/// <summary> /// Creates a new context object. /// </summary> /// <param name="context">The HTTP request context.</param> /// <param name="options">The Twitter middleware options.</param> /// <param name="properties">The authentication properties of the challenge.</param> /// <param name="redirectUri">The initial redirect URI.</param> public TwitterRedirectToAuthorizationEndpointContext(HttpContext context, TwitterOptions options, AuthenticationProperties properties, string redirectUri) : base(context, options) { RedirectUri = redirectUri; Properties = properties; }
public async Task ExecuteResultAsync_InvokesForbiddenAsyncOnAllConfiguredSchemes() { // Arrange var authProperties = new AuthenticationProperties(); var authenticationManager = new Mock<AuthenticationManager>(); authenticationManager .Setup(c => c.ForbidAsync("Scheme1", authProperties)) .Returns(TaskCache.CompletedTask) .Verifiable(); authenticationManager .Setup(c => c.ForbidAsync("Scheme2", authProperties)) .Returns(TaskCache.CompletedTask) .Verifiable(); var httpContext = new Mock<HttpContext>(); httpContext.Setup(c => c.RequestServices).Returns(CreateServices()); httpContext.Setup(c => c.Authentication).Returns(authenticationManager.Object); var result = new ForbidResult(new[] { "Scheme1", "Scheme2" }, authProperties); var routeData = new RouteData(); var actionContext = new ActionContext( httpContext.Object, routeData, new ActionDescriptor()); // Act await result.ExecuteResultAsync(actionContext); // Assert authenticationManager.Verify(); }
public async Task<IActionResult> Auth(string token) { var access = _userService.Auth(token); if (access.Type == AuthType.Invalid || access.Type == AuthType.NotFound) { return View("NoAccess", access); } var claims = new List<Claim> { new Claim(ClaimTypes.Name, access.Email), new Claim(ClaimTypes.Email, access.Email) }; var authProperties = new AuthenticationProperties { IssuedUtc = DateTimeOffset.UtcNow }; if (access.Type == AuthType.Cookie) { authProperties.ExpiresUtc = GetAccessExpireTime(access.ValidUntil); authProperties.IsPersistent = true; } var identity = new ClaimsIdentity(claims, "custom"); await HttpContext.Authentication.SignInAsync(Constants.Auth.AuthenticationScheme, new ClaimsPrincipal(identity), authProperties); return RedirectToAction(nameof(Watchlist)); }
/// <summary> /// Creates a new context object. /// </summary> /// <param name="context">The HTTP request context.</param> /// <param name="properties">The authentication properties of the challenge.</param> /// <param name="redirectUri">The initial redirect URI.</param> public OAuthRedirectToAuthorizationContext(HttpContext context, OAuthOptions options, AuthenticationProperties properties, string redirectUri) : base(context) { RedirectUri = redirectUri; Properties = properties; Options = options; }
public IActionResult External(string provider) { var props = new AuthenticationProperties { RedirectUri = "/account/externalCallback" }; return new ChallengeResult(provider, props); }
public IActionResult Google() { var props = new AuthenticationProperties { RedirectUri = "/account/callback" }; return new ChallengeResult("Google", props); }
public IActionResult External(string provider) { var props = new AuthenticationProperties { RedirectUri = "/home/secure" }; return new ChallengeResult(provider, props); }
// Leave it up to authentication handler to do the right thing for the challenge public virtual Task ChallengeAsync(string authenticationScheme, AuthenticationProperties properties) { if (string.IsNullOrEmpty(authenticationScheme)) { throw new ArgumentException(nameof(authenticationScheme)); } return ChallengeAsync(authenticationScheme, properties, ChallengeBehavior.Automatic); }
public IActionResult Google() { var props = new AuthenticationProperties { RedirectUri = "/home/secure" }; return new ChallengeResult("Google", props); }
