internal static void SwitchUserTest(Sts sts) { Log.Comment("Acquire token for user1 interactively"); AuthenticationContextProxy.SetCredentials(null, sts.ValidPassword); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResultAndTokenContent(sts, result); Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId); Log.Comment("Acquire token via cookie for user1 without user"); AuthenticationResultProxy result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri); VerifySuccessResultAndTokenContent(sts, result); Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId); Log.Comment("Acquire token for user2 via force prompt and user"); AuthenticationContextProxy.SetCredentials(sts.ValidUserName2, sts.ValidPassword2); result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Always, sts.ValidRequiredUserId2); VerifySuccessResultAndTokenContent(sts, result2); Verify.AreEqual(sts.ValidUserName2, result2.UserInfo.DisplayableId); Log.Comment("Acquire token for user2 via force prompt"); AuthenticationContextProxy.SetCredentials(sts.ValidUserName2, sts.ValidPassword2); result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Always); VerifySuccessResultAndTokenContent(sts, result2); Verify.AreEqual(sts.ValidUserName2, result2.UserInfo.DisplayableId); Log.Comment("Fail to acquire token without user while tokens for two users in the cache"); result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri); VerifyErrorResult(result2, "multiple_matching_tokens_detected", null); }
public static async Task MultiResourceRefreshTokenTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, sts.ValidResource2); if (sts.Type == StsType.AAD) { VerifySuccessResult(sts, result2, true, false); Verify.IsTrue(result.IsMultipleResourceRefreshToken); Verify.IsTrue(result2.IsMultipleResourceRefreshToken); } result2 = context.AcquireToken(sts.ValidResource2, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result2); if (sts.Type == StsType.ADFS) { Verify.IsFalse(result.IsMultipleResourceRefreshToken); } else { Verify.IsTrue(result.IsMultipleResourceRefreshToken); } if (sts.Type == StsType.AAD) { result2 = context.AcquireToken(sts.ValidResource3, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result2); Verify.IsTrue(result.IsMultipleResourceRefreshToken); } }
internal static void CacheExpirationMarginTest(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationContextProxy.SetCredentials(null, null); var userId = (result.UserInfo != null) ? new UserIdentifier(result.UserInfo.DisplayableId, UserIdentifierType.OptionalDisplayableId) : UserIdentifier.AnyUser; AuthenticationResultProxy result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, userId, SecondCallExtraQueryParameter); VerifySuccessResult(sts, result2); VerifyExpiresOnAreEqual(result, result2); var dummyContext = new AuthenticationContext("https://dummy/dummy", false); AdalFriend.UpdateTokenExpiryOnTokenCache(dummyContext.TokenCache, DateTime.UtcNow + TimeSpan.FromSeconds(4 * 60 + 50)); result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, userId); VerifySuccessResult(sts, result2); Verify.AreNotEqual(result.AccessToken, result2.AccessToken); }
public static List <AuthenticationResultProxy> AcquireTokenPositiveWithCache(Sts sts, AuthenticationContextProxy context) { AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); Log.Comment("Waiting 2 seconds before next token request..."); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result2; if (result.UserInfo != null) { result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, new UserIdentifier(result.UserInfo.DisplayableId, UserIdentifierType.OptionalDisplayableId), SecondCallExtraQueryParameter); } else { result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri); } VerifySuccessResult(sts, result2); return(new List <AuthenticationResultProxy> { result, result2 }); }
internal static void AcquireTokenWithPromptBehaviorNeverTest(Sts sts) { // Should not be able to get a token silently on first try. var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Never); VerifyErrorResult(result, Sts.UserInteractionRequired, null); AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword); // Obtain a token interactively. result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationContextProxy.SetCredentials(null, null); // Now there should be a token available in the cache so token should be available silently. result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Never); VerifySuccessResult(sts, result); // Clear the cache and silent auth should work via session cookies. AuthenticationContextProxy.ClearDefaultCache(); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Never); VerifySuccessResult(sts, result); // Clear the cache and cookies and silent auth should fail. AuthenticationContextProxy.ClearDefaultCache(); EndBrowserDialogSession(); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Never); VerifyErrorResult(result, Sts.UserInteractionRequired, null); }
