public async Task CallWspService_ShortTokenLifeTime_RenegotiatesAccessToken() { var serverEndpoint = "https://digst.oioidws.rest.wsp:10002"; var tokensIssuedCount = 0; using (WebApp.Start(serverEndpoint, app => { app.SetLoggerFactory(new ConsoleLoggerFactory()); var tokenStore = new InMemorySecurityTokenStore(); var tokenStoreWrapper = new Mock <ISecurityTokenStore>(); tokenStoreWrapper .Setup(x => x.RetrieveTokenAsync(It.IsAny <string>())) .Returns((string accessToken) => tokenStore.RetrieveTokenAsync(accessToken)); tokenStoreWrapper .Setup(x => x.StoreTokenAsync(It.IsAny <string>(), It.IsAny <OioIdwsToken>())) .Returns((string accessToken, OioIdwsToken token) => { tokensIssuedCount++; return(tokenStore.StoreTokenAsync(accessToken, token)); }); var authorizationServerOptions = new OioIdwsAuthorizationServiceOptions { AccessTokenIssuerPath = new PathString("/accesstoken/issue"), IssuerAudiences = () => Task.FromResult(new[] { new IssuerAudiences("d9f10c97aa647727adb64a349bb037c5c23c9a7a", "test cert") .Audience(new Uri("https://wsp.oioidws-net.dk")), }), SecurityTokenStore = tokenStoreWrapper.Object, MaxClockSkew = TimeSpan.FromSeconds(10), //a little time skew is needed for trusting STS tokens }; app .UseOioIdwsAuthentication(new OioIdwsAuthenticationOptions()) .UseOioIdwsAuthorizationService(authorizationServerOptions) .Use(async(context, next) => { if (context.Request.User == null) { //we expect the service to REQUIRE authorization context.Response.StatusCode = 401; return; } var identity = (ClaimsIdentity)context.Request.User.Identity; await context.Response.WriteAsync(identity.Claims .Single(x => x.Type == "dk:gov:saml:attribute:CvrNumberIdentifier").Value); }); })) { var settings = new OioIdwsClientSettings { ClientCertificate = CertificateUtil.GetCertificate("0E6DBCC6EFAAFF72E3F3D824E536381B26DEECF5"), AudienceUri = new Uri("https://wsp.oioidws-net.dk"), AccessTokenIssuerEndpoint = new Uri(serverEndpoint + "/accesstoken/issue"), SecurityTokenService = new OioIdwsStsSettings { Certificate = CertificateUtil.GetCertificate("d9f10c97aa647727adb64a349bb037c5c23c9a7a"), EndpointAddress = new Uri("https://SecureTokenService.test-nemlog-in.dk/SecurityTokenService.svc"), TokenLifeTime = TimeSpan.FromMinutes(5) }, DesiredAccessTokenExpiry = TimeSpan.FromSeconds(5), //set a very low token expiry time }; var idwsClient = new OioIdwsClient(settings); { var handler = (OioIdwsRequestHandler)idwsClient.CreateMessageHandler(); var httpClient = new HttpClient(handler) { BaseAddress = new Uri(serverEndpoint) }; //first request, token should be valid var response = await httpClient.GetAsync("/myservice"); Assert.AreEqual(HttpStatusCode.OK, response.StatusCode); var str = await response.Content.ReadAsStringAsync(); Assert.AreEqual("34051178", str); } { var handler = (OioIdwsRequestHandler)idwsClient.CreateMessageHandler(); var httpClient = new HttpClient(handler) { BaseAddress = new Uri(serverEndpoint) }; Thread.Sleep(TimeSpan.FromSeconds(30)); //second request, time has passed, token should be renegotiated var response = await httpClient.GetAsync("/myservice"); Assert.AreEqual(HttpStatusCode.OK, response.StatusCode); var str = await response.Content.ReadAsStringAsync(); Assert.AreEqual("34051178", str); } Assert.AreEqual(2, tokensIssuedCount); } }
public async Task CallWspService_Authenticates_ReturnsUserInformation() { var asEndpoint = "https://digst.oioidws.rest.as:10001"; var wspEndpoint = "https://digst.oioidws.rest.wsp:10002"; var asServer = WebApp.Start(asEndpoint, app => { app.SetLoggerFactory(new ConsoleLoggerFactory()); app .UseOioIdwsAuthorizationService(new OioIdwsAuthorizationServiceOptions { AccessTokenIssuerPath = new PathString("/accesstoken/issue"), AccessTokenRetrievalPath = new PathString("/accesstoken"), IssuerAudiences = () => Task.FromResult(new[] { new IssuerAudiences("d9f10c97aa647727adb64a349bb037c5c23c9a7a", "test cert") .Audience(new Uri("https://wsp.oioidws-net.dk")), }), TrustedWspCertificateThumbprints = new[] { "1F0830937C74B0567D6B05C07B6155059D9B10C7" }, }); }); var wspServer = WebApp.Start(wspEndpoint, app => { app.SetLoggerFactory(new ConsoleLoggerFactory()); app .UseErrorPage() .UseOioIdwsAuthentication(new OioIdwsAuthenticationOptions { TokenProvider = new RestTokenProvider(new Uri(asEndpoint + "/accesstoken"), CertificateUtil.GetCertificate("1F0830937C74B0567D6B05C07B6155059D9B10C7")) }) .Use(async(context, next) => { var identity = (ClaimsIdentity)context.Request.User.Identity; await context.Response.WriteAsync( identity.Claims.Single(x => x.Type == "dk:gov:saml:attribute:CvrNumberIdentifier").Value); }); }); var settings = new OioIdwsClientSettings { ClientCertificate = CertificateUtil.GetCertificate("0E6DBCC6EFAAFF72E3F3D824E536381B26DEECF5"), AudienceUri = new Uri("https://wsp.oioidws-net.dk"), AccessTokenIssuerEndpoint = new Uri(asEndpoint + "/accesstoken/issue"), SecurityTokenService = new OioIdwsStsSettings { Certificate = CertificateUtil.GetCertificate("d9f10c97aa647727adb64a349bb037c5c23c9a7a"), EndpointAddress = new Uri("https://SecureTokenService.test-nemlog-in.dk/SecurityTokenService.svc"), TokenLifeTime = TimeSpan.FromMinutes(5) }, UseTokenCache = false }; var idwsClient = new OioIdwsClient(settings); var httpClient = new HttpClient(idwsClient.CreateMessageHandler()) { BaseAddress = new Uri(wspEndpoint) }; var response = await httpClient.GetAsync("/myservice"); Assert.AreEqual(HttpStatusCode.OK, response.StatusCode); var str = await response.Content.ReadAsStringAsync(); Assert.AreEqual("34051178", str); wspServer.Dispose(); asServer.Dispose(); }