will be an input to DPM servers. // We found a bug in the DPM UI which is looking for a particular namespace in the input file. // The below is a hack to circumvent this issue and this would be removed once the bug can be fixed. vaultCredsFileContent = vaultCredsFileContent.Replace("Microsoft.Azure.Commands.AzureBackup.Models", "Microsoft.Azure.Portal.RecoveryServices.Models.Common"); // prepare for download string fileName = string.Format("{0}_{1}.VaultCredentials", displayName, DateTime.UtcNow.ToString("yyyy-dd-M--HH-mm-ss")); string filePath = Path.Combine(TargetLocation, fileName); WriteDebug(string.Format(Resources.SavingVaultCred, filePath)); File.WriteAllBytes(filePath, Encoding.UTF8.GetBytes(vaultCredsFileContent)); // Output filename back to user WriteObject(fileName); }); }
public void AddVandelayIndustriesServiceIdentityWithX509FromStore() { var acsNamespace = new AcsNamespace(namespaceDesc); var name = "Vandelay Industries X509"; acsNamespace.AddServiceIdentityWithX509Certificate( si => si .Name(name).EncryptionCertificateIdentifiedBy(thumbprint: "66e0bc68570e30fba6207b1050ac72dc5b48cf47")); acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message)); Assert.IsTrue(AcsHelper.CheckServiceIdentityExists(this.namespaceDesc, name)); }
public void AddVandelayIndustriesServiceIdentity() { var acsNamespace = new AcsNamespace(this.namespaceDesc); acsNamespace.AddServiceIdentity( si => si .Name("Vandelay Industries") .Password("Passw0rd!")); acsNamespace.SaveChanges(); Assert.IsTrue(AcsHelper.CheckServiceIdentityExists(this.namespaceDesc, "Vandelay Industries")); }
public void AddGoogleAndYahooIdentityProviders() { var acsNamespace = new AcsNamespace(this.namespaceDesc); acsNamespace .AddGoogleIdentityProvider() .AddYahooIdentityProvider(); acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message)); Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Google")); Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Yahoo!")); }
public void AddVandelayIndustriesServiceIdentityWithX509FromFile() { var encryptionCert = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer"); var acsNamespace = new AcsNamespace(namespaceDesc); var name = "Vandelay Industries X509"; acsNamespace.AddServiceIdentityWithX509Certificate( si => si .Name(name).EncryptionCertificate(encryptionCert)); acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message)); Assert.IsTrue(AcsHelper.CheckServiceIdentityExists(this.namespaceDesc, name)); }
public void AddFacebookIdentityProvider() { var acsNamespace = new AcsNamespace(this.namespaceDesc); acsNamespace .AddFacebookIdentityProvider( ip => ip .AppId(facebookAppId) .AppSecret(facebookAppSecret) ); acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message)); Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Facebook")); }
public void AddWsFederationIdentityProvider() { var acsNamespace = new AcsNamespace(this.namespaceDesc); acsNamespace .AddWsFederationIdentityProvider( ip => ip .MetadataUri("https://login.windows.net/fluentacs.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml") .DisplayName("My WS-Fed IP") ); acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message)); Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "My WS-Fed IP")); }