public static void AcquireTokenPositiveWithFederatedTenantTest(Sts sts) { var userId = sts.ValidUserId; AuthenticationContextProxy.SetCredentials(userId.Id, sts.ValidPassword); var context = new AuthenticationContextProxy(sts.Authority, false, TokenCacheType.Null); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, userId); VerifySuccessResult(sts, result); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, UserIdentifier.AnyUser); VerifySuccessResult(sts, result); }
public static void UserInfoTest(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationResultProxy result2; if (sts.Type == StsType.AAD) { Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId); Verify.IsNotNullOrEmptyString(result.UserInfo.UniqueId); Verify.IsNotNullOrEmptyString(result.UserInfo.GivenName); Verify.IsNotNullOrEmptyString(result.UserInfo.FamilyName); EndBrowserDialogSession(); Log.Comment("Waiting 2 seconds before next token request..."); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationContextProxy.SetCredentials(null, null); result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, new UserIdentifier(result.UserInfo.DisplayableId, UserIdentifierType.OptionalDisplayableId), SecondCallExtraQueryParameter); ValidateAuthenticationResultsAreEqual(result, result2); } AuthenticationContextProxy.SetCredentials(null, null); result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri); Verify.AreEqual(result.AccessToken, result2.AccessToken); SetCredential(sts); result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId, ThirdCallExtraQueryParameter); VerifySuccessResult(sts, result2); if (result.UserInfo != null) { ValidateAuthenticationResultsAreEqual(result, result2); } else { VerifyExpiresOnAreNotEqual(result, result2); } EndBrowserDialogSession(); Log.Comment("Waiting 2 seconds before next token request..."); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword); result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.InvalidRequiredUserId, SecondCallExtraQueryParameter); VerifyErrorResult(result2, "user_mismatch", null); }
public static void ExtraQueryParametersTest(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority, TokenCacheType.Null); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId, null); VerifySuccessResult(sts, result); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId, "redirect_uri=123"); VerifyErrorResult(result, "duplicate_query_parameter", "redirect_uri"); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId, "resource=123&dummy=dummy_value#$%^@%^^%"); VerifyErrorResult(result, "duplicate_query_parameter", "resource"); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId, "client_id=123"); VerifyErrorResult(result, "duplicate_query_parameter", "client_id"); EndBrowserDialogSession(); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId, "login_hint=123"); VerifyErrorResult(result, "duplicate_query_parameter", "login_hint"); EndBrowserDialogSession(); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId, "login_hintx=123"); VerifySuccessResult(sts, result); EndBrowserDialogSession(); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, UserIdentifier.AnyUser, "login_hint=" + sts.ValidUserName); VerifySuccessResult(sts, result); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId, string.Empty); VerifySuccessResult(sts, result); }
public static void AcquireTokenAndRefreshSessionTest(Sts sts) { var userId = sts.ValidUserId; AuthenticationContextProxy.SetCredentials(userId.Id, sts.ValidPassword); var context = new AuthenticationContextProxy(sts.Authority, false, TokenCacheType.InMemory); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, userId); VerifySuccessResult(sts, result); AuthenticationContextProxy.Delay(2000); AuthenticationResultProxy result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.RefreshSession, userId); VerifySuccessResult(sts, result2); Verify.AreNotEqual(result.AccessToken, result2.AccessToken); }