/// <summary> /// Initializes a new instance of the <see cref="AuthenticationTicket"/> class /// </summary> /// <param name="principal">the <see cref="ClaimsPrincipal"/> that represents the authenticated user.</param> /// <param name="properties">additional properties that can be consumed by the user or runtime.</param> /// <param name="authenticationScheme">the authentication middleware that was responsible for this ticket.</param> public AuthenticationTicket(ClaimsPrincipal principal, AuthenticationProperties properties, string authenticationScheme) { if (principal == null) { throw new ArgumentNullException(nameof(principal)); } AuthenticationScheme = authenticationScheme; Principal = principal; Properties = properties ?? new AuthenticationProperties(); }
public IActionResult ExternalLogin(string provider, string returnUrl = null) { // Request a redirect to the external login provider. var redirectUrl = Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl }); var props = new AuthenticationProperties { RedirectUri = redirectUrl }; return new ChallengeResult(provider, props); }
/// <summary> /// Initializes a new instance of the <see cref="AuthenticationResponseGrant"/> class. /// </summary> /// <param name="principal"></param> /// <param name="properties"></param> public AuthenticationResponseGrant(ClaimsPrincipal principal, AuthenticationProperties properties) { if (principal == null) { throw new ArgumentNullException("principal"); } Principal = principal; Identity = principal.Identities.FirstOrDefault(); Properties = properties; }
/// <summary> /// Creates a new instance of the context object. /// </summary> /// <param name="context">The HTTP request context</param> /// <param name="options">The middleware options</param> /// <param name="authenticationScheme">Initializes AuthenticationScheme property</param> /// <param name="principal">Initializes Principal property</param> /// <param name="properties">Initializes Properties property</param> public CookieSignedInContext( HttpContext context, CookieAuthenticationOptions options, string authenticationScheme, ClaimsPrincipal principal, AuthenticationProperties properties) : base(context, options) { AuthenticationScheme = authenticationScheme; Principal = principal; Properties = properties; }
public IActionResult Get(string provider) { var queryStrings = Context.Request.Query; var props = new AuthenticationProperties { RedirectUri = string.Format("/api/linkedaccount/callback?provider={0}&response_type{1}&client_id={2}&redirect_uri={3}", queryStrings.Get("provider"), queryStrings.Get("response_type"), queryStrings.Get("client_id"), queryStrings.Get("redirect_uri")) }; return new ChallengeResult(provider, props); }
public void CanRoundTripBootstrapContext() { var serializer = new TicketSerializer(); var properties = new AuthenticationProperties(); var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello"); ticket.Principal.AddIdentity(new ClaimsIdentity("misc") { BootstrapContext = "bootstrap" }); using (var stream = new MemoryStream()) using (var writer = new BinaryWriter(stream)) using (var reader = new BinaryReader(stream)) { serializer.Write(writer, ticket); stream.Position = 0; var readTicket = serializer.Read(reader); Assert.Equal(1, readTicket.Principal.Identities.Count()); Assert.Equal("misc", readTicket.Principal.Identity.AuthenticationType); Assert.Equal("bootstrap", readTicket.Principal.Identities.First().BootstrapContext); } }
public override async Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsNotification notification) { string roleType; if (!UserAuthenticatedSimple(notification, out roleType)) return; //authenticate var identity = new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, notification.UserName)); identity.AddClaim(new Claim(ClaimTypes.Role, roleType)); // create metadata to pass on to refresh token provider var props = new AuthenticationProperties(new Dictionary<string, string> { { "as:client_id", notification.ClientId }, {"userName", notification.UserName } }); var principal = new ClaimsPrincipal(identity); var ticket = new AuthenticationTicket(principal, props, OpenIdConnectDefaults.AuthenticationScheme); notification.Validated(ticket); }
