public void FailedValidationResourceNotInTrustedRealmTest() { using (var harness = new MockHttpAndServiceBundle()) { // add mock response for on-premise DRS request harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://enterpriseregistration.fabrikam.com/enrollmentserver/contract", ExpectedQueryParams = new Dictionary <string, string> { { "api-version", "1.0" } }, ResponseMessage = MockHelpers.CreateSuccessResponseMessage( ResourceHelper.GetTestResourceRelativePath(File.ReadAllText("drs-response.json"))) }); // add mock response for on-premise webfinger request harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://fs.fabrikam.com/adfs/.well-known/webfinger", ExpectedQueryParams = new Dictionary <string, string> { { "resource", "https://fs.contoso.com" }, { "rel", "http://schemas.microsoft.com/rel/trusted-realm" } }, ResponseMessage = MockHelpers.CreateSuccessWebFingerResponseMessage("https://fs.some-other-sts.com") }); Authority instance = Authority.CreateAuthority(harness.ServiceBundle, MsalTestConstants.OnPremiseAuthority); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Adfs); try { var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, MsalTestConstants.FabrikamDisplayableId, RequestContext.CreateForTest(harness.ServiceBundle)).ConfigureAwait(false).GetAwaiter().GetResult(); Assert.Fail("ResolveEndpointsAsync should have failed here"); } catch (Exception exc) { Assert.IsNotNull(exc); } } }
public void FailedValidationTest() { using (var harness = CreateTestHarness()) { // add mock response for instance validation harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://login.microsoftonline.com/common/discovery/instance", ExpectedQueryParams = new Dictionary <string, string> { { "api-version", "1.1" }, { "authorization_endpoint", "https%3A%2F%2Flogin.microsoft0nline.com%2Fmytenant.com%2Foauth2%2Fv2.0%2Fauthorize" }, }, ResponseMessage = MockHelpers.CreateFailureMessage( HttpStatusCode.BadRequest, "{\"error\":\"invalid_instance\"," + "\"error_description\":\"AADSTS50049: " + "Unknown or invalid instance. Trace " + "ID: b9d0894d-a9a4-4dba-b38e-8fb6a009bc00 " + "Correlation ID: 34f7b4cf-4fa2-4f35-a59b" + "-54b6f91a9c94 Timestamp: 2016-08-23 " + "20:45:49Z\",\"error_codes\":[50049]," + "\"timestamp\":\"2016-08-23 20:45:49Z\"," + "\"trace_id\":\"b9d0894d-a9a4-4dba-b38e-8f" + "b6a009bc00\",\"correlation_id\":\"34f7b4cf-" + "4fa2-4f35-a59b-54b6f91a9c94\"}") }); Authority instance = Authority.CreateAuthority("https://login.microsoft0nline.com/mytenant.com", true); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Aad); TestCommon.CreateServiceBundleWithCustomHttpManager(harness.HttpManager, authority: instance.AuthorityInfo.CanonicalAuthority, validateAuthority: true); try { var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, null, new RequestContext(harness.ServiceBundle, Guid.NewGuid())) .ConfigureAwait(false).GetAwaiter().GetResult(); Assert.Fail("validation should have failed here"); } catch (Exception exc) { Assert.IsTrue(exc is MsalServiceException); Assert.AreEqual(((MsalServiceException)exc).ErrorCode, "invalid_instance"); } } }
internal ServiceBundle( ApplicationConfiguration config, bool shouldClearCaches = false) { Config = config; DefaultLogger = new MsalLogger( Guid.Empty, config.ClientName, config.ClientVersion, config.LogLevel, config.EnablePiiLogging, config.IsDefaultPlatformLoggingEnabled, config.LoggingCallback); PlatformProxy = config.PlatformProxy ?? PlatformProxyFactory.CreatePlatformProxy(DefaultLogger); HttpManager = config.HttpManager ?? new HttpManager( config.HttpClientFactory ?? PlatformProxy.CreateDefaultHttpClientFactory()); HttpTelemetryManager = new HttpTelemetryManager(); if (config.TelemetryConfig != null) { // This can return null if the device isn't sampled in. There's no need for processing MATS events if we're not going to send them. Mats = TelemetryClient.CreateMats(config, PlatformProxy, config.TelemetryConfig); MatsTelemetryManager = Mats?.TelemetryManager ?? new TelemetryManager(config, PlatformProxy, config.TelemetryCallback); } else { MatsTelemetryManager = new TelemetryManager(config, PlatformProxy, config.TelemetryCallback); } InstanceDiscoveryManager = new InstanceDiscoveryManager( HttpManager, MatsTelemetryManager, shouldClearCaches, config.CustomInstanceDiscoveryMetadata, config.CustomInstanceDiscoveryMetadataUri); WsTrustWebRequestManager = new WsTrustWebRequestManager(HttpManager); ThrottlingManager = SingletonThrottlingManager.GetInstance(); AuthorityEndpointResolutionManager = new AuthorityEndpointResolutionManager(this, shouldClearCaches); DeviceAuthManager = PlatformProxy.CreateDeviceAuthManager(); }