public static void AcquireTokenPositiveWithoutRedirectUriOrUserIdTest(Sts sts) { AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri); VerifySuccessResult(sts, result); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, null); VerifyErrorResult(result, Sts.InvalidArgumentError, "userId"); VerifyErrorResult(result, Sts.InvalidArgumentError, "UserIdentifier.AnyUser"); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, UserIdentifier.AnyUser); VerifySuccessResult(sts, result); }
public static async Task AcquireTokenFromCacheTestAsync(Sts sts) { AuthenticationContext context = new AuthenticationContext(sts.Authority, sts.ValidateAuthority); try { await context.AcquireTokenSilentAsync(sts.ValidResource, sts.ValidClientId, sts.ValidUserId); Verify.Fail("AdalSilentTokenAcquisitionException was expected"); } catch (AdalSilentTokenAcquisitionException ex) { Verify.AreEqual(AdalError.FailedToAcquireTokenSilently, ex.ErrorCode); } catch { Verify.Fail("AdalSilentTokenAcquisitionException was expected"); } AuthenticationContextProxy.SetCredentials(sts.Type == StsType.ADFS ? sts.ValidUserName : null, sts.ValidPassword); var contextProxy = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy resultProxy = contextProxy.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, resultProxy); AuthenticationResult result = await context.AcquireTokenSilentAsync(sts.ValidResource, sts.ValidClientId, (sts.Type == StsType.ADFS)?UserIdentifier.AnyUser : sts.ValidUserId); VerifySuccessResult(result); result = await context.AcquireTokenSilentAsync(sts.ValidResource, sts.ValidClientId); VerifySuccessResult(result); }
public static async Task CorrelationIdTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); Guid correlationId = Guid.NewGuid(); AuthenticationResultProxy result = null; MemoryStream stream = new MemoryStream(); using (var listener = new TextWriterTraceListener(stream)) { Trace.Listeners.Add(listener); context.SetCorrelationId(correlationId); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); listener.Flush(); string trace = Encoding.UTF8.GetString(stream.ToArray(), 0, (int)stream.Position); Verify.IsTrue(trace.Contains(correlationId.ToString())); Trace.Listeners.Remove(listener); } stream = new MemoryStream(); using (var listener = new TextWriterTraceListener(stream)) { Trace.Listeners.Add(listener); context.SetCorrelationId(Guid.Empty); AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId); Verify.IsNotNull(result2.AccessToken); listener.Flush(); string trace = Encoding.UTF8.GetString(stream.ToArray(), 0, (int)stream.Position); Verify.IsFalse(trace.Contains(correlationId.ToString())); Verify.IsTrue(trace.Contains("Correlation ID")); Trace.Listeners.Remove(listener); } }
public static void AcquireTokenPositiveTest(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); }
public static async Task AcquireTokenPositiveByRefreshTokenTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, (string)null); VerifySuccessResult(sts, result, true, false); AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken + "x", sts.ValidClientId, (string)null); VerifyErrorResult(result2, "invalid_grant", "Refresh Token", 400); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, sts.ValidResource); if (sts.Type == StsType.ADFS) { VerifyErrorResult(result, Sts.InvalidArgumentError, "multiple resource"); } else { VerifySuccessResult(sts, result, true, false); } }
public static async Task InstanceDiscoveryTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationContextProxy.SetEnvironmentVariable("ExtraQueryParameter", string.Empty); // PROD discovery endpoint knows about PPE as well, so this passes discovery and fails later as refresh token is invalid for PPE. context = new AuthenticationContextProxy(sts.Authority.Replace("windows.net", "windows-ppe.net"), sts.ValidateAuthority); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, sts.ValidResource); VerifyErrorResult(result, "invalid_grant", "Refresh Token"); try { context = new AuthenticationContextProxy(sts.Authority.Replace("windows.net", "windows.unknown"), sts.ValidateAuthority); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifyErrorResult(result, "authority_not_in_valid_list", "authority"); } #if TEST_ADAL_WINPHONE_UNIT catch (AdalServiceException ex) { Verify.AreNotEqual(sts.Type, StsType.ADFS); Verify.AreEqual(ex.ErrorCode, Sts.AuthorityNotInValidList); Verify.IsTrue(ex.Message.Contains("authority")); } #endif finally { } }
public static void AcquireTokenWithInvalidClientIdTest(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.InvalidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifyErrorResult(result, Sts.AuthenticationCanceledError, null); }