/// <summary> /// Method to generate the credential file content /// </summary> /// <param name="managementCert">management cert</param> /// <param name="acsDetails">ACS details</param> /// <param name="channelIntegrityKey">Integrity key</param> /// <param name="vault">vault object</param> /// <param name="site">site object</param> /// <returns>vault credential object</returns> private ASRVaultCreds GenerateCredentialObject(X509Certificate2 managementCert, UploadCertificateResponse acsDetails, string channelIntegrityKey, ASRVault vault) { string serializedCertifivate = Convert.ToBase64String(managementCert.Export(X509ContentType.Pfx)); AcsNamespace acsNamespace = new AcsNamespace(acsDetails); ASRVaultCreds vaultCreds = new ASRVaultCreds( vault.SubscriptionId, vault.Name, serializedCertifivate, acsNamespace, channelIntegrityKey, vault.ResouceGroupName); return(vaultCreds); }
public void AddMyCoolWebsiteLinkedToExistingRuleGroup() { var acsNamespace = new AcsNamespace(this.namespaceDesc); acsNamespace.AddRelyingParty( rp => rp .Name("MyCoolWebsite") .RealmAddress("http://mycoolwebsite.com/") .ReplyAddress("http://mycoolwebsite.com/") .AllowGoogleIdentityProvider() .LinkToRuleGroup("Rule Group for MyCoolWebsite Relying Party")); acsNamespace.SaveChanges(); Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite")); }
public void AddMyCoolWebsiteRelyingPartyWithSamlTokenDetailsWithX509CertificateFromCertificateStore() { var acsNamespace = new AcsNamespace(this.namespaceDesc); acsNamespace.AddRelyingParty( rp => rp .Name("MyCoolWebsite with X509") .RealmAddress("http://mycoolwebsitewithx509.com/") .ReplyAddress("http://mycoolwebsitewithx509.com/") .AllowGoogleIdentityProvider() .EncryptionCertificateIdentifiedBy(thumbprint: "66e0bc68570e30fba6207b1050ac72dc5b48cf47")); acsNamespace.SaveChanges(); Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite with X509")); Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite with X509", 1)); }
public void AddFacebookIdentityProviderWithAdditionalPermissions() { var acsNamespace = new AcsNamespace(this.namespaceDesc); acsNamespace .AddFacebookIdentityProvider( ip => ip .AppId(facebookAppId) .AppSecret(facebookAppSecret) .WithApplicationPermission(FacebookApplicationPermission.UserPhotos) .WithApplicationPermission(FacebookApplicationPermission.PublishStream) ); acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message)); Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Facebook")); }
public void AddMyCoolWebsiteRelyingPartyWithRuleGroup() { var acsNamespace = new AcsNamespace(this.namespaceDesc); acsNamespace.AddRelyingParty( rp => rp .Name("MyCoolWebsite") .RealmAddress("http://mycoolwebsite.com/") .ReplyAddress("http://mycoolwebsite.com/") .AllowGoogleIdentityProvider() .AllowWindowsLiveIdentityProvider() .RemoveRelatedRuleGroups() .AddRuleGroup(rg => rg.Name("Rule Group for MyCoolWebsite Relying Party"))); acsNamespace.SaveChanges(); Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite")); Assert.IsTrue(AcsHelper.CheckRuleGroupExists(this.namespaceDesc, "MyCoolWebsite", "Rule Group for MyCoolWebsite Relying Party")); }
public void AddMyCoolWebsiteRelyingPartyWithSamlTokenDetailsWithX509CertificateFromFile() { var encryptionCert = new X509Certificate(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer")); var acsNamespace = new AcsNamespace(this.namespaceDesc); acsNamespace.AddRelyingParty( rp => rp .Name("MyCoolWebsite with X509") .RealmAddress("http://mycoolwebsitewithx509.com/") .ReplyAddress("http://mycoolwebsitewithx509.com/") .AllowGoogleIdentityProvider() .EncryptionCertificate(encryptionCert)); acsNamespace.SaveChanges(); Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite with X509")); Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite with X509", 1)); }
