public StubOwinMiddleware(
     int statusCode,
     AuthenticationResponseChallenge challenge = null,
     AuthenticationResponseRevoke revoke = null,
     AuthenticationResponseGrant grant = null)
      : base(null)
 {
     this.statusCode = statusCode;
     this.challenge = challenge;
     this.revoke = revoke;
     this.grant = grant;
 }
        public void SignIn(AuthenticationProperties properties, params ClaimsIdentity[] identities)
        {
            AuthenticationResponseRevoke priorRevoke = AuthenticationResponseRevoke;

            if (priorRevoke != null)
            {
                // Scan the sign-outs's and remove any with a matching auth type.
                string[] filteredSignOuts = priorRevoke.AuthenticationTypes
                                            .Where(authType => !identities.Any(identity => identity.AuthenticationType.Equals(authType, StringComparison.Ordinal)))
                                            .ToArray();
                if (filteredSignOuts.Length < priorRevoke.AuthenticationTypes.Length)
                {
                    if (filteredSignOuts.Length == 0)
                    {
                        AuthenticationResponseRevoke = null;
                    }
                    else
                    {
                        AuthenticationResponseRevoke = new AuthenticationResponseRevoke(filteredSignOuts);
                    }
                }
            }

            AuthenticationResponseGrant priorGrant = AuthenticationResponseGrant;

            if (priorGrant == null)
            {
                AuthenticationResponseGrant = new AuthenticationResponseGrant(new ClaimsPrincipal(identities), properties);
            }
            else
            {
                ClaimsIdentity[] mergedIdentities = priorGrant.Principal.Identities.Concat(identities).ToArray();

                if (properties != null)
                {
                    // Update prior properties
                    foreach (var propertiesPair in properties.Dictionary)
                    {
                        priorGrant.Properties.Dictionary[propertiesPair.Key] = propertiesPair.Value;
                    }
                }

                AuthenticationResponseGrant = new AuthenticationResponseGrant(new ClaimsPrincipal(mergedIdentities), priorGrant.Properties);
            }
        }
Exemplo n.º 3
0
        public void SignOut(AuthenticationProperties properties, string[] authenticationTypes)
        {
            AuthenticationResponseGrant priorGrant = AuthenticationResponseGrant;

            if (priorGrant != null)
            {
                // Scan the sign-in's and remove any with a matching auth type.
                ClaimsIdentity[] filteredIdentities = priorGrant.Principal.Identities
                                                      .Where(identity => !authenticationTypes.Contains(identity.AuthenticationType, StringComparer.Ordinal))
                                                      .ToArray();
                if (filteredIdentities.Length < priorGrant.Principal.Identities.Count())
                {
                    if (filteredIdentities.Length == 0)
                    {
                        AuthenticationResponseGrant = null;
                    }
                    else
                    {
                        AuthenticationResponseGrant = new AuthenticationResponseGrant(new ClaimsPrincipal(filteredIdentities), priorGrant.Properties);
                    }
                }
            }

            AuthenticationResponseRevoke priorRevoke = AuthenticationResponseRevoke;

            if (priorRevoke == null)
            {
                AuthenticationResponseRevoke = new AuthenticationResponseRevoke(authenticationTypes, properties);
            }
            else
            {
                if (properties != null && !object.ReferenceEquals(properties.Dictionary, priorRevoke.Properties.Dictionary))
                {
                    // Update prior properties
                    foreach (var propertiesPair in properties.Dictionary)
                    {
                        priorRevoke.Properties.Dictionary[propertiesPair.Key] = propertiesPair.Value;
                    }
                }

