/// <summary>
/// Method to generate the credential file content
/// </summary>
/// <param name="managementCert">management cert</param>
/// <param name="acsDetails">ACS details</param>
/// <param name="channelIntegrityKey">Integrity key</param>
/// <param name="vault">vault object</param>
/// <param name="site">site object</param>
/// <returns>vault credential object</returns>
private ASRVaultCreds GenerateCredentialObject(
X509Certificate2 managementCert,
VaultCertificateResponse acsDetails,
string channelIntegrityKey,
ARSVault vault,
ASRSite site)
{
string serializedCertificate = Convert.ToBase64String(managementCert.Export(X509ContentType.Pfx));
AcsNamespace acsNamespace = new AcsNamespace(acsDetails.Properties as ResourceCertificateAndAcsDetails);
string resourceProviderNamespace = string.Empty;
string resourceType = string.Empty;
Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
ASRVaultCreds vaultCreds = new ASRVaultCreds(
vault.SubscriptionId,
vault.Name,
serializedCertificate,
acsNamespace,
channelIntegrityKey,
vault.ResourceGroupName,
site.ID,
site.Name,
resourceProviderNamespace,
resourceType,
vault.Location);
return(vaultCreds);
}
public void AddMyCoolWebsiteRelyingPartyWithSamlTokenDetails()
{
var encryptionCert = new X509Certificate(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer"));
var signingCertBytes = this.ReadBytesFromPfxFile(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx"));
var temp = new X509Certificate2(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx"), "xyz");
var startDate = temp.NotBefore.ToUniversalTime();
var endDate = temp.NotAfter.ToUniversalTime();
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace.AddRelyingParty(
rp => rp
.Name("MyCoolWebsite")
.RealmAddress("http://mycoolwebsite.com/")
.ReplyAddress("http://mycoolwebsite.com/")
.AllowGoogleIdentityProvider()
.AllowWindowsLiveIdentityProvider()
.SamlToken()
.TokenLifetime(120)
.SigningCertificate(sc => sc.Bytes(signingCertBytes).Password("xyz").StartDate(startDate).EndDate(endDate))
.EncryptionCertificate(encryptionCert.GetRawCertData()));
acsNamespace.SaveChanges();
Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite"));
Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite", 2));
}
public override void ExecuteCmdlet()
{
ExecutionBlock(() =>
{
base.ExecuteCmdlet();
if (!Directory.Exists(TargetLocation))
{
throw new ArgumentException(Resources.VaultCredPathException);
}
string subscriptionId = DefaultContext.Subscription.Id.ToString();
string resourceType = "BackupVault";
string displayName = subscriptionId + "_" + Vault.ResourceGroupName + "_" + Vault.Name;
WriteDebug(string.Format(CultureInfo.InvariantCulture,
Resources.ExecutingGetVaultCredCmdlet,
subscriptionId, Vault.ResourceGroupName, Vault.Name, TargetLocation));
X509Certificate2 cert = CertUtils.CreateSelfSignedCert(CertUtils.DefaultIssuer,
CertUtils.GenerateCertFriendlyName(subscriptionId, Vault.Name),
CertUtils.DefaultPassword,
DateTime.UtcNow.AddMinutes(-10),
DateTime.UtcNow.AddHours(this.GetCertificateExpiryInHours()));
AcsNamespace acsNamespace = new AcsNamespace();
string channelIntegrityKey = string.Empty;
try
{
// Upload cert into ID Mgmt
WriteDebug(string.Format(CultureInfo.InvariantCulture, Resources.UploadingCertToIdmgmt));
acsNamespace = UploadCert(cert, subscriptionId, Vault.Name, resourceType, Vault.ResourceGroupName);
WriteDebug(string.Format(CultureInfo.InvariantCulture, Resources.UploadedCertToIdmgmt));
}
catch (Exception exception)
{
throw exception;
}
// generate vault credentials
string vaultCredsFileContent = GenerateVaultCreds(cert, subscriptionId, resourceType, acsNamespace);
// NOTE: One of the scenarios for this cmdlet is to generate a file which will be an input to DPM servers.
