public void AddGoogleAndYahooIdentityProviders()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace
.AddGoogleIdentityProvider()
.AddYahooIdentityProvider();
acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));
Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Google"));
Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Yahoo!"));
}
public void AddFacebookIdentityProvider()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace
.AddFacebookIdentityProvider(
ip => ip
.AppId(facebookAppId)
.AppSecret(facebookAppSecret)
);
acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));
Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Facebook"));
}
public void AddMyCoolWebsiteLinkedToExistingRuleGroup()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace.AddRelyingParty(
rp => rp
.Name("MyCoolWebsite")
.RealmAddress("http://mycoolwebsite.com/")
.ReplyAddress("http://mycoolwebsite.com/")
.AllowGoogleIdentityProvider()
.LinkToRuleGroup("Rule Group for MyCoolWebsite Relying Party"));
acsNamespace.SaveChanges();
Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite"));
}
public void AddFacebookIdentityProviderWithAdditionalPermissions()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace
.AddFacebookIdentityProvider(
ip => ip
.AppId(facebookAppId)
.AppSecret(facebookAppSecret)
.WithApplicationPermission(FacebookApplicationPermission.UserPhotos)
.WithApplicationPermission(FacebookApplicationPermission.PublishStream)
);
acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));
Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Facebook"));
}
static void Main(string[] args)
{
var namespaceDesc = new AcsNamespaceDescription(
ConfigurationManager.AppSettings["acsNamespace"],
ConfigurationManager.AppSettings["acsUserName"],
ConfigurationManager.AppSettings["acsPassword"]);
var encryptionCert = new X509Certificate(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer"));
var signingCertBytes = ReadBytesFromPfxFile(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx"));
var temp = new X509Certificate2(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx"), "xyz");
var startDate = temp.NotBefore.ToUniversalTime();
var endDate = temp.NotAfter.ToUniversalTime();
var acsNamespace = new AcsNamespace(namespaceDesc);
acsNamespace
.AddGoogleIdentityProvider()
.AddYahooIdentityProvider()
.AddServiceIdentity(
si => si
.Name("Vandelay Industries")
.Password("Passw0rd!"))
.AddRelyingParty(
rp => rp
.Name("MyCoolWebsite")
.RealmAddress("http://mycoolwebsite.com/")
.ReplyAddress("http://mycoolwebsite.com/")
.AllowGoogleIdentityProvider()
.AllowWindowsLiveIdentityProvider()
.SamlToken()
.TokenLifetime(120)
.SigningCertificate(sc => sc.Bytes(signingCertBytes).Password("xyz").StartDate(startDate).EndDate(endDate))
.EncryptionCertificate(encryptionCert.GetRawCertData())
.RemoveRelatedRuleGroups()
.AddRuleGroup(rg => rg
.Name("Rule Group for MyCoolWebsite Relying Party")
.AddRule(
rule => rule
.Description("Google Passthrough")
.IfInputClaimIssuer().Is("Google")
.AndInputClaimType().IsOfType(ClaimTypes.Email)
.AndInputClaimValue().IsAny()
.ThenOutputClaimType().ShouldBe(ClaimTypes.Name)
.AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())
.AddRule(
rule => rule
.Description("Yahoo! Passthrough")
.IfInputClaimIssuer().Is("Yahoo!")
