public void UseDeflatedSaml11BearerAuthentication_CalledWithInvalidToken_ThrowsUnauthorizedException()
{
var sts = Infrastructure.TestSts.TestSts.Create();
var audience = new Uri(Audience);
var principal = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, User) }) });
var issuerNameRegistry = new SimpleValidateByThumbprintOnlyIssuerNameRegistry(
new string('F', sts.IssuerNameRegistry.AcceptedThumbprint.Length),
"http://nonexistingissuer");
SetIssuerNameRegistryAndAudience(issuerNameRegistry, audience);
using (var server = TestServer.Create(app =>
{
app.UseDeflatedSamlBearerAuthentication(WifTokenValidatorFactory.CreateWindowsIdentityFoundationTokenValidator());
app.Run(SimulatedAuthorizingControllerAction);
}))
{
var httpClient = server.HttpClient;
AddAuthorizationHeader(httpClient, "<xml>Jægerbogen på arabisk: كتاب صياد</xml>");
var exception = Assert.Throws <AggregateException>(
() =>
{
var response = httpClient.GetAsync("/").Result;
}
);
Console.WriteLine(exception.Message);
exception.InnerException.Should().BeOfType <UnauthorizedAccessException>();
Console.WriteLine(exception.InnerException.Message);
}
}
private static void SetIssuerNameRegistryAndAudience(
SimpleValidateByThumbprintOnlyIssuerNameRegistry issuerNameRegistry, Uri audience)
{
FederatedAuthentication.FederationConfiguration.IdentityConfiguration.IssuerNameRegistry = issuerNameRegistry;
FederatedAuthentication.FederationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Clear();
FederatedAuthentication.FederationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(
audience);
}