public static void AcquireTokenWithIncorrectUserCredentialTest(Sts sts) { AuthenticationContextProxy.SetCredentials(sts.InvalidUserName, "invalid_password"); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, UserIdentifier.AnyUser, "incorrect_user"); VerifyErrorResult(result, Sts.AuthenticationCanceledError, "canceled"); }
public static void AcquireTokenWithAuthenticationCanceledTest(Sts sts) { AuthenticationContextProxy.SetCredentials(null, null); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, new UserIdentifier("*****@*****.**", UserIdentifierType.OptionalDisplayableId)); VerifyErrorResult(result, Sts.AuthenticationCanceledError, "canceled"); }
public static void AcquireTokenWithInvalidResourceTest(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.InvalidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifyErrorResult(result, Sts.InvalidResourceError, "resource"); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); result = context.AcquireToken(sts.ValidResource.ToUpper(), sts.ValidClientId.ToUpper(), sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, (sts.Type == StsType.AAD) ? new UserIdentifier(sts.ValidUserName, UserIdentifierType.RequiredDisplayableId) : UserIdentifier.AnyUser); VerifySuccessResult(sts, result); result = context.AcquireToken(sts.ValidResource.ToUpper(), sts.ValidClientId.ToUpper(), sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, (result.UserInfo != null) ? new UserIdentifier(result.UserInfo.UniqueId, UserIdentifierType.UniqueId) : UserIdentifier.AnyUser); VerifySuccessResult(sts, result); }
public static void NonHttpsURLNegativeTest(Sts sts) { AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); // Obtain a token interactively. AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifyErrorDescriptionContains(result.ErrorDescription, "Non-HTTPS url redirect is not supported in webview"); }
public static void ForcePromptTest(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationContextProxy.SetCredentials(null, null); AuthenticationResultProxy result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, (sts.Type == StsType.ADFS) ? null : sts.ValidUserId); VerifySuccessResult(sts, result2); Verify.AreEqual(result2.AccessToken, result.AccessToken); AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Always); VerifySuccessResult(sts, result); Verify.AreNotEqual(result2.AccessToken, result.AccessToken); }
internal static async Task AcquireTokenOnBehalfAndClientAssertionTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); RecorderJwtId.JwtIdIndex = 13; ClientAssertion clientAssertion = CreateClientAssertion(sts.Authority, sts.ValidConfidentialClientId, sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword); AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientAssertion, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, null); VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertion)null, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Testing cache AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result3, true, false); VerifyExpiresOnAreEqual(result2, result3); // Using MRRT in cached token to acquire token for a different resource AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result4, true, false); AuthenticationContextProxy.ClearDefaultCache(); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientAssertion, UserIdentifier.AnyUser); VerifySuccessResult(sts, result3, true, false); }
public static void TenantlessTest(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.TenantlessAuthority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); Verify.IsNotNullOrEmptyString(result.TenantId); AuthenticationContextProxy.SetCredentials(null, null); AuthenticationResultProxy result2 = context.AcquireToken( sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); ValidateAuthenticationResultsAreEqual(result, result2); SetCredential(sts); context = new AuthenticationContextProxy(sts.TenantlessAuthority.Replace("Common", result.TenantId), sts.ValidateAuthority, TokenCacheType.Null); result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result2); }