.AndInputClaimType().IsAny()
.AndInputClaimValue().IsAny()
.ThenOutputClaimType().ShouldPassthroughFirstInputClaimType()
.AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())
.AddRule(
rule => rule
.Description("Windows Live ID rule")
.IfInputClaimIssuer().Is("Windows Live ID")
.AndInputClaimType().IsOfType(ClaimTypes.Email)
.AndInputClaimValue().Is("*****@*****.**")
.ThenOutputClaimType().ShouldBe(ClaimTypes.NameIdentifier)
.AndOutputClaimValue().ShouldBe("John Doe"))
.AddRule(
rule => rule
.Description("ACS rule")
.IfInputClaimIssuer().IsAcs()
.AndInputClaimType().IsAny()
.AndInputClaimValue().IsAny()
.ThenOutputClaimType().ShouldPassthroughFirstInputClaimType()
.AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())));
acsNamespace.SaveChanges(logInfo => Console.WriteLine(logInfo.Message));
Console.ReadKey();
}
public void AddVandelayIndustriesServiceIdentityWithX509FromStore()
{
var acsNamespace = new AcsNamespace(namespaceDesc);
var name = "Vandelay Industries X509";
acsNamespace.AddServiceIdentityWithX509Certificate(
si => si
.Name(name).EncryptionCertificateIdentifiedBy(thumbprint: "66e0bc68570e30fba6207b1050ac72dc5b48cf47"));
acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));
Assert.IsTrue(AcsHelper.CheckServiceIdentityExists(this.namespaceDesc, name));
}
public void AddVandelayIndustriesServiceIdentityWithX509FromFile()
{
var encryptionCert = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer");
var acsNamespace = new AcsNamespace(namespaceDesc);
var name = "Vandelay Industries X509";
acsNamespace.AddServiceIdentityWithX509Certificate(
si => si
.Name(name).EncryptionCertificate(encryptionCert));
acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));
Assert.IsTrue(AcsHelper.CheckServiceIdentityExists(this.namespaceDesc, name));
}
public void AddVandelayIndustriesServiceIdentity()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace.AddServiceIdentity(
si => si
.Name("Vandelay Industries")
.Password("Passw0rd!"));
acsNamespace.SaveChanges();
Assert.IsTrue(AcsHelper.CheckServiceIdentityExists(this.namespaceDesc, "Vandelay Industries"));
}
public void AddMyCoolWebsiteRelyingPartyWithSamlTokenDetailsWithX509CertificateFromFile()
{
var encryptionCert = new X509Certificate(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer"));
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace.AddRelyingParty(
rp => rp
.Name("MyCoolWebsite with X509")
.RealmAddress("http://mycoolwebsitewithx509.com/")
.ReplyAddress("http://mycoolwebsitewithx509.com/")
.AllowGoogleIdentityProvider()
.EncryptionCertificate(encryptionCert));
acsNamespace.SaveChanges();
Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite with X509"));
Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite with X509", 1));
}
public void AddMyCoolWebsiteRelyingPartyWithSwtTokenDetails()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace.AddRelyingParty(
rp => rp
.Name("MyCoolWebsite")
.RealmAddress("http://mycoolwebsite.com/")
.ReplyAddress("http://mycoolwebsite.com/")
.AllowGoogleIdentityProvider()
.AllowWindowsLiveIdentityProvider()
.SwtToken()
.TokenLifetime(120)
.SymmetricKey(Convert.FromBase64String("yMryA5VQVmMwrtuiJBfyjMnAJwoT7//fCuM6NwaHjQ1=")));
acsNamespace.SaveChanges();
Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite"));
Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite", 1));
}
public void AddMyCoolWebsiteRelyingPartyWithSamlTokenDetailsWithX509CertificateFromCertificateStore()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace.AddRelyingParty(
rp => rp
.Name("MyCoolWebsite with X509")
.RealmAddress("http://mycoolwebsitewithx509.com/")
.ReplyAddress("http://mycoolwebsitewithx509.com/")
.AllowGoogleIdentityProvider()
.EncryptionCertificateIdentifiedBy(thumbprint: "66e0bc68570e30fba6207b1050ac72dc5b48cf47"));
acsNamespace.SaveChanges();
Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite with X509"));
Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite with X509", 1));
}
public void AddMyCoolWebsiteRelyingPartyWithSamlTokenDetails()
{
var encryptionCert = new X509Certificate(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer"));
var signingCertBytes = this.ReadBytesFromPfxFile(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx"));
var temp = new X509Certificate2(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx"), "xyz");