public async Task OnValidatePrincipalTestSuccess(bool isPersistent) { var user = new TestUser("test"); var userManager = MockHelpers.MockUserManager<TestUser>(); var claimsManager = new Mock<IUserClaimsPrincipalFactory<TestUser>>(); var identityOptions = new IdentityOptions { SecurityStampValidationInterval = TimeSpan.Zero }; var options = new Mock<IOptions<IdentityOptions>>(); options.Setup(a => a.Value).Returns(identityOptions); var httpContext = new Mock<HttpContext>(); var contextAccessor = new Mock<IHttpContextAccessor>(); contextAccessor.Setup(a => a.HttpContext).Returns(httpContext.Object); var id = new ClaimsIdentity(identityOptions.Cookies.ApplicationCookieAuthenticationScheme); id.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id)); var principal = new ClaimsPrincipal(id); var properties = new AuthenticationProperties { IssuedUtc = DateTimeOffset.UtcNow, IsPersistent = isPersistent }; var signInManager = new Mock<SignInManager<TestUser>>(userManager.Object, contextAccessor.Object, claimsManager.Object, options.Object, null); signInManager.Setup(s => s.ValidateSecurityStampAsync(It.IsAny<ClaimsPrincipal>(), user.Id)).ReturnsAsync(user).Verifiable(); signInManager.Setup(s => s.CreateUserPrincipalAsync(user)).ReturnsAsync(principal).Verifiable(); var services = new ServiceCollection(); services.AddInstance(options.Object); services.AddInstance(signInManager.Object); services.AddInstance<ISecurityStampValidator>(new SecurityStampValidator<TestUser>()); httpContext.Setup(c => c.RequestServices).Returns(services.BuildServiceProvider()); var ticket = new AuthenticationTicket(principal, properties, identityOptions.Cookies.ApplicationCookieAuthenticationScheme); var context = new CookieValidatePrincipalContext(httpContext.Object, ticket, new CookieAuthenticationOptions()); Assert.NotNull(context.Properties); Assert.NotNull(context.Options); Assert.NotNull(context.Principal); await SecurityStampValidator.ValidatePrincipalAsync(context); Assert.NotNull(context.Principal); signInManager.VerifyAll(); }
public async Task<IActionResult> Login(string userName = null) { //fake login with roles to demonstrate role based menu filtering AuthenticationProperties authProperties = new AuthenticationProperties(); ClaimsPrincipal user; switch(userName) { case "Administrator": user = GetAdminClaimsPrincipal(); break; case "Member": default: user = GetMemberClaimsPrincipal(); break; } await HttpContext.Authentication.SignInAsync("application", user, authProperties); return RedirectToAction(nameof(HomeController.Index), "Home"); //return View("Index"); }
public void CanRoundTripActorIdentity() { var serializer = new TicketSerializer(); var properties = new AuthenticationProperties(); var actor = new ClaimsIdentity("actor"); var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello"); ticket.Principal.AddIdentity(new ClaimsIdentity("misc") { Actor = actor }); using (var stream = new MemoryStream()) using (var writer = new BinaryWriter(stream)) using (var reader = new BinaryReader(stream)) { serializer.Write(writer, ticket); stream.Position = 0; var readTicket = serializer.Read(reader); Assert.Equal(1, readTicket.Principal.Identities.Count()); Assert.Equal("misc", readTicket.Principal.Identity.AuthenticationType); var identity = (ClaimsIdentity) readTicket.Principal.Identity; Assert.NotNull(identity.Actor); Assert.Equal(identity.Actor.AuthenticationType, "actor"); } }
public async Task ValidateAuthenticatedContext() { var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest")); var server = CreateServer(options => { options.ClientId = "Test Id"; options.ClientSecret = "Test Secret"; options.StateDataFormat = stateFormat; options.AccessType = "offline"; options.Events = new OAuthEvents() { OnCreatingTicket = context => { Assert.NotNull(context.User); Assert.Equal(context.AccessToken, "Test Access Token"); Assert.Equal(context.RefreshToken, "Test Refresh Token"); Assert.Equal(context.ExpiresIn, TimeSpan.FromSeconds(3600)); Assert.Equal(GoogleHelper.GetEmail(context.User), "Test email"); Assert.Equal(GoogleHelper.GetId(context.User), "Test User ID"); Assert.Equal(GoogleHelper.GetName(context.User), "Test Name"); Assert.Equal(GoogleHelper.GetFamilyName(context.User), "Test Family Name"); Assert.Equal(GoogleHelper.GetGivenName(context.User), "Test