public void SecurityTokenHandlerCollectionExtensions_Publics() { SecurityTokenHandlerCollection securityTokenValidators = new SecurityTokenHandlerCollection(); string defaultSamlToken = IdentityUtilities.CreateSamlToken(); string defaultSaml2Token = IdentityUtilities.CreateSaml2Token(); string defaultJwt = IdentityUtilities.DefaultAsymmetricJwt; ExpectedException expectedException = ExpectedException.ArgumentNullException("Parameter name: securityToken"); ValidateToken(null, null, securityTokenValidators, expectedException); expectedException = ExpectedException.ArgumentNullException("Parameter name: validationParameters"); ValidateToken(defaultSamlToken, null, securityTokenValidators, expectedException); TokenValidationParameters tokenValidationParameters = new TokenValidationParameters(); expectedException = ExpectedException.SecurityTokenValidationException("IDX10201"); ValidateToken(defaultSamlToken, tokenValidationParameters, securityTokenValidators, expectedException); securityTokenValidators = SecurityTokenHandlerCollectionExtensions.GetDefaultHandlers(); expectedException = ExpectedException.SignatureVerificationFailedException(substringExpected: "ID4037:"); ValidateToken(defaultSamlToken, tokenValidationParameters, securityTokenValidators, expectedException); securityTokenValidators.Clear(); securityTokenValidators.Add(new IMSamlTokenHandler()); ValidateToken(defaultSamlToken, tokenValidationParameters, securityTokenValidators, ExpectedException.SignatureVerificationFailedException(substringExpected: "ID4037:")); ValidateToken(defaultSamlToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, securityTokenValidators, ExpectedException.NoExceptionExpected); ValidateToken(defaultSaml2Token, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, securityTokenValidators, ExpectedException.SecurityTokenValidationException(substringExpected: "IDX10201:")); securityTokenValidators.Add(new IMSaml2TokenHandler()); securityTokenValidators.Add(new System.IdentityModel.Tokens.JwtSecurityTokenHandler()); ValidateToken(defaultSaml2Token, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, securityTokenValidators, ExpectedException.NoExceptionExpected); ValidateToken(defaultJwt, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, securityTokenValidators, ExpectedException.NoExceptionExpected); }
public WsFederationAuthenticationOptions(string authenticationType) : base(authenticationType) { AuthenticationMode = Security.AuthenticationMode.Active; Caption = WsFederationAuthenticationDefaults.Caption; _securityTokenHandlers = SecurityTokenHandlerCollectionExtensions.GetDefaultHandlers(authenticationType); _tokenValidationParameters = new TokenValidationParameters(); BackchannelTimeout = TimeSpan.FromMinutes(1); }
public WsFederationAuthenticationMiddleware(OwinMiddleware next, IAppBuilder app, WsFederationAuthenticationOptions options) : base(next, options) { _logger = app.CreateLogger <WsFederationAuthenticationMiddleware>(); if (string.IsNullOrWhiteSpace(Options.TokenValidationParameters.AuthenticationType)) { Options.TokenValidationParameters.AuthenticationType = app.GetDefaultSignInAsAuthenticationType(); } if (Options.StateDataFormat == null) { var dataProtector = app.CreateDataProtector( typeof(WsFederationAuthenticationMiddleware).FullName, Options.AuthenticationType, "v1"); Options.StateDataFormat = new PropertiesDataFormat(dataProtector); } if (Options.SecurityTokenHandlers == null) { Options.SecurityTokenHandlers = SecurityTokenHandlerCollectionExtensions.GetDefaultHandlers(); } if (Options.Notifications == null) { Options.Notifications = new WsFederationAuthenticationNotifications(); } Uri wreply; if (!Options.CallbackPath.HasValue && !string.IsNullOrEmpty(Options.Wreply) && Uri.TryCreate(Options.Wreply, UriKind.Absolute, out wreply)) { // Wreply must be a very specific, case sensitive value, so we can't generate it. Instead we generate CallbackPath from it. Options.CallbackPath = PathString.FromUriComponent(wreply); } if (Options.ConfigurationManager == null) { if (Options.Configuration != null) { Options.ConfigurationManager = new StaticConfigurationManager <WsFederationConfiguration>(Options.Configuration); } else { HttpClient httpClient = new HttpClient(ResolveHttpMessageHandler(Options)); httpClient.Timeout = Options.BackchannelTimeout; httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB Options.ConfigurationManager = new ConfigurationManager <WsFederationConfiguration>(Options.MetadataAddress, httpClient); } } }
public void SecurityTokenHandlerCollectionExtensions_Defaults() { SecurityTokenHandlerCollection securityTokenValidators = SecurityTokenHandlerCollectionExtensions.GetDefaultHandlers(); foreach (var tokenHandler in securityTokenValidators) { ISecurityTokenValidator tokenValidator = tokenHandler as ISecurityTokenValidator; Assert.IsNotNull(tokenValidator, "tokenHandler is not ISecurityTokenHandler, is" + tokenHandler.GetType().ToString()); } securityTokenValidators = SecurityTokenHandlerCollectionExtensions.GetDefaultHandlers(); foreach (var tokenHandler in securityTokenValidators) { ISecurityTokenValidator tokenValidator = tokenHandler as ISecurityTokenValidator; Assert.IsNotNull(tokenValidator, "tokenHandler is not ISecurityTokenHandler, is" + tokenHandler.GetType().ToString()); } }
