public HttpRequestMessage CreateRequestToService(HttpMethod method,
string relativeUrl, object body = null)
{
var url = new Uri(ServiceUrl, relativeUrl);
var apiRequest = new HttpRequestMessage(method, url);
if (body != null)
{
var jsonString = JsonConvert.SerializeObject(body);
apiRequest.Content = new StringContent(jsonString, Encoding.UTF8,
"application/json");
}
// get the value of the app's auth cookie from the browser's request.
// (if present) and copy it to the api request.
var cookieName = Configuration["ServiceCookieName"];
var cookieValue = Request.Cookies[cookieName];
if (cookieValue != null)
{
var headerValue = new CookieHeaderValue(cookieName, cookieValue);
apiRequest.Headers.Add("Cookie", headerValue.ToString());
}
return(apiRequest);
}
protected async override Task <HttpResponseMessage> SendAsync(
HttpRequestMessage request, CancellationToken cancellationToken)
{
// =====================================================================
// === get cookies ====
// =====================================================================
string sessionId;
// Try to get the session ID from the request; otherwise create a new ID.
//var cookie = request.Headers.GetCookies(SessionIdToken).FirstOrDefault();
CookieHeaderValue cookie = request.Headers.GetCookies().FirstOrDefault();
if (cookie == null)
{
sessionId = "aaaa";
}
else
{
sessionId = cookie[SessionIdToken].Value;
// Store the session ID in the request property bag.
request.Properties[SessionIdToken] = sessionId;
request.Properties[test] = cookie.ToString();
}
// =====================================================================
// === ====
// =====================================================================
// Continue processing the HTTP request.
HttpResponseMessage response = await base.SendAsync(request, cancellationToken);
return(response);
}
public async Task BadCallbackCallsRemoteAuthFailedWithState()
{
using var host = await CreateHost(o =>
{
o.ConsumerKey = "Test Consumer Key";
o.ConsumerSecret = "Test Consumer Secret";
o.BackchannelHttpHandler = new TestHttpMessageHandler
{
Sender = BackchannelRequestToken
};
o.Events = new TwitterEvents()
{
OnRemoteFailure = context =>
{
Assert.NotNull(context.Failure);
Assert.Equal("Access was denied by the resource owner or by the remote server.", context.Failure.Message);
Assert.NotNull(context.Properties);
Assert.Equal("testvalue", context.Properties.Items["testkey"]);
context.Response.StatusCode = StatusCodes.Status406NotAcceptable;
context.HandleResponse();
return(Task.CompletedTask);
}
};
},
async context =>
{
var properties = new AuthenticationProperties();
properties.Items["testkey"] = "testvalue";
await context.ChallengeAsync("Twitter", properties);
return(true);
});
using var server = host.GetTestServer();
var transaction = await server.SendAsync("http://example.com/challenge");
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
var location = transaction.Response.Headers.Location.AbsoluteUri;
Assert.Contains("https://api.twitter.com/oauth/authenticate?oauth_token=", location);
Assert.True(transaction.Response.Headers.TryGetValues(HeaderNames.SetCookie, out var setCookie));
Assert.True(SetCookieHeaderValue.TryParseList(setCookie.ToList(), out var setCookieValues));
Assert.Single(setCookieValues);
var setCookieValue = setCookieValues.Single();
var cookie = new CookieHeaderValue(setCookieValue.Name, setCookieValue.Value);
var request = new HttpRequestMessage(HttpMethod.Get, "/signin-twitter?denied=ABCDEFG");
request.Headers.Add(HeaderNames.Cookie, cookie.ToString());
var client = server.CreateClient();
var response = await client.SendAsync(request);
Assert.Equal(HttpStatusCode.NotAcceptable, response.StatusCode);
}
public static HttpResponseMessage AddVersion(this HttpResponseMessage message, string id)
{
if (string.Equals(id, "vidyano.html"))
{
var cookie = new CookieHeaderValue("__vi", version)
{
HttpOnly = true,
Path = "/",
Expires = DateTimeOffset.Now.AddYears(1)
};
message.Headers.TryAddWithoutValidation("Set-Cookie", cookie.ToString());
}
return(message);
}
public void GetCookies_GetsCookies(string expectedCookie)
{
// Arrange
HttpRequestHeaders headers = CreateHttpRequestHeaders();
headers.TryAddWithoutValidation("Cookie", expectedCookie);
// Act
IEnumerable <CookieHeaderValue> cookies = headers.GetCookies();
// Assert
CookieHeaderValue cookie = Assert.Single(cookies);
string actualCookie = cookie.ToString();
Assert.Equal(expectedCookie, actualCookie);
}
public async Task HandleRequestAsync_RedirectsToAccessDeniedPathWhenExplicitlySet()
{
using var host = await CreateHost(o =>
{
o.ConsumerKey = "Test Consumer Key";
o.ConsumerSecret = "Test Consumer Secret";
o.BackchannelHttpHandler = new TestHttpMessageHandler
{
Sender = BackchannelRequestToken
};
o.AccessDeniedPath = "/access-denied";
o.Events.OnRemoteFailure = context => throw new InvalidOperationException("This event should not be called.");
},
async context =>
{
var properties = new AuthenticationProperties();
properties.Items["testkey"] = "testvalue";
await context.ChallengeAsync("Twitter", properties);
return(true);
});
using var server = host.GetTestServer();
var transaction = await server.SendAsync("http://example.com/challenge");
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
var location = transaction.Response.Headers.Location.AbsoluteUri;
Assert.Contains("https://api.twitter.com/oauth/authenticate?oauth_token=", location);
Assert.True(transaction.Response.Headers.TryGetValues(HeaderNames.SetCookie, out var setCookie));
Assert.True(SetCookieHeaderValue.TryParseList(setCookie.ToList(), out var setCookieValues));
Assert.Single(setCookieValues);
var setCookieValue = setCookieValues.Single();
var cookie = new CookieHeaderValue(setCookieValue.Name, setCookieValue.Value);
var request = new HttpRequestMessage(HttpMethod.Get, "/signin-twitter?denied=ABCDEFG");
request.Headers.Add(HeaderNames.Cookie, cookie.ToString());
var client = server.CreateClient();
var response = await client.SendAsync(request);
Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
Assert.Equal("http://localhost/access-denied?ReturnUrl=%2Fchallenge", response.Headers.Location.ToString());
}
/// <summary>
/// Sets cookie <paramref name="cookie"/> to the request.
/// </summary>
/// <param name="request">HTTP request to which the cookie is set.</param>
/// <param name="cookie">The cookie to be set.</param>
/// <returns>Returns back original HTTP request for fluent API.</returns>
/// <remarks><para>This method is available only in .NET Core version of the library.</para></remarks>
public static HttpRequestMessage SetCookie(this HttpRequestMessage request, CookieHeaderValue cookie)
{
request.Headers.Add(HeaderNames.Cookie, cookie.ToString());
return(request);
}
public void CookieHeaderValue_ToString(CookieHeaderValue input, string expectedValue)
{
Assert.Equal(expectedValue, input.ToString());
}