public void AddMyCoolWebsiteRelyingPartyWithSwtTokenDetails() { var acsNamespace = new AcsNamespace(this.namespaceDesc); acsNamespace.AddRelyingParty( rp => rp .Name("MyCoolWebsite") .RealmAddress("http://mycoolwebsite.com/") .ReplyAddress("http://mycoolwebsite.com/") .AllowGoogleIdentityProvider() .AllowWindowsLiveIdentityProvider() .SwtToken() .TokenLifetime(120) .SymmetricKey(Convert.FromBase64String("yMryA5VQVmMwrtuiJBfyjMnAJwoT7//fCuM6NwaHjQ1="))); acsNamespace.SaveChanges(); Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite")); Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite", 1)); }
public static void Init(string fileName) { Contract.Requires(!string.IsNullOrWhiteSpace(fileName)); Contract.Requires(File.Exists(fileName)); var doc = XDocument.Load(fileName); var root = doc.Element("settings"); AcsNamespace = root.Element("acsNamespace").Value; TokenLifetime = (int)root.Element("tokenLifetime"); var keyLifetime = (int)root.Element("keyLifetime"); var servicePassword = root.Element("servicePassword").Value; var signingPassword = root.Element("signingPassword").Value; var namePrefix = root.Element("namePrefix").Value; var authority = new Uri(root.Element("authority").Value); Contract.Assert(AcsNamespace.IsAcsNamespace()); Contract.Assert(TokenLifetime >= 1); Contract.Assert(keyLifetime >= 1); Contract.Assert(!string.IsNullOrWhiteSpace(servicePassword)); Contract.Assert(!string.IsNullOrWhiteSpace(signingPassword)); Contract.Assert(!string.IsNullOrWhiteSpace(namePrefix)); Contract.Assert(authority.IsAbsoluteUri); Contract.Assert(authority.AbsolutePath == "/"); Realm = new Uri(authority.AbsoluteUri + "Users/"); RelyingParty = namePrefix + " Relying Party"; RuleGroup = namePrefix + " Rule Group"; KeyStartDate = DateTime.UtcNow.Date; KeyEndDate = KeyStartDate.AddMonths(keyLifetime); ServiceIdentity = new Credentials( namePrefix + " Service Identity", servicePassword); TokenSigningKey = Encoding.UTF8.GetBytes(signingPassword); }
/// <summary> /// Generates vault creds file content for backup Vault /// </summary> /// <param name="cert">management certificate</param> /// <param name="subscriptionId">subscription Id</param> /// <param name="acsNamespace">acs namespace</param> /// <returns>xml file in string format</returns> private string GenerateVaultCredsForBackup(X509Certificate2 cert, string subscriptionId, AcsNamespace acsNamespace) { using (var output = new MemoryStream()) { using (var writer = XmlWriter.Create(output, GetXmlWriterSettings())) { BackupVaultCreds backupVaultCreds = new BackupVaultCreds(subscriptionId, this.Vault.Name, CertUtils.SerializeCert(cert, X509ContentType.Pfx), acsNamespace, GetAgentLinks()); DataContractSerializer serializer = new DataContractSerializer(typeof(BackupVaultCreds)); serializer.WriteObject(writer, backupVaultCreds); WriteDebug(string.Format(CultureInfo.InvariantCulture, Resources.BackupVaultSerialized)); } return(Encoding.UTF8.GetString(output.ToArray())); } }
/// <summary> /// Generates vault creds file /// </summary> /// <param name="cert">management certificate</param> /// <param name="subscriptionId">subscription Id</param> /// <param name="resourceType">resource type</param> /// <param name="displayName">display name</param> /// <param name="acsNamespace">acs namespace</param> /// <returns>xml file in string format</returns> private string GenerateVaultCreds(X509Certificate2 cert, string subscriptionId, string resourceType, AcsNamespace acsNamespace) { try { return(GenerateVaultCredsForBackup(cert, subscriptionId, resourceType, acsNamespace)); } catch (Exception exception) { throw exception; } }
