예제 #1
0
        public void LogIn(OpenIdConnectAuthenticationOptions openIdConnectOptions)
        {
            if (Context.User == null || !Context.User.Identity.IsAuthenticated)
            {
                // Generate the nonce and give the user a claim for it
                // BROKEN: Can't get StringDataFormat.Protect()
                //string nonce = openIdConnectOptions.ProtocolValidator.GenerateNonce();
                //Context.User.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("nonce", nonce) }, OpenIdConnectAuthenticationDefaults.AuthenticationScheme));
                //string protectedNonce = openIdConnectOptions.StringDataFormat.Protect(nonce);
                //Response.Cookies.Append(".AspNet.OpenIdConnect.Nonce." + protectedNonce, "N", new CookieOptions { HttpOnly = true, Secure = Request.IsHttps });

                Context.Response.Redirect(
                    $"https://login.microsoftonline.com/{Startup.Tenant}/oauth2/v2.0/authorize" +
                    $"?p={Startup.SignInPolicyId}" +
                    $"&client_id={Startup.ClientId}" +
                    "&response_type=id_token" +
                    "&scope=openid" +
                    "&response_mode=form_post" +
                    $"&redirect_uri={Startup.RedirectUrl}"
                    // + "&nonce=" + nonce
                );
            }
            else
            {
                Context.Response.Redirect("/");
            }
        }
예제 #2
0
 public void Signup(OpenIdConnectAuthenticationOptions openIdConnectOptions)
 {
     if (!Context.User.Identity.IsAuthenticated)
     {
         Context.Response.Redirect(
             $"https://login.microsoftonline.com/{Startup.Tenant}/oauth2/v2.0/authorize" +
             $"&client_id={Startup.SignUpPolicyId}" +
             $"&client_id={Startup.ClientId}" +
             "&response_type=id_token" +
             "&scope=openid" +
             "&response_mode=form_post" +
             $"&redirect_uri={Startup.RedirectUrl}"
         );
     }
     else
     {
         Context.Response.Redirect("/");
     }
 }
 private static void StateInvalidOptions(OpenIdConnectAuthenticationOptions options)
 {
     DefaultOptions(options);
 }
 private static void SecurityTokenValidatedSkippedOptions(OpenIdConnectAuthenticationOptions options)
 {
     SecurityTokenValidatorValidatesAllTokens(options);
     options.Notifications =
         new OpenIdConnectAuthenticationNotifications
         {
             SecurityTokenValidated = (notification) =>
             {
                 notification.SkipToNextMiddleware();
                 return Task.FromResult<object>(null);
             }
         };
 }
 private static void SecurityTokenValidatorValidatesAllTokens(OpenIdConnectAuthenticationOptions options)
 {
     DefaultOptions(options);
     options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
     options.ProtocolValidator.RequireTimeStampInNonce = false;
     options.ProtocolValidator.RequireNonce = false;
 }
 private static void SecurityTokenValidatorThrows(OpenIdConnectAuthenticationOptions options)
 {
     AuthenticationErrorHandledOptions(options);
     var mockValidator = new Mock<ISecurityTokenValidator>();
     SecurityToken jwt = null;
     mockValidator.Setup(v => v.ValidateToken(It.IsAny<string>(), It.IsAny<TokenValidationParameters>(), out jwt)).Throws<SecurityTokenSignatureKeyNotFoundException>();
     mockValidator.Setup(v => v.CanReadToken(It.IsAny<string>())).Returns(true);
     options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { mockValidator.Object };
 }
 private static void SecurityTokenValidatorCannotReadToken(OpenIdConnectAuthenticationOptions options)
 {
     AuthenticationErrorHandledOptions(options);
     var mockValidator = new Mock<ISecurityTokenValidator>();
     SecurityToken jwt = null;
     mockValidator.Setup(v => v.ValidateToken(It.IsAny<string>(), It.IsAny<TokenValidationParameters>(), out jwt)).Returns(new ClaimsPrincipal());
     mockValidator.Setup(v => v.CanReadToken(It.IsAny<string>())).Returns(false);
     options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { mockValidator.Object };
 }
        private void SetOptions(OpenIdConnectAuthenticationOptions options, List<string> parameters, ExpectedQueryValues queryValues, ISecureDataFormat<AuthenticationProperties> secureDataFormat = null)
        {
            foreach (var param in parameters)
            {
                if (param.Equals(OpenIdConnectParameterNames.ClientId))
                    options.ClientId = queryValues.ClientId;
                else if (param.Equals(OpenIdConnectParameterNames.RedirectUri))
                    options.RedirectUri = queryValues.RedirectUri;
                else if (param.Equals(OpenIdConnectParameterNames.Resource))
                    options.Resource = queryValues.Resource;
                else if (param.Equals(OpenIdConnectParameterNames.Scope))
                    options.Scope = queryValues.Scope;
            }