// We found a bug in the DPM UI which is looking for a particular namespace in the input file.
// The below is a hack to circumvent this issue and this would be removed once the bug can be fixed.
vaultCredsFileContent = vaultCredsFileContent.Replace("Microsoft.Azure.Commands.AzureBackup.Models",
"Microsoft.Azure.Portal.RecoveryServices.Models.Common");
// prepare for download
string fileName = string.Format("{0}_{1}.VaultCredentials", displayName, DateTime.UtcNow.ToString("yyyy-dd-M--HH-mm-ss"));
string filePath = Path.Combine(TargetLocation, fileName);
WriteDebug(string.Format(Resources.SavingVaultCred, filePath));
File.WriteAllBytes(filePath, Encoding.UTF8.GetBytes(vaultCredsFileContent));
// Output filename back to user
WriteObject(fileName);
});
}
public void AddVandelayIndustriesServiceIdentityWithX509FromStore()
{
var acsNamespace = new AcsNamespace(namespaceDesc);
var name = "Vandelay Industries X509";
acsNamespace.AddServiceIdentityWithX509Certificate(
si => si
.Name(name).EncryptionCertificateIdentifiedBy(thumbprint: "66e0bc68570e30fba6207b1050ac72dc5b48cf47"));
acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));
Assert.IsTrue(AcsHelper.CheckServiceIdentityExists(this.namespaceDesc, name));
}
public void AddVandelayIndustriesServiceIdentity()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace.AddServiceIdentity(
si => si
.Name("Vandelay Industries")
.Password("Passw0rd!"));
acsNamespace.SaveChanges();
Assert.IsTrue(AcsHelper.CheckServiceIdentityExists(this.namespaceDesc, "Vandelay Industries"));
}
public void AddGoogleAndYahooIdentityProviders()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace
.AddGoogleIdentityProvider()
.AddYahooIdentityProvider();
acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));
Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Google"));
Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Yahoo!"));
}
public void AddVandelayIndustriesServiceIdentityWithX509FromFile()
{
var encryptionCert = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer");
var acsNamespace = new AcsNamespace(namespaceDesc);
var name = "Vandelay Industries X509";
acsNamespace.AddServiceIdentityWithX509Certificate(
si => si
.Name(name).EncryptionCertificate(encryptionCert));
acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));
Assert.IsTrue(AcsHelper.CheckServiceIdentityExists(this.namespaceDesc, name));
}
public void AddFacebookIdentityProvider()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace
.AddFacebookIdentityProvider(
ip => ip
.AppId(facebookAppId)
.AppSecret(facebookAppSecret)
);
acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));
Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Facebook"));
}
public void AddWsFederationIdentityProvider()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace
.AddWsFederationIdentityProvider(
ip => ip
.MetadataUri("https://login.windows.net/fluentacs.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml")
.DisplayName("My WS-Fed IP")
);
acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));
Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "My WS-Fed IP"));
}
/// <summary>
/// Method to generate the credential file content
/// </summary>
/// <param name="managementCert">management cert</param>
/// <param name="acsDetails">ACS details</param>
/// <param name="channelIntegrityKey">Integrity key</param>
/// <param name="vault">vault object</param>
/// <param name="site">site object</param>
/// <returns>vault credential object</returns>
private ASRVaultCreds GenerateCredentialObject(X509Certificate2 managementCert, UploadCertificateResponse acsDetails, string channelIntegrityKey, ASRVault vault)
{
string serializedCertifivate = Convert.ToBase64String(managementCert.Export(X509ContentType.Pfx));