Given Name"); return Task.FromResult(0); } }; options.BackchannelHttpHandler = new TestHttpMessageHandler { Sender = req => { if (req.RequestUri.AbsoluteUri == "https://accounts.google.com/o/oauth2/token") { return ReturnJsonResponse(new { access_token = "Test Access Token", expires_in = 3600, token_type = "Bearer", refresh_token = "Test Refresh Token" }); } else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://www.googleapis.com/plus/v1/people/me") { return ReturnJsonResponse(new { id = "Test User ID", displayName = "Test Name", name = new { familyName = "Test Family Name", givenName = "Test Given Name" }, url = "Profile link", emails = new[] { new { value = "Test email", type = "account" } } }); } return null; } }; }); var properties = new AuthenticationProperties(); var correlationKey = ".AspNet.Correlation.Google"; var correlationValue = "TestCorrelationId"; properties.Items.Add(correlationKey, correlationValue); properties.RedirectUri = "/foo"; var state = stateFormat.Protect(properties); //Post a message to the Google middleware var transaction = await server.SendAsync( "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state), correlationKey + "=" + correlationValue); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.Equal("/foo", transaction.Response.Headers.GetValues("Location").First()); }
public async Task AuthenticatedEventCanGetRefreshToken() { var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest")); var server = CreateServer(options => { options.ClientId = "Test Id"; options.ClientSecret = "Test Secret"; options.StateDataFormat = stateFormat; options.BackchannelHttpHandler = new TestHttpMessageHandler { Sender = req => { if (req.RequestUri.AbsoluteUri == "https://accounts.google.com/o/oauth2/token") { return ReturnJsonResponse(new { access_token = "Test Access Token", expires_in = 3600, token_type = "Bearer", refresh_token = "Test Refresh Token" }); } else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://www.googleapis.com/plus/v1/people/me") { return ReturnJsonResponse(new { id = "Test User ID", displayName = "Test Name", name = new { familyName = "Test Family Name", givenName = "Test Given Name" }, url = "Profile link", emails = new[] { new { value = "Test email", type = "account" } } }); } return null; } }; options.Events = new OAuthEvents { OnCreatingTicket = context => { var refreshToken = context.RefreshToken; context.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Google") }, "Google")); return Task.FromResult<object>(null); } }; }); var properties = new AuthenticationProperties(); var correlationKey = ".AspNet.Correlation.Google"; var correlationValue = "TestCorrelationId"; properties.Items.Add(correlationKey, correlationValue); properties.RedirectUri = "/me"; var state = stateFormat.Protect(properties); var transaction = await server.SendAsync( "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state), correlationKey + "=" + correlationValue); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First()); Assert.Equal(2, transaction.SetCookie.Count); Assert.Contains(correlationKey, transaction.SetCookie[0]); Assert.Contains(".AspNet." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]); var authCookie = transaction.AuthenticationCookieValue; transaction = await server.SendAsync("https://example.com/me", authCookie); Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode); Assert.Equal("Test Refresh Token", transaction.FindClaimValue("RefreshToken")); }
public async Task ReplyPathWillRejectIfAccessTokenIsMissing() { var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest")); var server = CreateServer(options => { options.ClientId = "Test Id"; options.ClientSecret = "Test Secret"; options.StateDataFormat = stateFormat; options.BackchannelHttpHandler = new TestHttpMessageHandler { Sender = req => { return ReturnJsonResponse(new object()); } }; }); var properties = new AuthenticationProperties(); var correlationKey = ".AspNet.Correlation.Google"; var correlationValue = "TestCorrelationId"; properties.Items.Add(correlationKey, correlationValue); properties.RedirectUri = "/me"; var state = stateFormat.Protect(properties); var transaction = await server.SendAsync( "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state), correlationKey + "=" + correlationValue); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.Contains("error=access_denied", transaction.Response.Headers.Location.ToString()); }