                // Cumulative auth types
                string[] mergedAuthTypes = priorRevoke.AuthenticationTypes.Concat(authenticationTypes).ToArray();
                AuthenticationResponseRevoke = new AuthenticationResponseRevoke(mergedAuthTypes, priorRevoke.Properties);
            }
        }
        public void SignOut(string[] authenticationTypes)
        {
            AuthenticationResponseGrant priorGrant = AuthenticationResponseGrant;

            if (priorGrant != null)
            {
                // Scan the sign-in's and remove any with a matching auth type.
                ClaimsIdentity[] filteredIdentities = priorGrant.Principal.Identities
                                                      .Where(identity => !authenticationTypes.Contains(identity.AuthenticationType, StringComparer.Ordinal))
                                                      .ToArray();
                if (filteredIdentities.Length < priorGrant.Principal.Identities.Count())
                {
                    if (filteredIdentities.Length == 0)
                    {
                        AuthenticationResponseGrant = null;
                    }
                    else
                    {
                        AuthenticationResponseGrant = new AuthenticationResponseGrant(new ClaimsPrincipal(filteredIdentities), priorGrant.Properties);
                    }
                }
            }

            AuthenticationResponseRevoke priorRevoke = AuthenticationResponseRevoke;

            if (priorRevoke == null)
            {
                AuthenticationResponseRevoke = new AuthenticationResponseRevoke(authenticationTypes);
            }
            else
            {
                // Cumulative auth types
                string[] mergedAuthTypes = priorRevoke.AuthenticationTypes.Concat(authenticationTypes).ToArray();
                AuthenticationResponseRevoke = new AuthenticationResponseRevoke(mergedAuthTypes);
            }
        }
 public void SignOut(string[] authenticationTypes)
 {
     AuthenticationResponseRevoke = new AuthenticationResponseRevoke(authenticationTypes);
 }
        private async Task KentorAuthServicesAuthenticationMiddleware_CreatesRedirectOnAuthRevoke_PreservesRedirect(
            string location, string expectedUrl, string path = "/Account/LogOut")
        {
            var revoke = new AuthenticationResponseRevoke(new string[0]);

            var options = new KentorAuthServicesAuthenticationOptions(true);
            ((SPOptions)options.SPOptions).PublicOrigin = new Uri("https://sp.example.com/ExternalPath/");

            var subject = new KentorAuthServicesAuthenticationMiddleware(
                new StubOwinMiddleware(303, revoke: revoke),
                CreateAppBuilder(),
                options);

            var context = OwinTestHelpers.CreateOwinContext();
            context.Request.Scheme = "http";
            context.Request.Host = new HostString("sp-internal.example.com");
            context.Request.PathBase = new PathString("/AppPath");
            context.Request.Path = new PathString(path);
            context.Response.Headers["Location"] = location;

            Thread.CurrentPrincipal = new ClaimsPrincipal(
                new ClaimsIdentity(new Claim[]
                {
                    new Claim(ClaimTypes.NameIdentifier, "NameId", null, "https://idp.example.com"),
                    new Claim(AuthServicesClaimTypes.SessionIndex, "SessionId", null, "https://idp.example.com")
                }, "Federation"));

            await subject.Invoke(context);

            var cookieValue = context.Response.Headers["Set-Cookie"].Split(';', '=')[1]
                .Replace('_', '/').Replace('-', '+').Replace('.', '=');

            var returnUrl = Encoding.UTF8.GetString(options.DataProtector.Unprotect(
                Convert.FromBase64String(cookieValue)));

            returnUrl.Should().Be(expectedUrl);
        }
        public void SignOut(string[] authenticationTypes)
        {
            AuthenticationResponseGrant priorGrant = AuthenticationResponseGrant;
            if (priorGrant != null)
            {
                // Scan the sign-in's and remove any with a matching auth type.
                ClaimsIdentity[] filteredIdentities = priorGrant.Principal.Identities
                    .Where(identity => !authenticationTypes.Contains(identity.AuthenticationType, StringComparer.Ordinal))
                    .ToArray();
                if (filteredIdentities.Length < priorGrant.Principal.Identities.Count())
                {
                    if (filteredIdentities.Length == 0)
                    {
                        AuthenticationResponseGrant = null;
                    }
                    else
                    {
                        AuthenticationResponseGrant = new AuthenticationResponseGrant(new ClaimsPrincipal(filteredIdentities), priorGrant.Properties);
                    }
                }
            }

