Пример #1
0
        public void AddMyCoolWebsiteRelyingPartyWithSamlTokenDetails()
        {
            var encryptionCert   = new X509Certificate(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer"));
            var signingCertBytes = this.ReadBytesFromPfxFile(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx"));
            var temp             = new X509Certificate2(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx"), "xyz");
            var startDate        = temp.NotBefore.ToUniversalTime();
            var endDate          = temp.NotAfter.ToUniversalTime();

            var acsNamespace = new AcsNamespace(this.namespaceDesc);

            acsNamespace.AddRelyingParty(
                rp => rp
                .Name("MyCoolWebsite")
                .RealmAddress("http://mycoolwebsite.com/")
                .ReplyAddress("http://mycoolwebsite.com/")
                .AllowGoogleIdentityProvider()
                .AllowWindowsLiveIdentityProvider()
                .SamlToken()
                .TokenLifetime(120)
                .SigningCertificate(sc => sc.Bytes(signingCertBytes).Password("xyz").StartDate(startDate).EndDate(endDate))
                .EncryptionCertificate(encryptionCert.GetRawCertData()));

            acsNamespace.SaveChanges();

            Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite"));
            Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite", 2));
        }
Пример #2
0
        public void AddVandelayIndustriesServiceIdentity()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);

            acsNamespace.AddServiceIdentity(
                si => si
                .Name("Vandelay Industries")
                .Password("Passw0rd!"));

            acsNamespace.SaveChanges();

            Assert.IsTrue(AcsHelper.CheckServiceIdentityExists(this.namespaceDesc, "Vandelay Industries"));
        }
Пример #3
0
        public void AddGoogleAndYahooIdentityProviders()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);

            acsNamespace
            .AddGoogleIdentityProvider()
            .AddYahooIdentityProvider();

            acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));

            Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Google"));
            Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Yahoo!"));
        }
Пример #4
0
        public void AddVandelayIndustriesServiceIdentityWithX509FromStore()
        {
            var acsNamespace = new AcsNamespace(namespaceDesc);
            var name         = "Vandelay Industries X509";

            acsNamespace.AddServiceIdentityWithX509Certificate(
                si => si
                .Name(name).EncryptionCertificateIdentifiedBy(thumbprint: "66e0bc68570e30fba6207b1050ac72dc5b48cf47"));

            acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));

            Assert.IsTrue(AcsHelper.CheckServiceIdentityExists(this.namespaceDesc, name));
        }
Пример #5
0
        public void AddVandelayIndustriesServiceIdentityWithX509FromFile()
        {
            var encryptionCert = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer");
            var acsNamespace   = new AcsNamespace(namespaceDesc);
            var name           = "Vandelay Industries X509";

            acsNamespace.AddServiceIdentityWithX509Certificate(
                si => si
                .Name(name).EncryptionCertificate(encryptionCert));

            acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));

            Assert.IsTrue(AcsHelper.CheckServiceIdentityExists(this.namespaceDesc, name));
        }
Пример #6
0
        public void AddFacebookIdentityProvider()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);

            acsNamespace
            .AddFacebookIdentityProvider(
                ip => ip
                .AppId(facebookAppId)
                .AppSecret(facebookAppSecret)
                );

            acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));

            Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Facebook"));
        }
Пример #7
0
        public void AddWsFederationIdentityProvider()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);

            acsNamespace
            .AddWsFederationIdentityProvider(
                ip => ip
                .MetadataUri("https://login.windows.net/fluentacs.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml")
                .DisplayName("My WS-Fed IP")
                );

            acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));

            Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "My WS-Fed IP"));
        }
Пример #8
0
        public void AddMyCoolWebsiteLinkedToExistingRuleGroup()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);

            acsNamespace.AddRelyingParty(
                rp => rp
                .Name("MyCoolWebsite")
                .RealmAddress("http://mycoolwebsite.com/")
                .ReplyAddress("http://mycoolwebsite.com/")
                .AllowGoogleIdentityProvider()
                .LinkToRuleGroup("Rule Group for MyCoolWebsite Relying Party"));

            acsNamespace.SaveChanges();

            Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite"));
        }
Пример #9
0
        public void AddFacebookIdentityProviderWithAdditionalPermissions()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);

            acsNamespace
            .AddFacebookIdentityProvider(
                ip => ip
                .AppId(facebookAppId)
                .AppSecret(facebookAppSecret)
                .WithApplicationPermission(FacebookApplicationPermission.UserPhotos)
                .WithApplicationPermission(FacebookApplicationPermission.PublishStream)
                );

            acsNamespace.SaveChanges(logInfo => Trace.WriteLine(logInfo.Message));

            Assert.IsTrue(AcsHelper.CheckIdentityProviderExists(this.namespaceDesc, "Facebook"));
        }
Пример #10
0
        public void AddMyCoolWebsiteRelyingPartyWithSamlTokenDetailsWithX509CertificateFromCertificateStore()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);

            acsNamespace.AddRelyingParty(
                rp => rp
                .Name("MyCoolWebsite with X509")
                .RealmAddress("http://mycoolwebsitewithx509.com/")
                .ReplyAddress("http://mycoolwebsitewithx509.com/")
                .AllowGoogleIdentityProvider()
                .EncryptionCertificateIdentifiedBy(thumbprint: "66e0bc68570e30fba6207b1050ac72dc5b48cf47"));

            acsNamespace.SaveChanges();

            Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite with X509"));
            Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite with X509", 1));
        }
Пример #11
0
        public void AddMyCoolWebsiteRelyingPartyWithRuleGroup()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);

            acsNamespace.AddRelyingParty(
                rp => rp
                .Name("MyCoolWebsite")
                .RealmAddress("http://mycoolwebsite.com/")
                .ReplyAddress("http://mycoolwebsite.com/")
                .AllowGoogleIdentityProvider()
                .AllowWindowsLiveIdentityProvider()
                .RemoveRelatedRuleGroups()
                .AddRuleGroup(rg => rg.Name("Rule Group for MyCoolWebsite Relying Party")));

            acsNamespace.SaveChanges();

            Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite"));
            Assert.IsTrue(AcsHelper.CheckRuleGroupExists(this.namespaceDesc, "MyCoolWebsite", "Rule Group for MyCoolWebsite Relying Party"));
        }
Пример #12
0
        public void AddMyCoolWebsiteRelyingPartyWithSamlTokenDetailsWithX509CertificateFromFile()
        {
            var encryptionCert = new X509Certificate(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer"));

            var acsNamespace = new AcsNamespace(this.namespaceDesc);

            acsNamespace.AddRelyingParty(
                rp => rp
                .Name("MyCoolWebsite with X509")
                .RealmAddress("http://mycoolwebsitewithx509.com/")
                .ReplyAddress("http://mycoolwebsitewithx509.com/")
                .AllowGoogleIdentityProvider()
                .EncryptionCertificate(encryptionCert));

            acsNamespace.SaveChanges();

            Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite with X509"));
            Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite with X509", 1));
        }
Пример #13
0
        public void AddMyCoolWebsiteRelyingPartyWithSwtTokenDetails()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);

            acsNamespace.AddRelyingParty(
                rp => rp
                .Name("MyCoolWebsite")
                .RealmAddress("http://mycoolwebsite.com/")
                .ReplyAddress("http://mycoolwebsite.com/")
                .AllowGoogleIdentityProvider()
                .AllowWindowsLiveIdentityProvider()
                .SwtToken()
                .TokenLifetime(120)
                .SymmetricKey(Convert.FromBase64String("yMryA5VQVmMwrtuiJBfyjMnAJwoT7//fCuM6NwaHjQ1=")));

            acsNamespace.SaveChanges();

            Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, "MyCoolWebsite"));
            Assert.IsTrue(AcsHelper.CheckRelyingPartyHasKeys(this.namespaceDesc, "MyCoolWebsite", 1));
        }
Пример #14
0
        public void AddMyCoolWebsiteRelyingPartyWithRuleGroupAndRules()
        {
            var acsNamespace = new AcsNamespace(this.namespaceDesc);

            const string MyCoolWebsite = "MyCoolWebsite";
            const string RuleGroupForMyCoolWebsiteRelyingParty = "Rule Group for MyCoolWebsite Relying Party";

            acsNamespace.AddRelyingParty(
                rp => rp
                .Name(MyCoolWebsite)
                .RealmAddress("http://mycoolwebsite.com/")
                .ReplyAddress("http://mycoolwebsite.com/")
                .AllowGoogleIdentityProvider()
                .AllowYahooIdentityProvider()
                .AllowWindowsLiveIdentityProvider()
                .RemoveRelatedRuleGroups()
                .AddRuleGroup(rg => rg
                              .Name(RuleGroupForMyCoolWebsiteRelyingParty)
                              .AddRule(
                                  rule => rule
                                  .Description("Google Passthrough")
                                  .IfInputClaimIssuer().Is("Google")
                                  .AndInputClaimType().IsOfType(ClaimTypes.Email)
                                  .AndInputClaimValue().IsAny()
                                  .ThenOutputClaimType().ShouldBe(ClaimTypes.Name)
                                  .AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())
                              .AddRule(
                                  rule => rule
                                  .Description("Yahoo! Passthrough")
                                  .IfInputClaimIssuer().Is("Yahoo!")
                                  .AndInputClaimType().IsAny()
                                  .AndInputClaimValue().IsAny()
                                  .ThenOutputClaimType().ShouldPassthroughFirstInputClaimType()
                                  .AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())
                              .AddRule(
                                  rule => rule
                                  .Description("Windows Live ID rule")
                                  .IfInputClaimIssuer().Is("Windows Live ID")
                                  .AndInputClaimType().IsOfType(ClaimTypes.Email)
                                  .AndInputClaimValue().Is("*****@*****.**")
                                  .ThenOutputClaimType().ShouldBe(ClaimTypes.NameIdentifier)
                                  .AndOutputClaimValue().ShouldBe("John Doe"))
                              .AddRule(
                                  rule => rule
                                  .Description("ACS rule")
                                  .IfInputClaimIssuer().IsAcs()
                                  .AndInputClaimType().IsAny()
                                  .AndInputClaimValue().IsAny()
                                  .ThenOutputClaimType().ShouldPassthroughFirstInputClaimType()
                                  .AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())));

            acsNamespace.SaveChanges();

            Assert.IsTrue(AcsHelper.CheckRelyingPartyExists(this.namespaceDesc, MyCoolWebsite));
            Assert.IsTrue(AcsHelper.CheckRuleGroupExists(this.namespaceDesc, MyCoolWebsite, RuleGroupForMyCoolWebsiteRelyingParty));
            Assert.IsTrue(AcsHelper.CheckRuleGroupHasRules(this.namespaceDesc, MyCoolWebsite, RuleGroupForMyCoolWebsiteRelyingParty, 4));
            Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite,
                                                          RuleGroupForMyCoolWebsiteRelyingParty, "Google Passthrough"));
            Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite,
                                                          RuleGroupForMyCoolWebsiteRelyingParty, "Yahoo! Passthrough"));
            Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite,
                                                          RuleGroupForMyCoolWebsiteRelyingParty, "Windows Live ID rule"));
            Assert.IsTrue(AcsHelper.CheckRuleGroupHasRule(this.namespaceDesc, MyCoolWebsite,
                                                          RuleGroupForMyCoolWebsiteRelyingParty, "ACS rule"));
        }