internal static void MultiUserCacheTest(Sts sts) { Log.Comment("Acquire token for user1 interactively"); AuthenticationContextProxy.SetCredentials(null, sts.ValidPassword); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResultAndTokenContent(sts, result); Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId); Log.Comment("Acquire token for user1 returning cached token"); AuthenticationContextProxy.SetCredentials(null, null); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResultAndTokenContent(sts, result); Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId); Log.Comment("Clear cookie and acquire token for user2 interactively"); EndBrowserDialogSession(); AuthenticationContextProxy.SetCredentials(null, sts.ValidPassword2); AuthenticationResultProxy result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidRequiredUserId2); VerifySuccessResultAndTokenContent(sts, result2); Verify.AreEqual(sts.ValidUserName2, result2.UserInfo.DisplayableId); Log.Comment("Acquire token for user1 returning cached token"); AuthenticationContextProxy.SetCredentials(null, null); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResultAndTokenContent(sts, result); Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId); Log.Comment("Acquire token for user2 returning cached token"); AuthenticationContextProxy.SetCredentials(null, null); result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidRequiredUserId2); VerifySuccessResultAndTokenContent(sts, result2); Verify.AreEqual(sts.ValidUserName2, result2.UserInfo.DisplayableId); Log.Comment("Acquire token for user1 and resource2 using cached multi resource refresh token"); AuthenticationContextProxy.SetCredentials(null, null); result = context.AcquireToken(sts.ValidResource2, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResultAndTokenContent(sts, result); Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId); Log.Comment("Acquire token for user2 and resource2 using cached multi resource refresh token"); AuthenticationContextProxy.SetCredentials(null, null); result2 = context.AcquireToken(sts.ValidResource2, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidRequiredUserId2); VerifySuccessResultAndTokenContent(sts, result2); Verify.AreEqual(sts.ValidUserName2, result2.UserInfo.DisplayableId); }
public static async Task WebExceptionAccessTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.InvalidClientId); VerifyErrorResult(result, "unauthorized_client", "AADSTS70001"); Verify.IsNotNull(result.Exception); Verify.IsNotNull(result.Exception.InnerException); Verify.IsTrue(result.Exception.InnerException is WebException); using (StreamReader sr = new StreamReader(((WebException)(result.Exception.InnerException)).Response.GetResponseStream())) { string streamBody = sr.ReadToEnd(); Verify.IsTrue(streamBody.Contains("AADSTS70001")); } }
public static void AcquireTokenPositiveWithDefaultCacheTest(Sts sts) { AuthenticationContextProxy.ClearDefaultCache(); SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); List <AuthenticationResultProxy> results = AcquireTokenPositiveWithCache(sts, context); VerifyExpiresOnAreEqual(results[0], results[1]); EndBrowserDialogSession(); Log.Comment("Waiting 2 seconds before next token request..."); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy resultWithoutUser = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, UserIdentifier.AnyUser, SecondCallExtraQueryParameter); VerifyExpiresOnAreEqual(results[0], resultWithoutUser); context.VerifySingleItemInCache(results[0], sts.Type); }
public static void AcquireTokenWithInvalidAuthorityTest(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy("https://www.live.com/login", false); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifyErrorResult(result, Sts.AuthenticationCanceledError, null); context = new AuthenticationContextProxy(sts.InvalidAuthority, false); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifyErrorResult(result, Sts.AuthenticationUiFailedError, null); if (sts.Type != StsType.ADFS) { Uri uri = new Uri(sts.Authority); context = new AuthenticationContextProxy(string.Format("{0}://{1}/non_existing_tenant", uri.Scheme, uri.Authority)); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifyErrorResult(result, Sts.AuthenticationCanceledError, null); } }
public static void AcquireTokenWithCallbackTest(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority) { AuthenticationContextDelegate = AuthenticationContextPositiveDelegate }; positiveCalled = false; AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); Verify.IsTrue(positiveCalled); VerifySuccessResult(sts, result); context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority) { AuthenticationContextDelegate = AuthenticationContextNegativeDelegate }; negativeCalled = false; result = context.AcquireToken(sts.ValidResource, sts.InvalidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); Verify.IsTrue(negativeCalled); VerifyErrorResult(result, Sts.AuthenticationCanceledError, null); }