public static Func <string, ClaimsPrincipal> CreateOwinWsFederationTokenValidator(this IAppBuilder app, string wtrealm, string metadataAddress) { // Need to supply an HttpClient instance, otherwise fails with "Digest verification failed for Reference '#_<guid>'. sometimes??? using (var httpClient = new HttpClient()) { var configurationManager = new ConfigurationManager <WsFederationConfiguration>(metadataAddress, httpClient); var wsFederationConfiguration = configurationManager.GetConfigurationAsync().Result; var tokenValidationParameters = new TokenValidationParameters { NameClaimType = ClaimTypes.NameIdentifier, IssuerSigningKeys = wsFederationConfiguration.SigningKeys, ValidIssuer = wsFederationConfiguration.Issuer, ValidAudience = wtrealm }; Func <string, ClaimsPrincipal> tokenValidator = tokenString => { SecurityToken securityToken; var handlers = SecurityTokenHandlerCollectionExtensions.GetDefaultHandlers(); var principal = handlers.ValidateToken(tokenString, tokenValidationParameters, out securityToken); return(principal); }; return(tokenValidator); } }
public WsFederationAuthenticationMiddleware(RequestDelegate next, IOptions <WsFederationAuthenticationOptions> options, IOptions <SharedAuthenticationOptions> sharedOptions, ILoggerFactory loggerFactory, IDataProtectionProvider dataProtectionProvider, UrlEncoder encoder) : base(next, options, loggerFactory, encoder) { if (string.IsNullOrEmpty(Options.SignInScheme)) { Options.SignInScheme = sharedOptions.Value.SignInScheme; } if (string.IsNullOrEmpty(Options.SignInScheme)) { throw new ArgumentException("Options.SignInScheme is required."); } if (string.IsNullOrWhiteSpace(Options.TokenValidationParameters.AuthenticationType)) { Options.TokenValidationParameters.AuthenticationType = Options.SignInScheme; } if (Options.StateDataFormat == null) { var dataProtector = dataProtectionProvider.CreateProtector( typeof(WsFederationAuthenticationMiddleware).FullName, typeof(string).FullName, Options.AuthenticationScheme, "v1" ); Options.StateDataFormat = new PropertiesDataFormat(dataProtector); } if (Options.SecurityTokenHandlers == null) { Options.SecurityTokenHandlers = SecurityTokenHandlerCollectionExtensions.GetDefaultHandlers(); } if (Options.Events == null) { Options.Events = new WsFederationEvents(); } Uri wreply; if (!Options.CallbackPath.HasValue && !string.IsNullOrEmpty(Options.Wreply) && Uri.TryCreate(Options.Wreply, UriKind.Absolute, out wreply)) { Options.CallbackPath = PathString.FromUriComponent(wreply); } if (Options.ConfigurationManager == null) { if (Options.Configuration != null) { Options.ConfigurationManager = new StaticConfigurationManager <WsFederationConfiguration>(Options.Configuration); } else { var httpClient = new HttpClient(ResolveHttpMessageHandler(Options)) { Timeout = Options.BackchannelTimeout, MaxResponseContentBufferSize = 1024 * 1024 * 10 }; // 10 MB Options.ConfigurationManager = new ConfigurationManager <WsFederationConfiguration>(Options.MetadataAddress, httpClient); } } }
public OpenIdConnectAuthenticationMiddleware(OwinMiddleware next, IAppBuilder app, OpenIdConnectAuthenticationOptions options) : base(next, options) { _logger = app.CreateLogger <OpenIdConnectAuthenticationMiddleware>(); if (string.IsNullOrWhiteSpace(Options.TokenValidationParameters.AuthenticationType)) { Options.TokenValidationParameters.AuthenticationType = app.GetDefaultSignInAsAuthenticationType(); } if (Options.StateDataFormat == null) { var dataProtector = app.CreateDataProtector( typeof(OpenIdConnectAuthenticationMiddleware).FullName, Options.AuthenticationType, "v1"); Options.StateDataFormat = new PropertiesDataFormat(dataProtector); } if (Options.SecurityTokenHandlers == null) { Options.SecurityTokenHandlers = SecurityTokenHandlerCollectionExtensions.GetDefaultHandlers(); } // if the user has not set the AuthorizeCallback, set it from the redirect_uri if (!Options.CallbackPath.HasValue) { Uri redirectUri; if (!string.IsNullOrEmpty(Options.RedirectUri) && Uri.TryCreate(Options.RedirectUri, UriKind.Absolute, out redirectUri)) { // Redirect_Uri must be a very specific, case sensitive value, so we can't generate it. Instead we generate AuthorizeCallback from it. Options.CallbackPath = PathString.FromUriComponent(redirectUri); } } if (Options.Notifications == null) { Options.Notifications = new OpenIdConnectAuthenticationNotifications(); } if (string.IsNullOrWhiteSpace(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrWhiteSpace(Options.ClientId)) { Options.TokenValidationParameters.ValidAudience = Options.ClientId; } if (Options.ConfigurationManager == null) { if (Options.Configuration != null) { Options.ConfigurationManager = new StaticConfigurationManager <OpenIdConnectConfiguration>(Options.Configuration); } else { if (string.IsNullOrWhiteSpace(Options.MetadataAddress) && !string.IsNullOrWhiteSpace(Options.Authority)) { Options.MetadataAddress = Options.Authority; if (!Options.MetadataAddress.EndsWith("/", StringComparison.Ordinal)) { Options.MetadataAddress += "/"; } Options.MetadataAddress += ".well-known/openid-configuration"; } HttpClient httpClient = new HttpClient(ResolveHttpMessageHandler(Options)); httpClient.Timeout = Options.BackchannelTimeout; httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB Options.ConfigurationManager = new ConfigurationManager <OpenIdConnectConfiguration>(Options.MetadataAddress, httpClient); } } }