AcsNamespace acsNamespace = new AcsNamespace(acsDetails);
ASRVaultCreds vaultCreds = new ASRVaultCreds(
vault.SubscriptionId,
vault.Name,
serializedCertifivate,
acsNamespace,
channelIntegrityKey,
vault.ResouceGroupName);
return(vaultCreds);
}
public void AddMyCoolWebsiteLinkedToExistingRuleGroup()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace.AddRelyingParty(
rp => rp
.Name("MyCoolWebsite")
.RealmAddress("http://mycoolwebsite.com/")
.ReplyAddress("http://mycoolwebsite.com/")
.AllowGoogleIdentityProvider()
.LinkToRuleGroup("Rule Group for MyCoolWebsite Relying Party"));
acsNamespace.SaveChanges();
Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite"));
}
public void AddMyCoolWebsiteRelyingPartyWithSamlTokenDetailsWithX509CertificateFromCertificateStore()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace.AddRelyingParty(
rp => rp
.Name("MyCoolWebsite with X509")
.RealmAddress("http://mycoolwebsitewithx509.com/")
.ReplyAddress("http://mycoolwebsitewithx509.com/")
.AllowGoogleIdentityProvider()
.EncryptionCertificateIdentifiedBy(thumbprint: "66e0bc68570e30fba6207b1050ac72dc5b48cf47"));
acsNamespace.SaveChanges();
Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite with X509"));
Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite with X509", 1));
}
public void AddFacebookIdentityProviderWithAdditionalPermissions()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace
.AddFacebookIdentityProvider(
ip => ip
.AppId(facebookAppId)
.AppSecret(facebookAppSecret)
.WithApplicationPermission(FacebookApplicationPermission.UserPhotos)
.WithApplicationPermission(FacebookApplicationPermission.PublishStream)
);
acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));
Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Facebook"));
}
public void AddMyCoolWebsiteRelyingPartyWithRuleGroup()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace.AddRelyingParty(
rp => rp
.Name("MyCoolWebsite")
.RealmAddress("http://mycoolwebsite.com/")
.ReplyAddress("http://mycoolwebsite.com/")
.AllowGoogleIdentityProvider()
.AllowWindowsLiveIdentityProvider()
.RemoveRelatedRuleGroups()
.AddRuleGroup(rg => rg.Name("Rule Group for MyCoolWebsite Relying Party")));
acsNamespace.SaveChanges();
Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite"));
Assert.IsTrue(AcsHelper.CheckRuleGroupExists(this.namespaceDesc, "MyCoolWebsite", "Rule Group for MyCoolWebsite Relying Party"));
}
public void AddMyCoolWebsiteRelyingPartyWithSamlTokenDetailsWithX509CertificateFromFile()
{
var encryptionCert = new X509Certificate(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer"));
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace.AddRelyingParty(
rp => rp
.Name("MyCoolWebsite with X509")
.RealmAddress("http://mycoolwebsitewithx509.com/")
.ReplyAddress("http://mycoolwebsitewithx509.com/")
.AllowGoogleIdentityProvider()
.EncryptionCertificate(encryptionCert));
acsNamespace.SaveChanges();
Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite with X509"));
Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite with X509", 1));
}
public void AddMyCoolWebsiteRelyingPartyWithSwtTokenDetails()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace.AddRelyingParty(
rp => rp
.Name("MyCoolWebsite")
.RealmAddress("http://mycoolwebsite.com/")
.ReplyAddress("http://mycoolwebsite.com/")
.AllowGoogleIdentityProvider()
.AllowWindowsLiveIdentityProvider()
.SwtToken()
.TokenLifetime(120)
.SymmetricKey(Convert.FromBase64String("yMryA5VQVmMwrtuiJBfyjMnAJwoT7//fCuM6NwaHjQ1=")));
acsNamespace.SaveChanges();
Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite"));
Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite", 1));
}
public static void Init(string fileName)
{
Contract.Requires(!string.IsNullOrWhiteSpace(fileName));
