protected AuthenticationTicket BuildAuthenticationTicket(ServiceTicket ticket)
        {
            if (ticket == null)
            {
                return(null);
            }
            var assertion = ticket.Assertion;
            var principal = new CasPrincipal(assertion, ticket.AuthenticationType);
            var identity  = (principal.Identity as ClaimsIdentity);

            if (identity != null)
            {
                foreach (var claim in ticket.Claims)
                {
                    if (identity.HasClaim(claim.Type, claim.Value))
                    {
                        continue;
                    }
                    identity.AddClaim(claim.ToClaim());
                }
            }
            return(new AuthenticationTicket(
                       principal,
                       new AuthenticationProperties {
                IssuedUtc = assertion.ValidFrom,
                ExpiresUtc = assertion.ValidUntil
            },
                       ticket.AuthenticationType));
        }
Exemplo n.º 2
0
        private static AuthenticationTicket BuildAuthenticationTicket(ServiceTicket ticket)
        {
            var assertion = ticket.Assertion;
            var principal = new CasPrincipal(assertion, ticket.AuthenticationType);

            if (!(principal.Identity is ClaimsIdentity identity))
            {
                return(new AuthenticationTicket(
                           principal,
                           new AuthenticationProperties
                {
                    IssuedUtc = assertion.ValidFrom,
                    ExpiresUtc = assertion.ValidUntil
                },
                           ticket.AuthenticationType));
            }

            identity.AddClaims(ticket.Claims);

            return(new AuthenticationTicket(
                       principal,
                       new AuthenticationProperties
            {
                IssuedUtc = assertion.ValidFrom,
                ExpiresUtc = assertion.ValidUntil
            },
                       ticket.AuthenticationType));
        }
Exemplo n.º 3
0
        public async Task ValidatingAndCreatingTicketSuccess_ShouldResponseWithAuthCookies()
        {
            // Arrange
            var ticketValidator = new Mock <IServiceTicketValidator>();

            using var server = CreateServer(options =>
            {
                options.ServiceTicketValidator = ticketValidator.Object;
                options.CasServerUrlBase       = _options.CasServerUrlBase;
                options.Provider = new CasAuthenticationProvider
                {
                    OnCreatingTicket = context =>
                    {
                        var assertion = (context.Identity as CasIdentity)?.Assertion;
                        if (assertion == null)
                        {
                            return(Task.CompletedTask);
                        }
                        context.Identity.AddClaim(new Claim(context.Identity.NameClaimType, assertion.PrincipalName));
                        return(Task.CompletedTask);
                    }
                };
            });
            var ticket    = Guid.NewGuid().ToString();
            var principal = new CasPrincipal(new Assertion(Guid.NewGuid().ToString()), CasDefaults.AuthenticationType);

            ticketValidator
            .Setup(x => x.ValidateAsync(ticket, It.IsAny <string>(), It.IsAny <CancellationToken>()))
            .ReturnsAsync(principal);
            using var challengeResponse = await server.HttpClient.GetAsync(CookieAuthenticationDefaults.LoginPath.Value).ConfigureAwait(false);

            var query       = QueryHelpers.ParseQuery(challengeResponse.Headers.Location.Query);
            var validateUrl = QueryHelpers.AddQueryString(query["service"], "ticket", ticket);

            // Act
            using var signinRequest  = challengeResponse.GetRequest(validateUrl);
            using var signinResponse = await server.HttpClient.SendAsync(signinRequest).ConfigureAwait(false);

            // Assert
            var cookies = signinResponse.Headers.GetValues("Set-Cookie");

            Assert.Contains(cookies, x => x.StartsWith(CookieAuthenticationDefaults.CookiePrefix + CookieAuthenticationDefaults.AuthenticationType));
            Assert.Contains(cookies, x => x.StartsWith($"{CookieAuthenticationDefaults.CookiePrefix}Correlation.{CasDefaults.AuthenticationType}"));
            Assert.Equal("/", signinResponse.Headers.Location.OriginalString);

            using var authorizedRequest  = signinResponse.GetRequest("/");
            using var authorizedResponse = await server.HttpClient.SendAsync(authorizedRequest).ConfigureAwait(false);

            Assert.Equal(HttpStatusCode.OK, authorizedResponse.StatusCode);
            var bodyText = await authorizedResponse.Content.ReadAsStringAsync().ConfigureAwait(false);

            Assert.Equal(principal.GetPrincipalName(), bodyText);
            ticketValidator.Verify(x => x.ValidateAsync(ticket, It.IsAny <string>(), It.IsAny <CancellationToken>()), Times.Once);
        }
Exemplo n.º 4
0
        public async Task CreatingTicketFailureWithoutHandledResponse_ShouldThrows()
        {
            // Arrange
            var ticketValidator = new Mock <IServiceTicketValidator>();

            using var server = CreateServer(options =>
            {
                options.ServiceTicketValidator = ticketValidator.Object;
                options.CasServerUrlBase       = _options.CasServerUrlBase;
                options.Events = new CasEvents
                {
                    OnCreatingTicket = _ => throw new NotSupportedException("test")
                };
            });
            using var client = server.CreateClient();
            var ticket    = Guid.NewGuid().ToString();
            var principal = new CasPrincipal(new Assertion(Guid.NewGuid().ToString()), CasDefaults.AuthenticationType);

            ticketValidator
            .Setup(x => x.ValidateAsync(ticket, It.IsAny <string>(), It.IsAny <CancellationToken>()))
            .ReturnsAsync(principal);

            using var challengeResponse = await client.GetAsync(CookieAuthenticationDefaults.LoginPath).ConfigureAwait(false);

            var query       = QueryHelpers.ParseQuery(challengeResponse.Headers.Location.Query);
            var validateUrl = QueryHelpers.AddQueryString(query["service"], "ticket", ticket);

