internal static void MsaTest()
{
AadSts sts = new AadSts();
string liveIdtoken = StsLoginFlow.TryGetSamlToken("https://login.live.com", sts.MsaUserName, sts.MsaPassword, "urn:federation:MicrosoftOnline");
var context = new AuthenticationContext(sts.Authority, sts.ValidateAuthority, null);
try
{
var result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, new UserAssertion(liveIdtoken, "urn:ietf:params:oauth:grant-type:saml1_1-bearer"));
VerifySuccessResult(result);
}
catch (Exception ex)
{
Verify.Fail("Unexpected exception: " + ex);
}
try
{
var result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, new UserAssertion("x", "urn:ietf:params:oauth:grant-type:saml1_1-bearer"));
Verify.Fail("Exception expected");
VerifySuccessResult(result);
}
catch (AdalServiceException ex)
{
Verify.AreEqual(ex.ErrorCode, "invalid_grant");
Verify.AreEqual(ex.StatusCode, 400);
Verify.IsTrue(ex.ServiceErrorCodes.Contains("50008"));
}
}
public static Sts CreateSts(StsType stsType)
{
Sts sts;
switch (stsType)
{
case StsType.ADFS:
sts = new AdfsSts();
break;
case StsType.AADFederatedWithADFS3:
sts = new AadFederatedWithAdfs3Sts();
break;
case StsType.AAD:
sts = new AadSts();
break;
case StsType.AdfsPasswordGrant:
sts = new AdfsPasswordGrantSts();
break;
case StsType.AadPasswordGrant:
sts = new AadPasswordGrantSts();
break;
default:
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, " Unsupported STS type '{0}'", stsType));
}
return(sts);
}
public async Task AcquireTokenSilentServiceErrorTestAsync()
{
Sts sts = new AadSts();
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(sts.Authority, sts.ValidResource, sts.ValidClientId, TokenSubjectType.User, "unique_id", "*****@*****.**");
cache.tokenCacheDictionary[key] = new AuthenticationResult("Bearer", "some-access-token",
"invalid-refresh-token", DateTimeOffset.UtcNow);
AuthenticationContext context = new AuthenticationContext(sts.Authority, sts.ValidateAuthority, cache);
try
{
await context.AcquireTokenSilentAsync(sts.ValidResource, sts.ValidClientId, new UserIdentifier("unique_id", UserIdentifierType.UniqueId));
Verify.Fail("AdalSilentTokenAcquisitionException was expected");
}
catch (AdalSilentTokenAcquisitionException ex)
{
Verify.AreEqual(AdalError.FailedToAcquireTokenSilently, ex.ErrorCode);
Verify.AreEqual(AdalErrorMessage.FailedToRefreshToken, ex.Message);
Verify.IsNotNull(ex.InnerException);
Verify.IsTrue(ex.InnerException is AdalException);
Verify.AreEqual(((AdalException)ex.InnerException).ErrorCode, "invalid_grant");
}
catch
{
Verify.Fail("AdalSilentTokenAcquisitionException was expected");
}
}
public static Sts CreateSts(StsType stsType)
{
Sts sts;
switch (stsType)
{
case StsType.ADFS:
sts = new AdfsSts();
break;
case StsType.AADFederatedWithADFS3:
sts = new AadFederatedWithAdfs3Sts();
break;
case StsType.AAD:
sts = new AadSts();
break;
case StsType.AdfsPasswordGrant:
sts = new AdfsPasswordGrantSts();
break;
case StsType.AadPasswordGrant:
sts = new AadPasswordGrantSts();
break;
default:
throw new ArgumentException(string.Format("Unsupported STS type '{0}'", stsType));
}
return sts;
}
public async Task MsAppRedirectUriTest()
{
Sts sts = new AadSts();
AuthenticationContextProxy context = new AuthenticationContextProxy(sts.Authority);
AuthenticationResultProxy result = null;
result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, new Uri("ms-app://test/"), null);
Verify.IsNotNullOrEmptyString(result.Error);
Verify.AreEqual(result.Error, Sts.AuthenticationUiFailedError);
try
{
WebAuthenticationBroker.GetCurrentApplicationCallbackUri();
Verify.Fail("Exception expected");
}
catch (Exception ex)
{
Verify.IsTrue(ex.Message.Contains("hostname"));
}
result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, null, null);
Verify.AreEqual(result.Error, "need_to_set_callback_uri_as_local_setting");
// Incorrect ms-app
