public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { var userInformationUrl = Configuration["UserInfoUrl"]; loggerFactory.AddConsole(); app.UseStatusCodePages(); app.UseExceptionHandler(); var userInformationOptions = new UserInformationOptions { UserInformationEndPoint = userInformationUrl }; app.UseAuthenticationWithUserInformation(userInformationOptions); app.UseCors("AllowAll"); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller}/{action}/{id?}"); }); app.UseSwaggerGen(); app.UseSwaggerUi(); }
public async Task When_Passing_NotWellFormed_UserInformationEndPoint_Then_Exception_Is_Thrown() { // ARRANGE var userInformationResponse = new Dictionary <string, string> { { "role", "administrator" } }; var json = JsonConvert.SerializeObject(userInformationResponse); var httpResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(json) }; var fakeHttpHandler = new FakeHttpMessageHandler(httpResponseMessage); var options = new UserInformationOptions { UserInformationEndPoint = "invalid_url", BackChannelHttpHandler = fakeHttpHandler }; var createServer = CreateServer(options); var client = createServer.CreateClient(); var httpRequestMessage = new HttpRequestMessage(); httpRequestMessage.Headers.Add("Authorization", "Bearer accessToken"); httpRequestMessage.Method = HttpMethod.Get; httpRequestMessage.RequestUri = new Uri("http://localhost/protectedoperation"); // ACT & ASSERTS var exception = await Assert.ThrowsAsync <ArgumentException>(async() => await client.SendAsync(httpRequestMessage)).ConfigureAwait(false); Assert.True(exception.Message == ErrorDescriptions.TheUserInfoEndPointIsNotAWellFormedUrl); }
public async Task When_Passing_An_Access_Token_Not_Valid_For_The_Role_Then_Request_Is_Not_Authorized() { // ARRANGE var userInformationResponse = new Dictionary <string, string> { { "role", "invalid_role" } }; var json = JsonConvert.SerializeObject(userInformationResponse); var httpResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(json) }; var fakeHttpHandler = new FakeHttpMessageHandler(httpResponseMessage); var options = new UserInformationOptions { UserInformationEndPoint = "http://localhost:5000/userinfo", BackChannelHttpHandler = fakeHttpHandler }; var createServer = CreateServer(options); var client = createServer.CreateClient(); var httpRequestMessage = new HttpRequestMessage(); httpRequestMessage.Headers.Add("Authorization", "Bearer accessToken"); httpRequestMessage.Method = HttpMethod.Get; httpRequestMessage.RequestUri = new Uri("http://localhost/protectedoperation"); // ACT var result = await client.SendAsync(httpRequestMessage).ConfigureAwait(false); // ASSERT Assert.True(result.StatusCode == HttpStatusCode.Unauthorized); }
private static TestServer CreateServer(UserInformationOptions options) { var builder = new WebHostBuilder() .ConfigureServices((services) => { InitializeServices(services, options); }) .UseStartup(typeof(FakeStartup)); return(new TestServer(builder)); }
private static void InitializeServices(IServiceCollection services, UserInformationOptions options) { services.AddSingleton(options); }