            AuthenticationResponseRevoke priorRevoke = AuthenticationResponseRevoke;
            if (priorRevoke == null)
            {
                AuthenticationResponseRevoke = new AuthenticationResponseRevoke(authenticationTypes);
            }
            else
            {
                // Cumulative auth types
                string[] mergedAuthTypes = priorRevoke.AuthenticationTypes.Concat(authenticationTypes).ToArray();
                AuthenticationResponseRevoke = new AuthenticationResponseRevoke(mergedAuthTypes);
            }
        }
        public void SignIn(AuthenticationProperties properties, params ClaimsIdentity[] identities)
        {
            AuthenticationResponseRevoke priorRevoke = AuthenticationResponseRevoke;
            if (priorRevoke != null)
            {
                // Scan the sign-outs's and remove any with a matching auth type.
                string[] filteredSignOuts = priorRevoke.AuthenticationTypes
                    .Where(authType => !identities.Any(identity => identity.AuthenticationType.Equals(authType, StringComparison.Ordinal)))
                    .ToArray();
                if (filteredSignOuts.Length < priorRevoke.AuthenticationTypes.Length)
                {
                    if (filteredSignOuts.Length == 0)
                    {
                        AuthenticationResponseRevoke = null;
                    }
                    else
                    {
                        AuthenticationResponseRevoke = new AuthenticationResponseRevoke(filteredSignOuts);
                    }
                }
            }

            AuthenticationResponseGrant priorGrant = AuthenticationResponseGrant;
            if (priorGrant == null)
            {
                AuthenticationResponseGrant = new AuthenticationResponseGrant(new ClaimsPrincipal(identities), properties);
            }
            else
            {
                ClaimsIdentity[] mergedIdentities = priorGrant.Principal.Identities.Concat(identities).ToArray();

                if (properties != null)
                {
                    // Update prior properties
                    foreach (var propertiesPair in properties.Dictionary)
                    {
                        priorGrant.Properties.Dictionary[propertiesPair.Key] = propertiesPair.Value;
                    }
                }

                AuthenticationResponseGrant = new AuthenticationResponseGrant(new ClaimsPrincipal(mergedIdentities), priorGrant.Properties);
            }
        }
        public async Task GivenNextMiddlewareRevokesAuth_ItRemovesForceSslCookie()
        {
            // Arrange
            var context = Fakes.CreateOwinContext();
            var next = Fakes.CreateOwinMiddleware();
            var app = new AppBuilder();
            var revoke = new AuthenticationResponseRevoke(new string[0]);

            next.Setup(n => n.Invoke(context))
                .Returns<IOwinContext>(c =>
                {
                    c.Authentication.AuthenticationResponseRevoke = revoke;
                    return Task.FromResult<object>(null);
                });
            context.Request
                .SetUrl("http://nuget.local/foo/bar/baz?qux=qooz");
            var middleware = new ForceSslWhenAuthenticatedMiddleware(next.Object, app, "ForceSSL", 443);

            // Act
            await middleware.Invoke(context);

            // Assert
            OwinAssert.DeletesCookie(context.Response, "ForceSSL");
        }
        public async Task KentorAuthServicesAuthenticationMiddleware_CreatesRedirectOnAuthRevoke()
        {
            var revoke = new AuthenticationResponseRevoke(new string[0]);

            var options = new KentorAuthServicesAuthenticationOptions(true);
            ((SPOptions)options.SPOptions).PublicOrigin = new Uri("https://sp.example.com/ExternalPath/");

            var subject = new KentorAuthServicesAuthenticationMiddleware(
                new StubOwinMiddleware(200, revoke: revoke),
                CreateAppBuilder(),
                options);

            var context = OwinTestHelpers.CreateOwinContext();
            context.Request.Scheme = "http";
            context.Request.Host = new HostString("sp-internal.example.com");
            context.Request.PathBase = new PathString("/InternalPath");
            context.Request.Path = new PathString("/LoggedOut");