ApplicationData.Current.LocalSettings.Values["CurrentApplicationCallbackUri"] = "ms-app://s-1-15-2-2097830667-3131301884-2920402518-3338703368-1480782779-4157212157-3811015497/";
result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, null, null);
Verify.AreEqual(result.Error, Sts.AuthenticationUiFailedError);
}
public async Task MsAppRedirectUriTest()
{
Sts sts = new AadSts();
AuthenticationContext context = await AuthenticationContext.CreateAsync(sts.Authority);
try
{
context.AcquireTokenAndContinue(sts.ValidResource, sts.ValidClientId, new Uri("ms-app://test/"), null);
Verify.Fail("Argument exception expected");
}
catch (AdalException ex)
{
Verify.AreEqual(ex.ErrorCode, Sts.AuthenticationUiFailedError);
Verify.IsTrue(ex.InnerException is ArgumentException);
}
try
{
WebAuthenticationBroker.GetCurrentApplicationCallbackUri();
Verify.Fail("Exception expected");
}
catch (Exception ex)
{
Verify.IsTrue(ex.Message.Contains("hostname"));
}
try
{
context.AcquireTokenAndContinue(sts.ValidResource, sts.ValidClientId, null, null);
Verify.Fail("Exception expected");
}
catch (AdalException ex)
{
Verify.AreEqual(ex.ErrorCode, "need_to_set_callback_uri_as_local_setting");
}
try
{
// Incorrect ms-app
ApplicationData.Current.LocalSettings.Values["CurrentApplicationCallbackUri"] = "ms-app://s-1-15-2-2097830667-3131301884-2920402518-3338703368-1480782779-4157212157-3811015497/";
context.AcquireTokenAndContinue(sts.ValidResource, sts.ValidClientId, null, null);
Verify.Fail("Exception expected");
}
catch (AdalException ex)
{
Verify.AreEqual(ex.ErrorCode, Sts.AuthenticationUiFailedError);
}
}
public async Task MsAppRedirectUriTest()
{
Sts sts = new AadSts();
AuthenticationContextProxy context = new AuthenticationContextProxy(sts.Authority);
AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId,
new Uri("ms-app://s-1-15-2-2097830667-3131301884-2920402518-3338703368-1480782779-4157212157-3811015497/"),
new PlatformParameters(PromptBehavior.Auto, false));
Verify.IsNotNullOrEmptyString(result.Error);
Verify.AreEqual(result.Error, Sts.AuthenticationUiFailedError);
Uri uri = WebAuthenticationBroker.GetCurrentApplicationCallbackUri();
result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, uri, new PlatformParameters(PromptBehavior.Auto, false));
Verify.IsNotNullOrEmptyString(result.Error);
Verify.AreEqual(result.Error, Sts.AuthenticationUiFailedError);
}
internal static void MsaTest()
{
AadSts sts = new AadSts();
string liveIdtoken = StsLoginFlow.TryGetSamlToken("https://login.live.com", sts.MsaUserName, sts.MsaPassword, "urn:federation:MicrosoftOnline");
var context = new AuthenticationContext(sts.Authority, sts.ValidateAuthority);
try
{
var result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, new UserAssertion(liveIdtoken, "urn:ietf:params:oauth:grant-type:saml1_1-bearer"));
VerifySuccessResult(result);
var result2 = context.AcquireTokenSilent(sts.ValidResource2, sts.ValidClientId, new UserIdentifier(sts.MsaUserName, UserIdentifierType.OptionalDisplayableId));
VerifySuccessResult(result2);
Verify.IsNotNull(result2.RefreshToken);
Verify.IsTrue(result2.IsMultipleResourceRefreshToken);
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
var result3 = context.AcquireTokenSilent(sts.ValidResource, sts.ValidClientId, new UserIdentifier(sts.MsaUserName, UserIdentifierType.OptionalDisplayableId));
VerifySuccessResult(result3);
Verify.IsTrue(AreDateTimeOffsetsEqual(result.ExpiresOn, result3.ExpiresOn));
}
catch (Exception ex)
{
Verify.Fail("Unexpected exception: " + ex);
}
try
{
context.TokenCache.Clear();
var result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, new UserAssertion("x", "urn:ietf:params:oauth:grant-type:saml1_1-bearer"));
Verify.Fail("Exception expected");
VerifySuccessResult(result);
}
catch (AdalServiceException ex)
{
Verify.AreEqual(ex.ErrorCode, "invalid_grant");