            Exception exception = null;

            try
            {
                // Act
                using var signinRequest = challengeResponse.GetRequest(validateUrl);
                await client.SendAsync(signinRequest).ConfigureAwait(false);
            }
            catch (Exception e)
            {
                exception = e;
            }

            // Assert
            Assert.NotNull(exception);
            Assert.Equal("An error was encountered while handling the remote login.", exception.Message);
            Assert.IsType <NotSupportedException>(exception.InnerException);
        }
Exemplo n.º 5
0
        /// <summary>
        /// Attempts to authenticate requests subsequent to the initial authentication
        /// request (handled by ProcessTicketValidation).  This method looks for a
        /// FormsAuthenticationCookie containing a FormsAuthenticationTicket and attempts
        /// to confirms its validitiy.  It either contains the CAS service ticket or a
        /// reference to a CasAuthenticationTicket stored in the ServiceTicketManager
        /// (if configured).  If it succeeds, the context.User and Thread.CurrentPrincipal
        /// are set with a ICasPrincipal and the current request is considered
        /// authenticated.  Otherwise, the current request is effectively anonymous.
        /// </summary>
        public void ProcessRequestAuthentication(HttpContextBase httpContext)
        {
            // Look for a valid FormsAuthenticationTicket encrypted in a cookie.
            CasAuthenticationTicket   casTicket = null;
            FormsAuthenticationTicket formsAuthenticationTicket = GetFormsAuthenticationTicket(httpContext);

            if (formsAuthenticationTicket != null)
            {
                ICasPrincipal principal;
                if (_casServices.ServiceTicketManager != null)
                {
                    string serviceTicket = formsAuthenticationTicket.UserData;
                    casTicket = _casServices.ServiceTicketManager.GetTicket(serviceTicket);
                    if (casTicket != null)
                    {
                        IAssertion assertion = casTicket.Assertion;

                        if (!_casServices.ServiceTicketManager.VerifyClientTicket(casTicket))
                        {
                            Logger.Warning("CasAuthenticationTicket failed verification: {0}", casTicket);

                            // Deletes the invalid FormsAuthentication cookie from the client.
                            ClearAuthCookie(httpContext);
                            _casServices.ServiceTicketManager.RevokeTicket(serviceTicket);

                            // Don't give this request a User/Principal.  Remove it if it was created
                            // by the underlying FormsAuthenticationModule or another module.
                            principal = null;
                        }
                        else
                        {
                            if (_casServices.ProxyTicketManager != null &&
                                !string.IsNullOrEmpty(casTicket.ProxyGrantingTicketIou) &&
                                string.IsNullOrEmpty(casTicket.ProxyGrantingTicket))
                            {
                                string proxyGrantingTicket = _casServices.ProxyTicketManager.GetProxyGrantingTicket(casTicket.ProxyGrantingTicketIou);
                                if (!string.IsNullOrEmpty(proxyGrantingTicket))
                                {
                                    casTicket.ProxyGrantingTicket = proxyGrantingTicket;
                                }
                            }

                            principal = new CasPrincipal(assertion, casTicket.ProxyGrantingTicket, null, casTicket.MaxAttributes);
                        }
                    }
                    else
                    {
                        if (httpContext.User != null &&
                            httpContext.User.Identity is FormsIdentity &&
                            _authenticationService.GetAuthenticatedUser() != null)
                        {
                            return;
                        }

                        // This didn't resolve to a ticket in the TicketStore.  Revoke it.
                        ClearAuthCookie(httpContext);
                        Logger.Debug("Revoking ticket {0}", serviceTicket);
                        _casServices.ServiceTicketManager.RevokeTicket(serviceTicket);

                        // Don't give this request a User/Principal.  Remove it if it was created
                        // by the underlying FormsAuthenticationModule or another module.
                        principal = null;
                    }
                }
                else
                {
                    principal = new CasPrincipal(new Assertion(formsAuthenticationTicket.Name));
                }

                httpContext.User        = principal;
                Thread.CurrentPrincipal = principal;

                if (principal == null)
                {
                    // Remove the cookie from the client
                    ClearAuthCookie(httpContext);
                }
                else
                {
                    // Extend the expiration of the cookie if FormsAuthentication is configured to do so.
                    if (FormsAuthentication.SlidingExpiration)
                    {
                        FormsAuthenticationTicket newTicket = FormsAuthentication.RenewTicketIfOld(formsAuthenticationTicket);
                        if (newTicket != null && newTicket != formsAuthenticationTicket)
                        {
                            SetAuthCookie(httpContext, newTicket);
                            if (_casServices.ServiceTicketManager != null)
                            {
                                _casServices.ServiceTicketManager.UpdateTicketExpiration(casTicket, newTicket.Expiration);
                            }
                        }
                    }
                }
            }
        }
Exemplo n.º 6
0
 public string GetId(CasPrincipal user)
 {
     return(user.Identity.Name);
 }