public void FailedValidationResourceNotInTrustedRealmTest()
{
using (var harness = new MockHttpAndServiceBundle())
{
// add mock response for on-premise DRS request
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Get,
ExpectedUrl = "https://enterpriseregistration.fabrikam.com/enrollmentserver/contract",
ExpectedQueryParams = new Dictionary <string, string>
{
{ "api-version", "1.0" }
},
ResponseMessage = MockHelpers.CreateSuccessResponseMessage(
ResourceHelper.GetTestResourceRelativePath(File.ReadAllText("drs-response.json")))
});
// add mock response for on-premise webfinger request
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Get,
ExpectedUrl = "https://fs.fabrikam.com/adfs/.well-known/webfinger",
ExpectedQueryParams = new Dictionary <string, string>
{
{ "resource", "https://fs.contoso.com" },
{ "rel", "http://schemas.microsoft.com/rel/trusted-realm" }
},
ResponseMessage = MockHelpers.CreateSuccessWebFingerResponseMessage("https://fs.some-other-sts.com")
});
Authority instance = Authority.CreateAuthority(harness.ServiceBundle, MsalTestConstants.OnPremiseAuthority);
Assert.IsNotNull(instance);
Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Adfs);
try
{
var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle);
var endpoints = resolver.ResolveEndpointsAsync(
instance.AuthorityInfo,
MsalTestConstants.FabrikamDisplayableId,
RequestContext.CreateForTest(harness.ServiceBundle)).ConfigureAwait(false).GetAwaiter().GetResult();
Assert.Fail("ResolveEndpointsAsync should have failed here");
}
catch (Exception exc)
{
Assert.IsNotNull(exc);
}
}
}
public void FailedValidationTest()
{
using (var harness = CreateTestHarness())
{
// add mock response for instance validation
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Get,
ExpectedUrl = "https://login.microsoftonline.com/common/discovery/instance",
ExpectedQueryParams = new Dictionary <string, string>
{
{ "api-version", "1.1" },
{
"authorization_endpoint",
"https%3A%2F%2Flogin.microsoft0nline.com%2Fmytenant.com%2Foauth2%2Fv2.0%2Fauthorize"
},
},
ResponseMessage = MockHelpers.CreateFailureMessage(
HttpStatusCode.BadRequest,
"{\"error\":\"invalid_instance\"," + "\"error_description\":\"AADSTS50049: " +
"Unknown or invalid instance. Trace " + "ID: b9d0894d-a9a4-4dba-b38e-8fb6a009bc00 " +
"Correlation ID: 34f7b4cf-4fa2-4f35-a59b" + "-54b6f91a9c94 Timestamp: 2016-08-23 " +
"20:45:49Z\",\"error_codes\":[50049]," + "\"timestamp\":\"2016-08-23 20:45:49Z\"," +
"\"trace_id\":\"b9d0894d-a9a4-4dba-b38e-8f" + "b6a009bc00\",\"correlation_id\":\"34f7b4cf-" +
"4fa2-4f35-a59b-54b6f91a9c94\"}")
});
Authority instance = Authority.CreateAuthority("https://login.microsoft0nline.com/mytenant.com", true);
Assert.IsNotNull(instance);
Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Aad);
TestCommon.CreateServiceBundleWithCustomHttpManager(harness.HttpManager, authority: instance.AuthorityInfo.CanonicalAuthority, validateAuthority: true);
try
{
var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle);
var endpoints = resolver.ResolveEndpointsAsync(
instance.AuthorityInfo,
null,
new RequestContext(harness.ServiceBundle, Guid.NewGuid()))
.ConfigureAwait(false).GetAwaiter().GetResult();
Assert.Fail("validation should have failed here");
}
catch (Exception exc)
{
Assert.IsTrue(exc is MsalServiceException);
Assert.AreEqual(((MsalServiceException)exc).ErrorCode, "invalid_instance");
}
}
}
internal ServiceBundle(
ApplicationConfiguration config,
bool shouldClearCaches = false)
{
Config = config;
DefaultLogger = new MsalLogger(
Guid.Empty,
config.ClientName,
config.ClientVersion,
config.LogLevel,
config.EnablePiiLogging,
config.IsDefaultPlatformLoggingEnabled,
config.LoggingCallback);
PlatformProxy = config.PlatformProxy ?? PlatformProxyFactory.CreatePlatformProxy(DefaultLogger);
HttpManager = config.HttpManager ?? new HttpManager(
config.HttpClientFactory ??
PlatformProxy.CreateDefaultHttpClientFactory());
HttpTelemetryManager = new HttpTelemetryManager();
if (config.TelemetryConfig != null)
{
// This can return null if the device isn't sampled in. There's no need for processing MATS events if we're not going to send them.