static void Main(string[] args) { var namespaceDesc = new AcsNamespaceDescription( ConfigurationManager.AppSettings["acsNamespace"], ConfigurationManager.AppSettings["acsUserName"], ConfigurationManager.AppSettings["acsPassword"]); var encryptionCert = new X509Certificate(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer")); var signingCertBytes = ReadBytesFromPfxFile(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx")); var temp = new X509Certificate2(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx"), "xyz"); var startDate = temp.NotBefore.ToUniversalTime(); var endDate = temp.NotAfter.ToUniversalTime(); var acsNamespace = new AcsNamespace(namespaceDesc); acsNamespace .AddGoogleIdentityProvider() .AddYahooIdentityProvider() .AddServiceIdentity( si => si .Name("Vandelay Industries") .Password("Passw0rd!")) .AddRelyingParty( rp => rp .Name("MyCoolWebsite") .RealmAddress("http://mycoolwebsite.com/") .ReplyAddress("http://mycoolwebsite.com/") .AllowGoogleIdentityProvider() .AllowWindowsLiveIdentityProvider() .SamlToken() .TokenLifetime(120) .SigningCertificate(sc => sc.Bytes(signingCertBytes).Password("xyz").StartDate(startDate).EndDate(endDate)) .EncryptionCertificate(encryptionCert.GetRawCertData()) .RemoveRelatedRuleGroups() .AddRuleGroup(rg => rg .Name("Rule Group for MyCoolWebsite Relying Party") .AddRule( rule => rule .Description("Google Passthrough") .IfInputClaimIssuer().Is("Google") .AndInputClaimType().IsOfType(ClaimTypes.Email) .AndInputClaimValue().IsAny() .ThenOutputClaimType().ShouldBe(ClaimTypes.Name) .AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue()) .AddRule( rule => rule .Description("Yahoo! Passthrough") .IfInputClaimIssuer().Is("Yahoo!") .AndInputClaimType().IsAny() .AndInputClaimValue().IsAny() .ThenOutputClaimType().ShouldPassthroughFirstInputClaimType() .AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue()) .AddRule( rule => rule .Description("Windows Live ID rule") .IfInputClaimIssuer().Is("Windows Live ID") .AndInputClaimType().IsOfType(ClaimTypes.Email) .AndInputClaimValue().Is("*****@*****.**") .ThenOutputClaimType().ShouldBe(ClaimTypes.NameIdentifier) .AndOutputClaimValue().ShouldBe("John Doe")) .AddRule( rule => rule .Description("ACS rule") .IfInputClaimIssuer().IsAcs() .AndInputClaimType().IsAny() .AndInputClaimValue().IsAny() .ThenOutputClaimType().ShouldPassthroughFirstInputClaimType() .AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue()))); acsNamespace.SaveChanges(logInfo => Console.WriteLine(logInfo.Message)); Console.ReadKey(); }
/// <summary> /// Get vault credentials for backup vault type. /// </summary> public void GetAzureRMRecoveryServicesVaultBackupCredentials() { string targetLocation = string.IsNullOrEmpty(this.Path) ? Utilities.GetDefaultPath() : this.Path; if (!Directory.Exists(targetLocation)) { throw new ArgumentException(Resources.VaultCredPathException); } string subscriptionId = DefaultContext.Subscription.Id.ToString(); string displayName = this.Vault.Name; WriteDebug(string.Format(CultureInfo.InvariantCulture, Resources.ExecutingGetVaultCredCmdlet, subscriptionId, this.Vault.ResourceGroupName, this.Vault.Name, targetLocation)); // Generate certificate X509Certificate2 cert = CertUtils.CreateSelfSignedCertificate( VaultCertificateExpiryInHoursForBackup, subscriptionId.ToString(), this.Vault.Name); AcsNamespace acsNamespace = null; string channelIntegrityKey = string.Empty; try { // Upload cert into ID Mgmt WriteDebug(string.Format(CultureInfo.InvariantCulture, Resources.UploadingCertToIdmgmt)); acsNamespace = UploadCert(cert); WriteDebug(string.Format(CultureInfo.InvariantCulture, Resources.UploadedCertToIdmgmt)); } catch (Exception exception) { throw exception; } // generate