public static async Task CorrelationIdTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); Guid correlationId = Guid.NewGuid(); AuthenticationResultProxy result = null; MemoryStream stream = new MemoryStream(); using (var listener = new TextWriterTraceListener(stream)) { Trace.Listeners.Add(listener); context.SetCorrelationId(correlationId); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); listener.Flush(); string trace = Encoding.UTF8.GetString(stream.ToArray(), 0, (int)stream.Position); Verify.IsTrue(trace.Contains(correlationId.ToString())); Trace.Listeners.Remove(listener); } stream = new MemoryStream(); using (var listener = new TextWriterTraceListener(stream)) { Trace.Listeners.Add(listener); context.SetCorrelationId(Guid.Empty); AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId); Verify.IsNotNullOrEmptyString(result2.AccessToken); listener.Flush(); string trace = Encoding.UTF8.GetString(stream.ToArray(), 0, (int)stream.Position); Verify.IsFalse(trace.Contains(correlationId.ToString())); Verify.IsTrue(trace.Contains("Correlation ID")); Trace.Listeners.Remove(listener); } }
public static void AcquireTokenWithRedirectUriTest(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.InvalidExistingRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifyErrorResult(result, Sts.AuthenticationCanceledError, null); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.InvalidNonExistingRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifyErrorResult(result, Sts.AuthenticationCanceledError, null); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, new Uri(sts.ValidNonExistingRedirectUri.AbsoluteUri + "#fragment"), PromptBehaviorProxy.Auto, sts.ValidUserId); VerifyErrorResult(result, Sts.InvalidArgumentError, "redirectUri"); VerifyErrorResult(result, Sts.InvalidArgumentError, "fragment"); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, null, PromptBehaviorProxy.Auto, sts.ValidUserId); if (TestType != TestType.WinRT) { VerifyErrorResult(result, Sts.InvalidArgumentError, "redirectUri"); } else { // Winrt can send null redirecturi VerifySuccessResult(sts, result); } AuthenticationContextProxy.ClearDefaultCache(); EndBrowserDialogSession(); result = context.AcquireToken(sts.ValidResource, sts.ValidClientIdWithExistingRedirectUri, sts.ValidExistingRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationContextProxy.ClearDefaultCache(); result = context.AcquireToken(sts.ValidResource, sts.ValidNonExistentRedirectUriClientId, sts.ValidNonExistingRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); }
internal static async Task AcquireTokenOnBehalfAndClientCertificateTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); var clientCertificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword)); RecorderJwtId.JwtIdIndex = 5; AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientCertificate, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, null); VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertionCertificate)null, result.AccessToken); RecorderJwtId.JwtIdIndex = 6; VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientCertificate"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Testing cache AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken); VerifySuccessResult(sts, result3, true, false); VerifyExpiresOnAreEqual(result2, result3); // Using MRRT in cached token to acquire token for a different resource AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientCertificate, result.AccessToken + "x"); VerifySuccessResult(sts, result4, true, false); AuthenticationContextProxy.ClearDefaultCache(); result2 = await context.AcquireTokenAsync(sts.ValidResource + "x", clientCertificate, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidResourceError, null); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken + "x"); VerifyErrorResult(result2, "invalid_grant", "invalid signature"); var invalidClientCredential = new ClientAssertionCertificate(sts.ValidConfidentialClientId.Replace('1', '2'), new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword)); RecorderJwtId.JwtIdIndex = 7; result2 = await context.AcquireTokenAsync(sts.ValidResource, invalidClientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.UnauthorizedClient, "not found"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId); VerifyErrorResult(result3, AdalError.FailedToAcquireTokenSilently, null); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientCertificate, UserIdentifier.AnyUser); VerifySuccessResult(sts, result3, true, false); }