Contract.Requires(File.Exists(fileName));
var doc = XDocument.Load(fileName);
var root = doc.Element("settings");
AcsNamespace = root.Element("acsNamespace").Value;
TokenLifetime = (int)root.Element("tokenLifetime");
var keyLifetime = (int)root.Element("keyLifetime");
var servicePassword = root.Element("servicePassword").Value;
var signingPassword = root.Element("signingPassword").Value;
var namePrefix = root.Element("namePrefix").Value;
var authority = new Uri(root.Element("authority").Value);
Contract.Assert(AcsNamespace.IsAcsNamespace());
Contract.Assert(TokenLifetime >= 1);
Contract.Assert(keyLifetime >= 1);
Contract.Assert(!string.IsNullOrWhiteSpace(servicePassword));
Contract.Assert(!string.IsNullOrWhiteSpace(signingPassword));
Contract.Assert(!string.IsNullOrWhiteSpace(namePrefix));
Contract.Assert(authority.IsAbsoluteUri);
Contract.Assert(authority.AbsolutePath == "/");
Realm = new Uri(authority.AbsoluteUri + "Users/");
RelyingParty = namePrefix + " Relying Party";
RuleGroup = namePrefix + " Rule Group";
KeyStartDate = DateTime.UtcNow.Date;
KeyEndDate = KeyStartDate.AddMonths(keyLifetime);
ServiceIdentity = new Credentials(
namePrefix + " Service Identity", servicePassword);
TokenSigningKey = Encoding.UTF8.GetBytes(signingPassword);
}
/// <summary>
/// Generates vault creds file content for backup Vault
/// </summary>
/// <param name="cert">management certificate</param>
/// <param name="subscriptionId">subscription Id</param>
/// <param name="acsNamespace">acs namespace</param>
/// <returns>xml file in string format</returns>
private string GenerateVaultCredsForBackup(X509Certificate2 cert, string subscriptionId,
AcsNamespace acsNamespace)
{
using (var output = new MemoryStream())
{
using (var writer = XmlWriter.Create(output, GetXmlWriterSettings()))
{
BackupVaultCreds backupVaultCreds =
new BackupVaultCreds(subscriptionId,
this.Vault.Name,
CertUtils.SerializeCert(cert, X509ContentType.Pfx),
acsNamespace,
GetAgentLinks());
DataContractSerializer serializer = new DataContractSerializer(typeof(BackupVaultCreds));
serializer.WriteObject(writer, backupVaultCreds);
WriteDebug(string.Format(CultureInfo.InvariantCulture, Resources.BackupVaultSerialized));
}
return(Encoding.UTF8.GetString(output.ToArray()));
}
}
/// <summary>
/// Generates vault creds file
/// </summary>
/// <param name="cert">management certificate</param>
/// <param name="subscriptionId">subscription Id</param>
/// <param name="resourceType">resource type</param>
/// <param name="displayName">display name</param>
/// <param name="acsNamespace">acs namespace</param>
/// <returns>xml file in string format</returns>
private string GenerateVaultCreds(X509Certificate2 cert, string subscriptionId, string resourceType, AcsNamespace acsNamespace)
{
try
{
return(GenerateVaultCredsForBackup(cert, subscriptionId, resourceType, acsNamespace));
}
catch (Exception exception)
{
throw exception;
}
}
static void Main(string[] args)
{
var namespaceDesc = new AcsNamespaceDescription(
ConfigurationManager.AppSettings["acsNamespace"],
ConfigurationManager.AppSettings["acsUserName"],
ConfigurationManager.AppSettings["acsPassword"]);
var encryptionCert = new X509Certificate(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer"));
var signingCertBytes = ReadBytesFromPfxFile(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx"));
var temp = new X509Certificate2(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx"), "xyz");
var startDate = temp.NotBefore.ToUniversalTime();
var endDate = temp.NotAfter.ToUniversalTime();
var acsNamespace = new AcsNamespace(namespaceDesc);
acsNamespace
.AddGoogleIdentityProvider()
.AddYahooIdentityProvider()
.AddServiceIdentity(
si => si
.Name("Vandelay Industries")
.Password("Passw0rd!"))