            options.Authority = queryValues.Authority;
            options.Configuration = queryValues.Configuration;
            options.StateDataFormat = secureDataFormat ?? new AuthenticationPropertiesFormaterKeyValue();
        }
 private static void MessageReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options)
 {
     DefaultOptions(options);
     options.Notifications =
         new OpenIdConnectAuthenticationNotifications
         {
             MessageReceived = (notification) =>
             {
                 notification.SkipToNextMiddleware();
                 return Task.FromResult<object>(null);
             }
         };
 }
 private static void GetUserInfoFromUIEndpoint(OpenIdConnectAuthenticationOptions options)
 {
     DefaultOptions(options);
     options.ResponseType = OpenIdConnectResponseTypes.Code;
     options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
     options.GetClaimsFromUserInfoEndpoint = true;
     options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
     options.Notifications =
         new OpenIdConnectAuthenticationNotifications
         {
             SecurityTokenValidated = (notification) =>
             {
                 var claimValue = notification.AuthenticationTicket.Principal.FindFirst("test claim");
                 Assert.Equal(claimValue.Value, "test value");
                 notification.HandleResponse();
                 return Task.FromResult<object>(null);
             }
         };
 }
 private static void CodeReceivedAndRedeemedSkippedOptions(OpenIdConnectAuthenticationOptions options)
 {
     DefaultOptions(options);
     options.ResponseType = OpenIdConnectResponseTypes.Code;
     options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
     options.Notifications =
         new OpenIdConnectAuthenticationNotifications
         {
             AuthorizationCodeRedeemed = (notification) =>
             {
                 notification.SkipToNextMiddleware();
                 return Task.FromResult<object>(null);
             }
         };
 }
 private static void AuthenticationErrorSkippedOptions(OpenIdConnectAuthenticationOptions options)
 {
     DefaultOptions(options);
     options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
     options.ProtocolValidator = MockProtocolValidator();
     options.Notifications =
         new OpenIdConnectAuthenticationNotifications
         {
             AuthenticationFailed = (notification) =>
             {
                 notification.SkipToNextMiddleware();
                 return Task.FromResult<object>(null);
             }
         };
 }
 private static void AuthorizationCodeReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
 {
     DefaultOptions(options);
     options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
     options.ProtocolValidator = MockProtocolValidator();
     options.Notifications =
         new OpenIdConnectAuthenticationNotifications
         {
             AuthorizationCodeReceived = (notification) =>
             {
                 notification.HandleResponse();
                 return Task.FromResult<object>(null);
             }
         };
 }
예제 #14
0
        private void ConfigureOpenIdConnectAuthentication(OpenIdConnectAuthenticationOptions options)
        {
            // from original template
            options.AutomaticAuthentication = true;
            options.ClientId = Configuration["Authentication:AzureAd:ClientId"];
            options.Authority = Configuration["Authentication:AzureAd:AADInstance"] + Configuration["Authentication:AzureAd:Tenant"];
            options.PostLogoutRedirectUri = Configuration["Authentication:AzureAd:PostLogoutRedirectUri"];
            options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.RedirectUri = Configuration["Authentication:AzureAd:PostLogoutRedirectUri"];
            options.Scope = "openid";
            options.ResponseType = "id_token";
            //options.ConfigurationManager = new PolicyConfigurationManager(options.Authority + "/v2.0/.well-known/openid-configuration",
            //    new string[] { "B2C_1_SiUp", "b2c_1_siin", "B2C_1_SiPe" });