vault credentials string vaultCredsFileContent = GenerateVaultCreds(cert, subscriptionId, acsNamespace); // NOTE: One of the scenarios for this cmdlet is to generate a file which will be an input // to DPM servers. // We found a bug in the DPM UI which is looking for a particular namespace in the input file. // The below is a hack to circumvent this issue and this would be removed once the bug can be fixed. vaultCredsFileContent = vaultCredsFileContent.Replace("Microsoft.Azure.Commands.AzureBackup.Models", "Microsoft.Azure.Portal.RecoveryServices.Models.Common"); // prepare for download string fileName = string.Format("{0}_{1:ddd MMM dd yyyy}.VaultCredentials", displayName, DateTime.UtcNow); string filePath = System.IO.Path.Combine(targetLocation, fileName); WriteDebug(string.Format(Resources.SavingVaultCred, filePath)); File.WriteAllBytes(filePath, Encoding.UTF8.GetBytes(vaultCredsFileContent)); VaultSettingsFilePath output = new VaultSettingsFilePath() { FilePath = filePath, }; // Output filename back to user WriteObject(output); }
public void AddMyCoolWebsiteRelyingPartyWithRuleGroupAndRules() { var acsNamespace = new AcsNamespace(this.namespaceDesc); const string MyCoolWebsite = "MyCoolWebsite"; const string RuleGroupForMyCoolWebsiteRelyingParty = "Rule Group for MyCoolWebsite Relying Party"; acsNamespace.AddRelyingParty( rp => rp .Name(MyCoolWebsite) .RealmAddress("http://mycoolwebsite.com/") .ReplyAddress("http://mycoolwebsite.com/") .AllowGoogleIdentityProvider() .AllowYahooIdentityProvider() .AllowWindowsLiveIdentityProvider() .RemoveRelatedRuleGroups() .AddRuleGroup(rg => rg .Name(RuleGroupForMyCoolWebsiteRelyingParty) .AddRule( rule => rule .Description("Google Passthrough") .IfInputClaimIssuer().Is("Google") .AndInputClaimType().IsOfType(ClaimTypes.Email) .AndInputClaimValue().IsAny() .ThenOutputClaimType().ShouldBe(ClaimTypes.Name) .AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue()) .AddRule( rule => rule .Description("Yahoo! Passthrough") .IfInputClaimIssuer().Is("Yahoo!") .AndInputClaimType().IsAny() .AndInputClaimValue().IsAny() .ThenOutputClaimType().ShouldPassthroughFirstInputClaimType() .AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue()) .AddRule( rule => rule .Description("Windows Live ID rule") .IfInputClaimIssuer().Is("Windows Live ID") .AndInputClaimType().IsOfType(ClaimTypes.Email) .AndInputClaimValue().Is("*****@*****.**") .ThenOutputClaimType().ShouldBe(ClaimTypes.NameIdentifier) .AndOutputClaimValue().ShouldBe("John Doe")) .AddRule( rule => rule .Description("ACS rule") .IfInputClaimIssuer().IsAcs() .AndInputClaimType().IsAny() .AndInputClaimValue().IsAny() .ThenOutputClaimType().ShouldPassthroughFirstInputClaimType() .AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue()))); acsNamespace.SaveChanges(); Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, MyCoolWebsite)); Assert.IsTrue(AcsHelper.CheckRuleGroupExists(this.namespaceDesc, MyCoolWebsite, RuleGroupForMyCoolWebsiteRelyingParty)); Assert.IsTrue(AcsHelper.CheckRuleGroupHasRules(this.namespaceDesc, MyCoolWebsite, RuleGroupForMyCoolWebsiteRelyingParty, 4)); Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite, RuleGroupForMyCoolWebsiteRelyingParty, "Google Passthrough")); Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite, RuleGroupForMyCoolWebsiteRelyingParty, "Yahoo! Passthrough")); Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite, RuleGroupForMyCoolWebsiteRelyingParty, "Windows Live ID rule")); Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite, RuleGroupForMyCoolWebsiteRelyingParty, "ACS rule")); }