Mats = TelemetryClient.CreateMats(config, PlatformProxy, config.TelemetryConfig);
MatsTelemetryManager = Mats?.TelemetryManager ??
new TelemetryManager(config, PlatformProxy, config.TelemetryCallback);
}
else
{
MatsTelemetryManager = new TelemetryManager(config, PlatformProxy, config.TelemetryCallback);
}
InstanceDiscoveryManager = new InstanceDiscoveryManager(
HttpManager,
MatsTelemetryManager,
shouldClearCaches,
config.CustomInstanceDiscoveryMetadata,
config.CustomInstanceDiscoveryMetadataUri);
WsTrustWebRequestManager = new WsTrustWebRequestManager(HttpManager);
ThrottlingManager = SingletonThrottlingManager.GetInstance();
AuthorityEndpointResolutionManager = new AuthorityEndpointResolutionManager(this, shouldClearCaches);
DeviceAuthManager = PlatformProxy.CreateDeviceAuthManager();
}
public void B2CLoginAuthorityCreateAuthority()
{
using (var httpManager = new MockHttpManager())
{
var appConfig = new ApplicationConfiguration()
{
HttpManager = httpManager,
AuthorityInfo = AuthorityInfo.FromAuthorityUri(TestConstants.B2CLoginAuthority, false)
};
var serviceBundle = ServiceBundle.Create(appConfig);
// add mock response for tenant endpoint discovery
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Get,
ExpectedUrl = "https://sometenantid.b2clogin.com/tfp/sometenantid/policy/v2.0/.well-known/openid-configuration",
ResponseMessage = MockHelpers.CreateSuccessResponseMessage(
File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("OpenidConfiguration-B2CLogin.json")))
});
Authority instance = Authority.CreateAuthority(
serviceBundle,
TestConstants.B2CLoginAuthority);
Assert.IsNotNull(instance);
Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.B2C);
var resolver = new AuthorityEndpointResolutionManager(serviceBundle);
var endpoints = resolver.ResolveEndpointsAsync(
instance.AuthorityInfo,
null,
new RequestContext(serviceBundle, Guid.NewGuid()))
.GetAwaiter().GetResult();
Assert.AreEqual(
"https://sometenantid.b2clogin.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/policy/oauth2/v2.0/authorize",
endpoints.AuthorizationEndpoint);
Assert.AreEqual(
"https://sometenantid.b2clogin.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/policy/oauth2/v2.0/token",
endpoints.TokenEndpoint);
Assert.AreEqual("https://sometenantid.b2clogin.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/v2.0/", endpoints.SelfSignedJwtAudience);
}
}
public void CreateEndpointsWithCommonTenantTest()
{
using (var harness = CreateTestHarness())
{
Authority instance = Authority.CreateAuthority("https://login.microsoftonline.com/common");
Assert.IsNotNull(instance);
Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Aad);
var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle);
var endpoints = resolver.ResolveEndpointsAsync(
instance.AuthorityInfo,
null,
new RequestContext(harness.ServiceBundle, Guid.NewGuid()))
.ConfigureAwait(false).GetAwaiter().GetResult();
Assert.AreEqual("https://login.microsoftonline.com/common/oauth2/v2.0/authorize", endpoints.AuthorizationEndpoint);
Assert.AreEqual("https://login.microsoftonline.com/common/oauth2/v2.0/token", endpoints.TokenEndpoint);
Assert.AreEqual("https://login.microsoftonline.com/common/oauth2/v2.0/token", endpoints.SelfSignedJwtAudience);
}
}
public void NotEnoughPathSegmentsTest()
{
try
{
var serviceBundle = TestCommon.CreateDefaultServiceBundle();
var instance = Authority.CreateAuthority(serviceBundle, "https://login.microsoftonline.in/tfp/");
Assert.IsNotNull(instance);
Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.B2C);
var resolver = new AuthorityEndpointResolutionManager(serviceBundle);
var endpoints = resolver.ResolveEndpointsAsync(
instance.AuthorityInfo,
null,
RequestContext.CreateForTest(serviceBundle)).ConfigureAwait(false).GetAwaiter().GetResult();
Assert.Fail("test should have failed");
}
catch (Exception exc)
{
Assert.IsInstanceOfType(exc, typeof(ArgumentException));
Assert.AreEqual(MsalErrorMessage.B2cAuthorityUriInvalidPath, exc.Message);
}
}
public void FailedValidationMissingFieldsInDrsResponseTest()
{
using (var harness = CreateTestHarness())
{
// add mock failure response for on-premise DRS request
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Get,
ExpectedUrl = "https://enterpriseregistration.fabrikam.com/enrollmentserver/contract",
ExpectedQueryParams = new Dictionary <string, string>
{
{ "api-version", "1.0" }
},
ResponseMessage =
MockHelpers.CreateSuccessResponseMessage(
ResourceHelper.GetTestResourceRelativePath(File.ReadAllText("drs-response-missing-field.json")))
});
Authority instance = Authority.CreateAuthority(TestConstants.OnPremiseAuthority);
Assert.IsNotNull(instance);
Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Adfs);
try
{
var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle);
var endpoints = resolver.ResolveEndpointsAsync(
instance.AuthorityInfo,
TestConstants.FabrikamDisplayableId,
new RequestContext(harness.ServiceBundle, Guid.NewGuid()))
.GetAwaiter().GetResult();