            Thread.CurrentPrincipal = new ClaimsPrincipal(
                new ClaimsIdentity(new Claim[]
                {
                    new Claim(ClaimTypes.NameIdentifier, "NameId", null, "https://idp.example.com"),
                    new Claim(AuthServicesClaimTypes.SessionIndex, "SessionId", null, "https://idp.example.com")
                }, "Federation"));

            await subject.Invoke(context);

            context.Response.StatusCode.Should().Be(303);
            context.Response.Headers["Location"].Should().StartWith("https://idp.example.com/logout?SAMLRequest");
            var returnUrl = ExtractRequestState(options.DataProtector, context).ReturnUrl;

            returnUrl.Should().Be("https://sp.example.com/ExternalPath/LoggedOut");
        }
        public async Task KentorAuthServicesAuthenticationMiddleware_CreatesRedirectOnAuthRevoke_UsesAuthPropsReturnUrl()
        {
            var authPropsReturnUrl = "http://sp.exmample.com/AuthPropsLogout";

            var revoke = new AuthenticationResponseRevoke(
                new string[0],
                new AuthenticationProperties { RedirectUri = authPropsReturnUrl });

            var options = new KentorAuthServicesAuthenticationOptions(true);
            options.SPOptions.PublicOrigin = new Uri("https://sp.example.com/ExternalPath/");

            var subject = new KentorAuthServicesAuthenticationMiddleware(
                new StubOwinMiddleware(303, revoke: revoke),
                CreateAppBuilder(),
                options);

            var context = OwinTestHelpers.CreateOwinContext();
            context.Response.Headers["Location"] = "http://sp.example.com/locationHeader";
            context.Request.User = new ClaimsPrincipal(
                new ClaimsIdentity(new Claim[]
                {
                    new Claim(AuthServicesClaimTypes.LogoutNameIdentifier, ",,,,NameId", null, "https://idp.example.com"),
                    new Claim(AuthServicesClaimTypes.SessionIndex, "SessionId", null, "https://idp.example.com")
                }, "Federation"));

            await subject.Invoke(context);

            var cookieValue = context.Response.Headers["Set-Cookie"].Split(';', '=')[1];

            var returnUrl = new StoredRequestState(options.DataProtector.Unprotect(
                HttpRequestData.GetBinaryData(cookieValue))).ReturnUrl;

            returnUrl.Should().Be(authPropsReturnUrl);
        }
        public async Task KentorAuthServicesAuthenticationMiddleware_AuthRevoke_HonorsCommandResultHandled()
        {
            var revoke = new AuthenticationResponseRevoke(new string[0]);

            var options = new KentorAuthServicesAuthenticationOptions(true)
            {
                Notifications = new KentorAuthServicesNotifications
                {
                    LogoutCommandResultCreated = cr =>
                    {
                        cr.HandledResult = true;
                    }
                }
            };

            var subject = new KentorAuthServicesAuthenticationMiddleware(
                new StubOwinMiddleware(200, revoke: revoke),
                CreateAppBuilder(),
                options);

            var context = OwinTestHelpers.CreateOwinContext();
            context.Request.Scheme = "http";
            context.Request.Host = new HostString("sp-internal.example.com");
            context.Request.PathBase = new PathString("/InternalPath");
            context.Request.Path = new PathString("/LoggedOut");
            context.Request.User = new ClaimsPrincipal(
                new ClaimsIdentity(new Claim[]
                {
                    new Claim(ClaimTypes.NameIdentifier, "NameId", null, "https://idp.example.com"),
                    new Claim(AuthServicesClaimTypes.SessionIndex, "SessionId", null, "https://idp.example.com")
                }, "Federation"));