Verify.AreEqual(ex.StatusCode, 400);
Verify.IsTrue(ex.ServiceErrorCodes.Contains("50008"));
}
}
public static Sts CreateSts(StsType stsType)
{
Sts sts;
switch (stsType)
{
case StsType.ADFS:
sts = new AdfsSts();
break;
case StsType.AADFederatedWithADFS3:
sts = new AadFederatedWithAdfs3Sts();
break;
case StsType.AAD:
sts = new AadSts();
break;
default:
throw new ArgumentException(string.Format("Unsupported STS type '{0}'", stsType));
}
return sts;
}
public void AuthenticationParametersTest()
{
Sts sts = new AadSts();
string authority = sts.Authority + "/oauth2/authorize";
const string Resource = "test_resource";
AuthenticationParameters authParams = AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(@"Bearer authorization_uri=""{0}"",resource_id=""{1}""", authority, Resource));
Verify.AreEqual(authority, authParams.Authority);
Verify.AreEqual(Resource, authParams.Resource);
authParams = AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(@"bearer Authorization_uri=""{0}"",Resource_ID=""{1}""", authority, Resource));
Verify.AreEqual(authority, authParams.Authority);
Verify.AreEqual(Resource, authParams.Resource);
authParams = AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(@"Bearer authorization_uri=""{0}""", authority));
Verify.AreEqual(authority, authParams.Authority);
Verify.IsNull(authParams.Resource);
authParams = AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(@"Bearer resource_id=""{0}""", Resource));
Verify.AreEqual(Resource, authParams.Resource);
Verify.IsNull(authParams.Authority);
try
{
AuthenticationParameters.CreateFromResponseAuthenticateHeader(null);
}
catch(ArgumentNullException ex)
{
Verify.AreEqual(ex.ParamName, "authenticateHeader");
}
try
{
AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(@"authorization_uri=""{0}"",Resource_id=""{1}""", authority, Resource));
}
catch (ArgumentException ex)
{
Verify.AreEqual(ex.ParamName, "authenticateHeader");
Verify.IsTrue(ex.Message.Contains("format"));
}
}
public static Sts CreateSts(StsType stsType)
{
Sts sts = null;
if (stsType == StsType.ADFS)
{
sts = new AdfsSts();
}
else if (stsType == StsType.AADFederatedWithADFS3)
{
sts = new AadFederatedWithAdfs3Sts();
}
else if (stsType == StsType.AAD)
{
sts = new AadSts();
}
else
{
throw new ArgumentException(string.Format("Unsupported STS type '{0}'", stsType));
}
return(sts);
}
internal static async Task MsaTestAsync()
{
AadSts sts = new AadSts();
string liveIdtoken = StsLoginFlow.TryGetSamlToken("https://login.live.com", sts.MsaUserName, sts.MsaPassword, "urn:federation:MicrosoftOnline");
var context = new AuthenticationContext(sts.Authority, sts.ValidateAuthority);
try
{
var result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, new UserAssertion(liveIdtoken, "urn:ietf:params:oauth:grant-type:saml1_1-bearer"));
VerifySuccessResult(result);
var result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidClientId, new UserIdentifier(sts.MsaUserName, UserIdentifierType.OptionalDisplayableId));
VerifySuccessResult(result2);
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
var result3 = await context.AcquireTokenSilentAsync(sts.ValidResource, sts.ValidClientId, new UserIdentifier(sts.MsaUserName, UserIdentifierType.OptionalDisplayableId));
VerifySuccessResult(result3);
Verify.IsTrue(AreDateTimeOffsetsEqual(result.ExpiresOn, result3.ExpiresOn));
}
catch (Exception ex)
{
Verify.Fail("Unexpected exception: " + ex);
}
try
{
context.TokenCache.Clear();
var result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, new UserAssertion("x", "urn:ietf:params:oauth:grant-type:saml1_1-bearer"));
Verify.Fail("Exception expected");
VerifySuccessResult(result);
}
catch (AdalServiceException ex)
{
Verify.AreEqual(ex.ErrorCode, "invalid_grant");
Verify.AreEqual(ex.StatusCode, 400);
Verify.IsTrue(ex.ServiceErrorCodes.Contains("50008"));
}
}