.AddRelyingParty(
rp => rp
.Name("MyCoolWebsite")
.RealmAddress("http://mycoolwebsite.com/")
.ReplyAddress("http://mycoolwebsite.com/")
.AllowGoogleIdentityProvider()
.AllowWindowsLiveIdentityProvider()
.SamlToken()
.TokenLifetime(120)
.SigningCertificate(sc => sc.Bytes(signingCertBytes).Password("xyz").StartDate(startDate).EndDate(endDate))
.EncryptionCertificate(encryptionCert.GetRawCertData())
.RemoveRelatedRuleGroups()
.AddRuleGroup(rg => rg
.Name("Rule Group for MyCoolWebsite Relying Party")
.AddRule(
rule => rule
.Description("Google Passthrough")
.IfInputClaimIssuer().Is("Google")
.AndInputClaimType().IsOfType(ClaimTypes.Email)
.AndInputClaimValue().IsAny()
.ThenOutputClaimType().ShouldBe(ClaimTypes.Name)
.AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())
.AddRule(
rule => rule
.Description("Yahoo! Passthrough")
.IfInputClaimIssuer().Is("Yahoo!")
.AndInputClaimType().IsAny()
.AndInputClaimValue().IsAny()
.ThenOutputClaimType().ShouldPassthroughFirstInputClaimType()
.AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())
.AddRule(
rule => rule
.Description("Windows Live ID rule")
.IfInputClaimIssuer().Is("Windows Live ID")
.AndInputClaimType().IsOfType(ClaimTypes.Email)
.AndInputClaimValue().Is("*****@*****.**")
.ThenOutputClaimType().ShouldBe(ClaimTypes.NameIdentifier)
.AndOutputClaimValue().ShouldBe("John Doe"))
.AddRule(
rule => rule
.Description("ACS rule")
.IfInputClaimIssuer().IsAcs()
.AndInputClaimType().IsAny()
.AndInputClaimValue().IsAny()
.ThenOutputClaimType().ShouldPassthroughFirstInputClaimType()
.AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())));
acsNamespace.SaveChanges(logInfo => Console.WriteLine(logInfo.Message));
Console.ReadKey();
}
/// <summary>
/// Get vault credentials for backup vault type.
/// </summary>
public void GetAzureRMRecoveryServicesVaultBackupCredentials()
{
string targetLocation = string.IsNullOrEmpty(this.Path) ? Utilities.GetDefaultPath() : this.Path;
if (!Directory.Exists(targetLocation))
{
throw new ArgumentException(Resources.VaultCredPathException);
}
string subscriptionId = DefaultContext.Subscription.Id.ToString();
string displayName = this.Vault.Name;
WriteDebug(string.Format(CultureInfo.InvariantCulture,
Resources.ExecutingGetVaultCredCmdlet,
subscriptionId, this.Vault.ResourceGroupName, this.Vault.Name, targetLocation));
// Generate certificate
X509Certificate2 cert = CertUtils.CreateSelfSignedCertificate(
VaultCertificateExpiryInHoursForBackup, subscriptionId.ToString(), this.Vault.Name);
AcsNamespace acsNamespace = null;
string channelIntegrityKey = string.Empty;
try
{
// Upload cert into ID Mgmt
WriteDebug(string.Format(CultureInfo.InvariantCulture, Resources.UploadingCertToIdmgmt));
acsNamespace = UploadCert(cert);
WriteDebug(string.Format(CultureInfo.InvariantCulture, Resources.UploadedCertToIdmgmt));
}
catch (Exception exception)
{
throw exception;
}
// generate vault credentials
string vaultCredsFileContent = GenerateVaultCreds(cert, subscriptionId, acsNamespace);
// NOTE: One of the scenarios for this cmdlet is to generate a file which will be an input
// to DPM servers.