            var configurationManager = new PolicyConfigurationManager();
            configurationManager.AddPolicy("common", "https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration");
            configurationManager.AddPolicy("b2c_1_siup", string.Format(CultureInfo.InvariantCulture, "{0}{1}?p={2}",
                options.Authority, "/v2.0/.well-known/openid-configuration", "b2c_1_siup"));
            configurationManager.AddPolicy("b2c_1_siin", string.Format(CultureInfo.InvariantCulture, "{0}{1}?p={2}",
                options.Authority, "/v2.0/.well-known/openid-configuration", "b2c_1_siin"));
            configurationManager.AddPolicy("b2c_1_sipe", string.Format(CultureInfo.InvariantCulture, "{0}{1}?p={2}",
                options.Authority, "/v2.0/.well-known/openid-configuration", "b2c_1_sipe"));
            options.ConfigurationManager = configurationManager;

            options.TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters()
            {
                //NameClaimType = "name"
                ValidateIssuer = false
            };
            options.Notifications = CreateOpenIdConnectAuthenticationNotifications();
        }
        // Setup a notification to check for expected state.
        // The state gets set by the runtime after the 'MessageReceivedNotification'
        private static void SetStateOptions(OpenIdConnectAuthenticationOptions options)
        {
            options.AuthenticationScheme = "OpenIdConnectHandlerTest";
            options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager;
            options.ClientId = Guid.NewGuid().ToString();
            options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
            options.Notifications = new OpenIdConnectAuthenticationNotifications
            {
                AuthorizationCodeRedeemed = notification =>
                {
                    notification.HandleResponse();
                    if (notification.ProtocolMessage.State == null && !notification.ProtocolMessage.Parameters.ContainsKey(ExpectedStateParameter))
                        return Task.FromResult<object>(null);

                    if (notification.ProtocolMessage.State == null || !notification.ProtocolMessage.Parameters.ContainsKey(ExpectedStateParameter))
                        Assert.True(false, "(notification.ProtocolMessage.State=!= null || !notification.ProtocolMessage.Parameters.ContainsKey(expectedState)");

                    Assert.Equal(notification.ProtocolMessage.State, notification.ProtocolMessage.Parameters[ExpectedStateParameter]);
                    return Task.FromResult<object>(null);
                }
            };
        }
 private static void SetProtocolMessageOptions(OpenIdConnectAuthenticationOptions options)
 {
     var mockOpenIdConnectMessage = new Mock<OpenIdConnectMessage>();
     mockOpenIdConnectMessage.Setup(m => m.CreateAuthenticationRequestUrl()).Returns(ExpectedAuthorizeRequest);
     mockOpenIdConnectMessage.Setup(m => m.CreateLogoutRequestUrl()).Returns(ExpectedLogoutRequest);
     options.AutomaticAuthentication = true;
     options.Notifications =
         new OpenIdConnectAuthenticationNotifications
         {
             RedirectToIdentityProvider = (notification) =>
             {
                 notification.ProtocolMessage = mockOpenIdConnectMessage.Object;
                 return Task.FromResult<object>(null);
             }
         };
 }
 private static void MessageWithErrorOptions(OpenIdConnectAuthenticationOptions options)
 {
     AuthenticationErrorHandledOptions(options);
 }
 private static void DefaultChallengeOptions(OpenIdConnectAuthenticationOptions options)
 {
     options.AuthenticationScheme = "OpenIdConnectHandlerTest";
     options.AutomaticAuthentication = true;
     options.ClientId = Guid.NewGuid().ToString();
     options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager;
     options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
 }
 private static void SecurityTokenReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
 {
     DefaultOptions(options);
     options.Notifications =
         new OpenIdConnectAuthenticationNotifications
         {
             SecurityTokenReceived = (notification) =>
             {
                 notification.HandleResponse();
                 return Task.FromResult<object>(null);
             }
         };
 }