public static List<AuthenticationResultProxy> AcquireTokenPositiveWithCache(Sts sts, AuthenticationContextProxy context) { AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); Log.Comment("Waiting 2 seconds before next token request..."); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result2; if (result.UserInfo != null) result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, new UserIdentifier(result.UserInfo.DisplayableId, UserIdentifierType.OptionalDisplayableId), SecondCallExtraQueryParameter); else result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri); VerifySuccessResult(sts, result2); return new List<AuthenticationResultProxy> { result, result2 }; }
public void AcquireTokenWithPromptBehaviorNeverTestAsync() { // TODO: Not fully working at this point due to session cookies being deleted between WAB calls. Sts sts = Sts; // Should not be able to get a token silently passing redirectUri. var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Never); AdalTests.VerifyErrorResult(result, Sts.InvalidArgumentError, "SSO"); AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri); AdalTests.VerifySuccessResult(sts, result); AuthenticationContextProxy.ClearDefaultCache(); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri); AdalTests.VerifySuccessResult(sts, result); // Should not be able to get a token silently on first try. result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, null, PromptBehaviorProxy.Never); AdalTests.VerifyErrorResult(result, Sts.UserInteractionRequired, null); AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword); // Obtain a token interactively. result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, null); AdalTests.VerifySuccessResult(sts, result); // Obtain a token interactively. AuthenticationContextProxy.ClearDefaultCache(); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, null); AdalTests.VerifySuccessResult(sts, result); AuthenticationContextProxy.SetCredentials(null, null); // Now there should be a token available in the cache so token should be available silently. result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, null, PromptBehaviorProxy.Never); AdalTests.VerifySuccessResult(sts, result); // Clear the cache and silent auth should work via session cookies. AuthenticationContextProxy.ClearDefaultCache(); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, null, PromptBehaviorProxy.Never); AdalTests.VerifySuccessResult(sts, result); // Clear the cache and cookies and silent auth should fail. AuthenticationContextProxy.ClearDefaultCache(); AdalTests.EndBrowserDialogSession(); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, null, PromptBehaviorProxy.Never); AdalTests.VerifyErrorResult(result, Sts.UserInteractionRequired, null); }
public void SSOModeTest() { AuthenticationContextProxy.SetCredentials(null, Sts.ValidPassword); var context = new AuthenticationContextProxy(Sts.Authority, Sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(Sts.ValidResource, Sts.ValidClientId, Sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, Sts.ValidUserId); AdalTests.VerifySuccessResult(Sts, result); AuthenticationContextProxy.ClearDefaultCache(); AuthenticationContextProxy.SetCredentials(Sts.ValidUserName, Sts.ValidPassword); result = context.AcquireToken(Sts.ValidResource, Sts.ValidClientId, null); AdalTests.VerifySuccessResult(Sts, result); AuthenticationContextProxy.ClearDefaultCache(); result = context.AcquireToken(Sts.ValidResource, Sts.ValidClientId, null); AdalTests.VerifySuccessResult(Sts, result); AuthenticationContextProxy.ClearDefaultCache(); result = context.AcquireToken(Sts.ValidResource, Sts.ValidClientId, new Uri("ms-app://s-1-15-2-2097830667-3131301884-2920402518-3338703368-1480782779-4157212157-3811015497/")); AdalTests.VerifyErrorResult(result, Sts.InvalidArgumentError, "return URI"); }
public static void AcquireTokenPositiveWithDefaultCacheTest(Sts sts) { AuthenticationContextProxy.ClearDefaultCache(); SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); List<AuthenticationResultProxy> results = AcquireTokenPositiveWithCache(sts, context); VerifyExpiresOnAreEqual(results[0], results[1]); EndBrowserDialogSession(); Log.Comment("Waiting 2 seconds before next token request..."); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy resultWithoutUser = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, UserIdentifier.AnyUser, SecondCallExtraQueryParameter); VerifyExpiresOnAreEqual(results[0], resultWithoutUser); context.VerifySingleItemInCache(results[0], sts.Type); }