public void B2CLoginAuthorityCreateAuthority() { using (var httpManager = new MockHttpManager()) { var appConfig = new ApplicationConfiguration() { HttpManager = httpManager, AuthorityInfo = AuthorityInfo.FromAuthorityUri(TestConstants.B2CLoginAuthority, false) }; var serviceBundle = ServiceBundle.Create(appConfig); // add mock response for tenant endpoint discovery httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://sometenantid.b2clogin.com/tfp/sometenantid/policy/v2.0/.well-known/openid-configuration", ResponseMessage = MockHelpers.CreateSuccessResponseMessage( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("OpenidConfiguration-B2CLogin.json"))) }); Authority instance = Authority.CreateAuthority( serviceBundle, TestConstants.B2CLoginAuthority); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.B2C); var resolver = new AuthorityEndpointResolutionManager(serviceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, null, new RequestContext(serviceBundle, Guid.NewGuid())) .GetAwaiter().GetResult(); Assert.AreEqual( "https://sometenantid.b2clogin.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/policy/oauth2/v2.0/authorize", endpoints.AuthorizationEndpoint); Assert.AreEqual( "https://sometenantid.b2clogin.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/policy/oauth2/v2.0/token", endpoints.TokenEndpoint); Assert.AreEqual("https://sometenantid.b2clogin.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/v2.0/", endpoints.SelfSignedJwtAudience); } }
public void CreateEndpointsWithCommonTenantTest() { using (var harness = CreateTestHarness()) { Authority instance = Authority.CreateAuthority("https://login.microsoftonline.com/common"); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Aad); var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, null, new RequestContext(harness.ServiceBundle, Guid.NewGuid())) .ConfigureAwait(false).GetAwaiter().GetResult(); Assert.AreEqual("https://login.microsoftonline.com/common/oauth2/v2.0/authorize", endpoints.AuthorizationEndpoint); Assert.AreEqual("https://login.microsoftonline.com/common/oauth2/v2.0/token", endpoints.TokenEndpoint); Assert.AreEqual("https://login.microsoftonline.com/common/oauth2/v2.0/token", endpoints.SelfSignedJwtAudience); } }
public void NotEnoughPathSegmentsTest() { try { var serviceBundle = TestCommon.CreateDefaultServiceBundle(); var instance = Authority.CreateAuthority(serviceBundle, "https://login.microsoftonline.in/tfp/"); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.B2C); var resolver = new AuthorityEndpointResolutionManager(serviceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, null, RequestContext.CreateForTest(serviceBundle)).ConfigureAwait(false).GetAwaiter().GetResult(); Assert.Fail("test should have failed"); } catch (Exception exc) { Assert.IsInstanceOfType(exc, typeof(ArgumentException)); Assert.AreEqual(MsalErrorMessage.B2cAuthorityUriInvalidPath, exc.Message); } }
public void FailedValidationMissingFieldsInDrsResponseTest() { using (var harness = CreateTestHarness()) { // add mock failure response for on-premise DRS request harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://enterpriseregistration.fabrikam.com/enrollmentserver/contract", ExpectedQueryParams = new Dictionary <string, string> { { "api-version", "1.0" } }, ResponseMessage = MockHelpers.CreateSuccessResponseMessage( ResourceHelper.GetTestResourceRelativePath(File.ReadAllText("drs-response-missing-field.json"))) }); Authority instance = Authority.CreateAuthority(TestConstants.OnPremiseAuthority); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Adfs); try { var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, TestConstants.FabrikamDisplayableId, new RequestContext(harness.ServiceBundle, Guid.NewGuid())) .GetAwaiter().GetResult(); Assert.Fail("ResolveEndpointsAsync should have failed here"); } catch (Exception exc) { Assert.IsNotNull(exc); } } }