var startDate = temp.NotBefore.ToUniversalTime();
var endDate = temp.NotAfter.ToUniversalTime();
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace.AddRelyingParty(
rp => rp
.Name("MyCoolWebsite")
.RealmAddress("http://mycoolwebsite.com/")
.ReplyAddress("http://mycoolwebsite.com/")
.AllowGoogleIdentityProvider()
.AllowWindowsLiveIdentityProvider()
.SamlToken()
.TokenLifetime(120)
.SigningCertificate(sc => sc.Bytes(signingCertBytes).Password("xyz").StartDate(startDate).EndDate(endDate))
.EncryptionCertificate(encryptionCert.GetRawCertData()));
acsNamespace.SaveChanges();
Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite"));
Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite", 2));
}
public void AddMyCoolWebsiteRelyingPartyWithRuleGroupAndRules()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
const string MyCoolWebsite = "MyCoolWebsite";
const string RuleGroupForMyCoolWebsiteRelyingParty = "Rule Group for MyCoolWebsite Relying Party";
acsNamespace.AddRelyingParty(
rp => rp
.Name(MyCoolWebsite)
.RealmAddress("http://mycoolwebsite.com/")
.ReplyAddress("http://mycoolwebsite.com/")
.AllowGoogleIdentityProvider()
.AllowYahooIdentityProvider()
.AllowWindowsLiveIdentityProvider()
.RemoveRelatedRuleGroups()
.AddRuleGroup(rg => rg
.Name(RuleGroupForMyCoolWebsiteRelyingParty)
.AddRule(
rule => rule
.Description("Google Passthrough")
.IfInputClaimIssuer().Is("Google")
.AndInputClaimType().IsOfType(ClaimTypes.Email)
.AndInputClaimValue().IsAny()
.ThenOutputClaimType().ShouldBe(ClaimTypes.Name)
.AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())
.AddRule(
rule => rule
.Description("Yahoo! Passthrough")
.IfInputClaimIssuer().Is("Yahoo!")
.AndInputClaimType().IsAny()
.AndInputClaimValue().IsAny()
.ThenOutputClaimType().ShouldPassthroughFirstInputClaimType()
.AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())
.AddRule(
rule => rule
.Description("Windows Live ID rule")
.IfInputClaimIssuer().Is("Windows Live ID")
.AndInputClaimType().IsOfType(ClaimTypes.Email)
.AndInputClaimValue().Is("*****@*****.**")
.ThenOutputClaimType().ShouldBe(ClaimTypes.NameIdentifier)
.AndOutputClaimValue().ShouldBe("John Doe"))
.AddRule(
rule => rule
.Description("ACS rule")
.IfInputClaimIssuer().IsAcs()
.AndInputClaimType().IsAny()
.AndInputClaimValue().IsAny()
.ThenOutputClaimType().ShouldPassthroughFirstInputClaimType()
.AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())));
acsNamespace.SaveChanges();
Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, MyCoolWebsite));
Assert.IsTrue(AcsHelper.CheckRuleGroupExists(this.namespaceDesc, MyCoolWebsite, RuleGroupForMyCoolWebsiteRelyingParty));
Assert.IsTrue(AcsHelper.CheckRuleGroupHasRules(this.namespaceDesc, MyCoolWebsite, RuleGroupForMyCoolWebsiteRelyingParty, 4));
Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite,
RuleGroupForMyCoolWebsiteRelyingParty, "Google Passthrough"));
Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite,
RuleGroupForMyCoolWebsiteRelyingParty, "Yahoo! Passthrough"));
Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite,
RuleGroupForMyCoolWebsiteRelyingParty, "Windows Live ID rule"));
Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite,
RuleGroupForMyCoolWebsiteRelyingParty, "ACS rule"));
}
public void AddMyCoolWebsiteRelyingPartyWithRuleGroup()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace.AddRelyingParty(
rp => rp
.Name("MyCoolWebsite")
.RealmAddress("http://mycoolwebsite.com/")
.ReplyAddress("http://mycoolwebsite.com/")
.AllowGoogleIdentityProvider()
.AllowWindowsLiveIdentityProvider()
.RemoveRelatedRuleGroups()
.AddRuleGroup(rg => rg.Name("Rule Group for MyCoolWebsite Relying Party")));
acsNamespace.SaveChanges();
Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite"));
Assert.IsTrue(AcsHelper.CheckRuleGroupExists(this.namespaceDesc, "MyCoolWebsite", "Rule Group for MyCoolWebsite Relying Party"));
}
public void AddWsFederationIdentityProvider()
{
var acsNamespace = new AcsNamespace(this.namespaceDesc);
acsNamespace
.AddWsFederationIdentityProvider(
ip => ip
.MetadataUri("https://login.windows.net/fluentacs.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml")
.DisplayName("My WS-Fed IP")
);
acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));
Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "My WS-Fed IP"));
}