public async Task ReplyPathWillAuthenticateValidAuthorizeCodeAndState(string claimsIssuer) { var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest")); var server = CreateServer(options => { options.ClientId = "Test Id"; options.ClientSecret = "Test Secret"; options.StateDataFormat = stateFormat; options.ClaimsIssuer = claimsIssuer; options.BackchannelHttpHandler = new TestHttpMessageHandler { Sender = req => { if (req.RequestUri.AbsoluteUri == "https://accounts.google.com/o/oauth2/token") { return ReturnJsonResponse(new { access_token = "Test Access Token", expires_in = 3600, token_type = "Bearer" }); } else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://www.googleapis.com/plus/v1/people/me") { return ReturnJsonResponse(new { id = "Test User ID", displayName = "Test Name", name = new { familyName = "Test Family Name", givenName = "Test Given Name" }, url = "Profile link", emails = new[] { new { value = "Test email", type = "account" } } }); } return null; } }; }); var properties = new AuthenticationProperties(); var correlationKey = ".AspNet.Correlation.Google"; var correlationValue = "TestCorrelationId"; properties.Items.Add(correlationKey, correlationValue); properties.RedirectUri = "/me"; var state = stateFormat.Protect(properties); var transaction = await server.SendAsync( "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state), correlationKey + "=" + correlationValue); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First()); Assert.Equal(2, transaction.SetCookie.Count); Assert.Contains(correlationKey, transaction.SetCookie[0]); Assert.Contains(".AspNet." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]); var authCookie = transaction.AuthenticationCookieValue; transaction = await server.SendAsync("https://example.com/me", authCookie); Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode); var expectedIssuer = claimsIssuer ?? GoogleDefaults.AuthenticationScheme; Assert.Equal("Test Name", transaction.FindClaimValue(ClaimTypes.Name, expectedIssuer)); Assert.Equal("Test User ID", transaction.FindClaimValue(ClaimTypes.NameIdentifier, expectedIssuer)); Assert.Equal("Test Given Name", transaction.FindClaimValue(ClaimTypes.GivenName, expectedIssuer)); Assert.Equal("Test Family Name", transaction.FindClaimValue(ClaimTypes.Surname, expectedIssuer)); Assert.Equal("Test email", transaction.FindClaimValue(ClaimTypes.Email, expectedIssuer)); // Ensure claims transformation Assert.Equal("yup", transaction.FindClaimValue("xform")); }
public override void SignOut(string authenticationScheme, AuthenticationProperties properties) { var handler = HttpAuthenticationFeature.Handler; var signOutContext = new SignOutContext(authenticationScheme, properties?.Dictionary); if (handler != null) { handler.SignOut(signOutContext); } // Verify all types ack'd if (!string.IsNullOrWhiteSpace(authenticationScheme) && !signOutContext.Accepted) { throw new InvalidOperationException("The following authentication scheme was not accepted: " + authenticationScheme); } }
public override void SignIn(string authenticationScheme, [NotNull] ClaimsPrincipal principal, AuthenticationProperties properties) { var handler = HttpAuthenticationFeature.Handler; var signInContext = new SignInContext(authenticationScheme, principal, properties == null ? null : properties.Dictionary); if (handler != null) { handler.SignIn(signInContext); } // Verify all types ack'd if (!signInContext.Accepted) { throw new InvalidOperationException("The following authentication scheme was not accepted: " + authenticationScheme); } }