// We found a bug in the DPM UI which is looking for a particular namespace in the input file.
// The below is a hack to circumvent this issue and this would be removed once the bug can be fixed.
vaultCredsFileContent = vaultCredsFileContent.Replace("Microsoft.Azure.Commands.AzureBackup.Models",
"Microsoft.Azure.Portal.RecoveryServices.Models.Common");
// prepare for download
string fileName = string.Format("{0}_{1:ddd MMM dd yyyy}.VaultCredentials", displayName, DateTime.UtcNow);
string filePath = System.IO.Path.Combine(targetLocation, fileName);
WriteDebug(string.Format(Resources.SavingVaultCred, filePath));
File.WriteAllBytes(filePath, Encoding.UTF8.GetBytes(vaultCredsFileContent));
VaultSettingsFilePath output = new VaultSettingsFilePath()
{
FilePath = filePath,
};
// Output filename back to user
WriteObject(output);
}
public void AddMyCoolWebsiteRelyingPartyWithRuleGroupAndRules()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
const string MyCoolWebsite = "MyCoolWebsite";
const string RuleGroupForMyCoolWebsiteRelyingParty = "Rule Group for MyCoolWebsite Relying Party";
acsNamespace.AddRelyingParty(
rp => rp
.Name(MyCoolWebsite)
.RealmAddress("http://mycoolwebsite.com/")
.ReplyAddress("http://mycoolwebsite.com/")
.AllowGoogleIdentityProvider()
.AllowYahooIdentityProvider()
.AllowWindowsLiveIdentityProvider()
.RemoveRelatedRuleGroups()
.AddRuleGroup(rg => rg
.Name(RuleGroupForMyCoolWebsiteRelyingParty)
.AddRule(
rule => rule
.Description("Google Passthrough")
.IfInputClaimIssuer().Is("Google")
.AndInputClaimType().IsOfType(ClaimTypes.Email)
.AndInputClaimValue().IsAny()
.ThenOutputClaimType().ShouldBe(ClaimTypes.Name)
.AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())
.AddRule(
rule => rule
.Description("Yahoo! Passthrough")
.IfInputClaimIssuer().Is("Yahoo!")
.AndInputClaimType().IsAny()
.AndInputClaimValue().IsAny()
.ThenOutputClaimType().ShouldPassthroughFirstInputClaimType()
.AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())
.AddRule(
rule => rule
.Description("Windows Live ID rule")
.IfInputClaimIssuer().Is("Windows Live ID")
.AndInputClaimType().IsOfType(ClaimTypes.Email)
.AndInputClaimValue().Is("*****@*****.**")
.ThenOutputClaimType().ShouldBe(ClaimTypes.NameIdentifier)
.AndOutputClaimValue().ShouldBe("John Doe"))
.AddRule(
rule => rule
.Description("ACS rule")
.IfInputClaimIssuer().IsAcs()
.AndInputClaimType().IsAny()
.AndInputClaimValue().IsAny()
.ThenOutputClaimType().ShouldPassthroughFirstInputClaimType()
.AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())));
acsNamespace.SaveChanges();
Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, MyCoolWebsite));
Assert.IsTrue(AcsHelper.CheckRuleGroupExists(this.namespaceDesc, MyCoolWebsite, RuleGroupForMyCoolWebsiteRelyingParty));
Assert.IsTrue(AcsHelper.CheckRuleGroupHasRules(this.namespaceDesc, MyCoolWebsite, RuleGroupForMyCoolWebsiteRelyingParty, 4));
Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite,
RuleGroupForMyCoolWebsiteRelyingParty, "Google Passthrough"));
Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite,
RuleGroupForMyCoolWebsiteRelyingParty, "Yahoo! Passthrough"));
Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite,
RuleGroupForMyCoolWebsiteRelyingParty, "Windows Live ID rule"));
Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite,
RuleGroupForMyCoolWebsiteRelyingParty, "ACS rule"));
}