Assert.Fail("ResolveEndpointsAsync should have failed here");
}
catch (Exception exc)
{
Assert.IsNotNull(exc);
}
}
}
public void FailedValidationMissingFieldsTest()
{
using (var harness = CreateTestHarness())
{
// add mock response for instance validation
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Get,
ExpectedUrl = "https://login.windows.net/common/discovery/instance",
ExpectedQueryParams = new Dictionary <string, string>
{
{ "api-version", "1.0" },
{ "authorization_endpoint", "https://login.microsoft0nline.com/mytenant.com/oauth2/v2.0/authorize" },
},
ResponseMessage = MockHelpers.CreateSuccessResponseMessage("{}")
});
Authority instance = Authority.CreateAuthority(harness.ServiceBundle, "https://login.microsoft0nline.com/mytenant.com");
Assert.IsNotNull(instance);
Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Aad);
try
{
var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle);
var endpoints = resolver.ResolveEndpointsAsync(
instance.AuthorityInfo,
null,
new RequestContext(harness.ServiceBundle, Guid.NewGuid()))
.ConfigureAwait(false).GetAwaiter().GetResult();
Assert.Fail("validation should have failed here");
}
catch (Exception exc)
{
Assert.IsNotNull(exc);
}
}
}
[Ignore] // https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1038
public void B2CMicrosoftOnlineCreateAuthority()
{
using (var harness = CreateTestHarness())
{
// add mock response for tenant endpoint discovery
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Get,
ExpectedUrl = "https://login.microsoftonline.com/tfp/mytenant.com/my-policy/v2.0/.well-known/openid-configuration",
ResponseMessage = MockHelpers.CreateSuccessResponseMessage(
File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("OpenidConfiguration-B2C.json")))
});
Authority instance = Authority.CreateAuthority(
harness.ServiceBundle,
"https://login.microsoftonline.com/tfp/mytenant.com/my-policy/");
Assert.IsNotNull(instance);
Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.B2C);
var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle);
var endpoints = resolver.ResolveEndpointsAsync(
instance.AuthorityInfo,
null,
new RequestContext(harness.ServiceBundle, Guid.NewGuid()))
.GetAwaiter().GetResult();
Assert.AreEqual(
"https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/my-policy/oauth2/v2.0/authorize",
endpoints.AuthorizationEndpoint);
Assert.AreEqual(
"https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/my-policy/oauth2/v2.0/token",
endpoints.TokenEndpoint);
Assert.AreEqual("https://sts.windows.net/6babcaad-604b-40ac-a9d7-9fd97c0b779f/", endpoints.SelfSignedJwtAudience);
}
}
public void SuccessfulValidationUsingCloudDrsFallbackTest()
{
using (var harness = CreateTestHarness())
{
// add mock failure response for on-premise DRS request
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Get,
ExpectedUrl = "https://enterpriseregistration.fabrikam.com/enrollmentserver/contract",
ExpectedQueryParams = new Dictionary <string, string>
{
{ "api-version", "1.0" }
},
ResponseMessage = MockHelpers.CreateFailureMessage(HttpStatusCode.NotFound, "not found")
});
// add mock response for cloud DRS request
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Get,
ExpectedUrl = "https://enterpriseregistration.windows.net/fabrikam.com/enrollmentserver/contract",
ExpectedQueryParams = new Dictionary <string, string>
{
{ "api-version", "1.0" }
},
ResponseMessage = MockHelpers.CreateSuccessResponseMessage(
ResourceHelper.GetTestResourceRelativePath(File.ReadAllText("drs-response.json")))
});
// add mock response for on-premise webfinger request
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Get,
ExpectedUrl = "https://fs.fabrikam.com/adfs/.well-known/webfinger",
ExpectedQueryParams = new Dictionary <string, string>
{
{ "resource", "https://fs.contoso.com" },
{ "rel", "http://schemas.microsoft.com/rel/trusted-realm" }
},
ResponseMessage = MockHelpers.CreateSuccessWebFingerResponseMessage()
});
// add mock response for tenant endpoint discovery
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Get,
ExpectedUrl = "https://fs.contoso.com/adfs/.well-known/openid-configuration",
ResponseMessage =
MockHelpers.CreateSuccessResponseMessage(
ResourceHelper.GetTestResourceRelativePath(File.ReadAllText("OpenidConfiguration-OnPremise.json")))
});
Authority instance = Authority.CreateAuthority(TestConstants.OnPremiseAuthority);
Assert.IsNotNull(instance);
Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Adfs);
var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle);
var endpoints = resolver.ResolveEndpointsAsync(
instance.AuthorityInfo,
TestConstants.FabrikamDisplayableId,
new RequestContext(harness.ServiceBundle, Guid.NewGuid()))
.GetAwaiter().GetResult();
Assert.AreEqual("https://fs.contoso.com/adfs/oauth2/authorize/", endpoints.AuthorizationEndpoint);
Assert.AreEqual("https://fs.contoso.com/adfs/oauth2/token/", endpoints.TokenEndpoint);
Assert.AreEqual("https://fs.contoso.com/adfs", endpoints.SelfSignedJwtAudience);
}
}