public void FailedValidationMissingFieldsTest() { using (var harness = CreateTestHarness()) { // add mock response for instance validation harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://login.windows.net/common/discovery/instance", ExpectedQueryParams = new Dictionary <string, string> { { "api-version", "1.0" }, { "authorization_endpoint", "https://login.microsoft0nline.com/mytenant.com/oauth2/v2.0/authorize" }, }, ResponseMessage = MockHelpers.CreateSuccessResponseMessage("{}") }); Authority instance = Authority.CreateAuthority(harness.ServiceBundle, "https://login.microsoft0nline.com/mytenant.com"); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Aad); try { var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, null, new RequestContext(harness.ServiceBundle, Guid.NewGuid())) .ConfigureAwait(false).GetAwaiter().GetResult(); Assert.Fail("validation should have failed here"); } catch (Exception exc) { Assert.IsNotNull(exc); } } }
[Ignore] // https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1038 public void B2CMicrosoftOnlineCreateAuthority() { using (var harness = CreateTestHarness()) { // add mock response for tenant endpoint discovery harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://login.microsoftonline.com/tfp/mytenant.com/my-policy/v2.0/.well-known/openid-configuration", ResponseMessage = MockHelpers.CreateSuccessResponseMessage( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("OpenidConfiguration-B2C.json"))) }); Authority instance = Authority.CreateAuthority( harness.ServiceBundle, "https://login.microsoftonline.com/tfp/mytenant.com/my-policy/"); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.B2C); var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, null, new RequestContext(harness.ServiceBundle, Guid.NewGuid())) .GetAwaiter().GetResult(); Assert.AreEqual( "https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/my-policy/oauth2/v2.0/authorize", endpoints.AuthorizationEndpoint); Assert.AreEqual( "https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/my-policy/oauth2/v2.0/token", endpoints.TokenEndpoint); Assert.AreEqual("https://sts.windows.net/6babcaad-604b-40ac-a9d7-9fd97c0b779f/", endpoints.SelfSignedJwtAudience); } }
public void SuccessfulValidationUsingCloudDrsFallbackTest() { using (var harness = CreateTestHarness()) { // add mock failure response for on-premise DRS request harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://enterpriseregistration.fabrikam.com/enrollmentserver/contract", ExpectedQueryParams = new Dictionary <string, string> { { "api-version", "1.0" } }, ResponseMessage = MockHelpers.CreateFailureMessage(HttpStatusCode.NotFound, "not found") }); // add mock response for cloud DRS request harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://enterpriseregistration.windows.net/fabrikam.com/enrollmentserver/contract", ExpectedQueryParams = new Dictionary <string, string> { { "api-version", "1.0" } }, ResponseMessage = MockHelpers.CreateSuccessResponseMessage( ResourceHelper.GetTestResourceRelativePath(File.ReadAllText("drs-response.json"))) }); // add mock response for on-premise webfinger request harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://fs.fabrikam.com/adfs/.well-known/webfinger", ExpectedQueryParams = new Dictionary <string, string> { { "resource", "https://fs.contoso.com" }, { "rel", "http://schemas.microsoft.com/rel/trusted-realm" } }, ResponseMessage = MockHelpers.CreateSuccessWebFingerResponseMessage() }); // add mock response for tenant endpoint discovery harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://fs.contoso.com/adfs/.well-known/openid-configuration", ResponseMessage = MockHelpers.CreateSuccessResponseMessage( ResourceHelper.GetTestResourceRelativePath(File.ReadAllText("OpenidConfiguration-OnPremise.json"))) }); Authority instance = Authority.CreateAuthority(TestConstants.OnPremiseAuthority); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Adfs); var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, TestConstants.FabrikamDisplayableId, new RequestContext(harness.ServiceBundle, Guid.NewGuid())) .GetAwaiter().GetResult(); Assert.AreEqual("https://fs.contoso.com/adfs/oauth2/authorize/", endpoints.AuthorizationEndpoint); Assert.AreEqual("https://fs.contoso.com/adfs/oauth2/token/", endpoints.TokenEndpoint); Assert.AreEqual("https://fs.contoso.com/adfs", endpoints.SelfSignedJwtAudience); } }