public override void Challenge(AuthenticationProperties properties, [NotNull] IEnumerable<string> authenticationSchemes) { HttpResponseFeature.StatusCode = 401; var handler = HttpAuthenticationFeature.Handler; var challengeContext = new ChallengeContext(authenticationSchemes, properties == null ? null : properties.Dictionary); if (handler != null) { handler.Challenge(challengeContext); } // Verify all types ack'd IEnumerable<string> leftovers = authenticationSchemes.Except(challengeContext.Accepted); if (leftovers.Any()) { throw new InvalidOperationException("The following authentication types were not accepted: " + string.Join(", ", leftovers)); } }
public async Task AuthenticatedEventCanGetRefreshToken() { ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("MsftTest")); var server = CreateServer( options => { options.ClientId = "Test Client Id"; options.ClientSecret = "Test Client Secret"; options.StateDataFormat = stateFormat; options.BackchannelHttpHandler = new TestHttpMessageHandler { Sender = req => { if (req.RequestUri.AbsoluteUri == "https://login.live.com/oauth20_token.srf") { return ReturnJsonResponse(new { access_token = "Test Access Token", expire_in = 3600, token_type = "Bearer", refresh_token = "Test Refresh Token" }); } else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://apis.live.net/v5.0/me") { return ReturnJsonResponse(new { id = "Test User ID", name = "Test Name", first_name = "Test Given Name", last_name = "Test Family Name", emails = new { preferred = "Test email" } }); } return null; } }; options.Notifications = new MicrosoftAccountAuthenticationNotifications { OnAuthenticated = context => { var refreshToken = context.RefreshToken; context.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken) })); return Task.FromResult<object>(null); } }; }, context => { Describe(context.Response, context.User); return true; }); var properties = new AuthenticationProperties(); var correlationKey = ".AspNet.Correlation.Microsoft"; var correlationValue = "TestCorrelationId"; properties.Dictionary.Add(correlationKey, correlationValue); properties.RedirectUri = "/me"; var state = stateFormat.Protect(properties); var transaction = await SendAsync(server, "https://example.com/signin-microsoft?code=TestCode&state=" + Uri.EscapeDataString(state), correlationKey + "=" + correlationValue); transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect); transaction.Response.Headers.Location.ToString().ShouldBe("/me"); transaction.SetCookie.Count.ShouldBe(2); transaction.SetCookie[0].ShouldContain(correlationKey); transaction.SetCookie[1].ShouldContain(".AspNet.External"); var authCookie = transaction.AuthenticationCookieValue; transaction = await SendAsync(server, "https://example.com/me", authCookie); transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK); transaction.FindClaimValue("RefreshToken").ShouldBe("Test Refresh Token"); }
public void NullPrincipalThrows() { var properties = new AuthenticationProperties(); properties.RedirectUri = "bye"; var ticket = new AuthenticationTicket(properties, "Hello"); using (var stream = new MemoryStream()) using (var writer = new BinaryWriter(stream)) using (var reader = new BinaryReader(stream)) { Assert.Throws<ArgumentNullException>(() => TicketSerializer.Write(writer, ticket)); } }
public void CanRoundTripEmptyPrincipal() { var properties = new AuthenticationProperties(); properties.RedirectUri = "bye"; var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello"); using (var stream = new MemoryStream()) using (var writer = new BinaryWriter(stream)) using (var reader = new BinaryReader(stream)) { TicketSerializer.Write(writer, ticket); stream.Position = 0; var readTicket = TicketSerializer.Read(reader); readTicket.Principal.Identities.Count().ShouldBe(0); readTicket.Properties.RedirectUri.ShouldBe("bye"); readTicket.AuthenticationScheme.ShouldBe("Hello"); } }
protected override async Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, OpenIdConnectMessage message, AuthenticationTicket ticket) { var claimsIdentity = (ClaimsIdentity)ticket.Principal.Identity; if (claimsIdentity == null) { claimsIdentity = new ClaimsIdentity(); } claimsIdentity.AddClaim(new Claim("test claim", "test value")); return new AuthenticationTicket(new ClaimsPrincipal(claimsIdentity), ticket.Properties, ticket.AuthenticationScheme); }