public static async Task AuthenticationParametersDiscoveryTestAsync(Sts sts) { const string RelyingPartyWithDiscoveryUrl = "http://localhost:8080"; using (Microsoft.Owin.Hosting.WebApp.Start<RelyingParty>(RelyingPartyWithDiscoveryUrl)) { Log.Comment("Relying Party Started"); HttpWebResponse response = null; AuthenticationParametersProxy authParams = null; try { HttpWebRequest request = (HttpWebRequest)WebRequest.Create(RelyingPartyWithDiscoveryUrl); request.ContentType = "application/x-www-form-urlencoded"; response = (HttpWebResponse)request.GetResponse(); } catch (WebException ex) { response = (HttpWebResponse)ex.Response; if (response.StatusCode == HttpStatusCode.Unauthorized) { authParams = AuthenticationParametersProxy.CreateFromResponseAuthenticateHeader(response.Headers["WWW-authenticate"]); } } finally { response.Close(); } SetCredential(sts); var context = new AuthenticationContextProxy(authParams.Authority, sts.ValidateAuthority, TokenCacheType.Null); var result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); AdalTests.VerifySuccessResult(sts, result); // ADAL WinRT does not support AuthenticationParameters.CreateFromUnauthorizedResponse API if (TestType != Common.TestType.WinRT) { try { HttpWebRequest request = (HttpWebRequest)WebRequest.Create(RelyingPartyWithDiscoveryUrl); request.ContentType = "application/x-www-form-urlencoded"; response = (HttpWebResponse)request.GetResponse(); } catch (WebException ex) { response = (HttpWebResponse)ex.Response; authParams = AuthenticationParametersProxy.CreateFromUnauthorizedResponse(response); } finally { response.Close(); } context = new AuthenticationContextProxy(authParams.Authority, sts.ValidateAuthority, TokenCacheType.Null); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); AdalTests.VerifySuccessResult(sts, result); } authParams = await AuthenticationParametersProxy.CreateFromResourceUrlAsync(new Uri(RelyingPartyWithDiscoveryUrl)); context = new AuthenticationContextProxy(authParams.Authority, sts.ValidateAuthority, TokenCacheType.Null); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); AdalTests.VerifySuccessResult(sts, result); Log.Comment("Relying Party Terminating..."); } }
public static void AuthenticationContextAuthorityValidationTest(Sts sts) { SetCredential(sts); AuthenticationContextProxy context = null; AuthenticationResultProxy result = null; try { context = new AuthenticationContextProxy(sts.InvalidAuthority, true); Verify.AreNotEqual(sts.Type, StsType.ADFS); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifyErrorResult(result, Sts.AuthorityNotInValidList, "authority"); } catch (ArgumentException ex) { Verify.AreEqual(sts.Type, StsType.ADFS); Verify.AreEqual(ex.ParamName, "validateAuthority"); } #if TEST_ADAL_WINPHONE_UNIT catch (AdalServiceException ex) { Verify.AreNotEqual(sts.Type, StsType.ADFS); Verify.AreEqual(ex.ErrorCode, Sts.AuthorityNotInValidList); Verify.IsTrue(ex.Message.Contains("authority")); } #endif context = new AuthenticationContextProxy(sts.InvalidAuthority, false); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifyErrorResult(result, Sts.AuthenticationUiFailedError, "authentication dialog"); context = new AuthenticationContextProxy(sts.Authority, false); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); if (sts.Type != StsType.ADFS) { context = new AuthenticationContextProxy(sts.Authority, true); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); } try { context = new AuthenticationContextProxy(sts.InvalidAuthority); Verify.AreNotEqual(sts.Type, StsType.ADFS); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifyErrorResult(result, Sts.AuthorityNotInValidList, "authority"); } catch (ArgumentException ex) { Verify.AreEqual(sts.Type, StsType.ADFS); Verify.AreEqual(ex.ParamName, "validateAuthority"); } #if TEST_ADAL_WINPHONE_UNIT catch (AdalServiceException ex) { Verify.AreNotEqual(sts.Type, StsType.ADFS); Verify.AreEqual(ex.ErrorCode, Sts.AuthorityNotInValidList); Verify.IsTrue(ex.Message.Contains("authority")); } #endif context = new AuthenticationContextProxy(sts.Authority + "/extraPath1/extraPath2", sts.ValidateAuthority); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); }