            await subject.Invoke(context);

            context.Response.StatusCode.Should().Be(200);
        }
Exemplo n.º 13
0
 public void Revoke(string[] authenticationTypes)
 {
     AuthenticationResponseRevoke = new AuthenticationResponseRevoke(authenticationTypes);
 }
        private async Task KentorAuthServicesAuthenticationMiddleware_CreatesRedirectOnAuthRevoke_PreservesRedirect(
            string location, string expectedUrl, string path = "/Account/LogOut", AuthenticationProperties authProps = null)
        {
            var revoke = new AuthenticationResponseRevoke(new string[0]);

            var options = new KentorAuthServicesAuthenticationOptions(true);
            options.SPOptions.PublicOrigin = new Uri("https://sp.example.com/ExternalPath/");

            var subject = new KentorAuthServicesAuthenticationMiddleware(
                new StubOwinMiddleware(303, revoke: revoke),
                CreateAppBuilder(),
                options);

            var context = OwinTestHelpers.CreateOwinContext();
            context.Request.Scheme = "http";
            context.Request.Host = new HostString("sp-internal.example.com");
            context.Request.PathBase = new PathString("/AppPath");
            context.Request.Path = new PathString(path);
            context.Response.Headers["Location"] = location;
            context.Request.User = new ClaimsPrincipal(
                new ClaimsIdentity(new Claim[]
                {
                    new Claim(AuthServicesClaimTypes.LogoutNameIdentifier, ",,,,NameId", null, "https://idp.example.com"),
                    new Claim(AuthServicesClaimTypes.SessionIndex, "SessionId", null, "https://idp.example.com")
                }, "Federation"));

            await subject.Invoke(context);

            var cookieValue = context.Response.Headers["Set-Cookie"].Split(';', '=')[1];

            var returnUrl = new StoredRequestState(options.DataProtector.Unprotect(
                HttpRequestData.GetBinaryData(cookieValue))).ReturnUrl;

            returnUrl.Should().Be(expectedUrl);
        }
Exemplo n.º 15
0
        public void SignOut(AuthenticationProperties properties, string[] authenticationTypes)
        {
            AuthenticationResponseGrant priorGrant = AuthenticationResponseGrant;
            if (priorGrant != null)
            {
                // Scan the sign-in's and remove any with a matching auth type.
                ClaimsIdentity[] filteredIdentities = priorGrant.Principal.Identities
                    .Where(identity => !authenticationTypes.Contains(identity.AuthenticationType, StringComparer.Ordinal))
                    .ToArray();
                if (filteredIdentities.Length < priorGrant.Principal.Identities.Count())
                {
                    if (filteredIdentities.Length == 0)
                    {
                        AuthenticationResponseGrant = null;
                    }
                    else
                    {
                        AuthenticationResponseGrant = new AuthenticationResponseGrant(new ClaimsPrincipal(filteredIdentities), priorGrant.Properties);
                    }
                }
            }

            AuthenticationResponseRevoke priorRevoke = AuthenticationResponseRevoke;
            if (priorRevoke == null)
            {
                AuthenticationResponseRevoke = new AuthenticationResponseRevoke(authenticationTypes, properties);
            }
            else
            {
                if (properties != null && !object.ReferenceEquals(properties.Dictionary, priorRevoke.Properties.Dictionary))
                {
                    // Update prior properties
                    foreach (var propertiesPair in properties.Dictionary)
                    {
                        priorRevoke.Properties.Dictionary[propertiesPair.Key] = propertiesPair.Value;
                    }
                }

                // Cumulative auth types
                string[] mergedAuthTypes = priorRevoke.AuthenticationTypes.Concat(authenticationTypes).ToArray();
                AuthenticationResponseRevoke = new AuthenticationResponseRevoke(mergedAuthTypes, priorRevoke.Properties);
            }
        }