public async Task UseEasyAuthProviderIfAuthIsDisabled() { // Arrange System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_ENABLED", "False"); var configBuilder = new ConfigurationBuilder(); configBuilder.AddEnvironmentVariables(); var config = configBuilder.Build(); var options = new EasyAuthAuthenticationOptions(); options.AddProviderOptions(new ProviderOptions("TestProvider") { Enabled = false }); var services = new ServiceCollection().AddOptions() .AddSingleton <IOptionsFactory <EasyAuthAuthenticationOptions>, OptionsFactory <EasyAuthAuthenticationOptions> >() .Configure <EasyAuthAuthenticationOptions>(EasyAuthAuthenticationDefaults.AuthenticationScheme, o => o.ProviderOptions = options.ProviderOptions) .BuildServiceProvider(); var monitor = services.GetRequiredService <IOptionsMonitor <EasyAuthAuthenticationOptions> >(); var handler = new EasyAuthAuthenticationHandler(monitor, new List <IEasyAuthAuthentificationService>(), this.loggerFactory, this.urlEncoder, this.clock, config); var schema = new AuthenticationScheme(EasyAuthAuthenticationDefaults.AuthenticationScheme, EasyAuthAuthenticationDefaults.DisplayName, typeof(EasyAuthAuthenticationHandler)); var context = new DefaultHttpContext(); // Act await handler.InitializeAsync(schema, context); var result = await handler.AuthenticateAsync(); // Assert Assert.False(result.Succeeded); // The EasyAuth me service is currently hard to test, so we only can check if it's fails Assert.NotNull(result.Failure); Assert.Equal("An invalid request URI was provided. The request URI must either be an absolute URI or BaseAddress must be set.", result.Failure.Message); }
public void ErrorIfTheAuthIsEnabledButAnonymousRequestsAreAllowed() { // Arrange System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_ENABLED", "True"); System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_UNAUTHENTICATED_ACTION", "AllowAnonymous"); var configBuilder = new ConfigurationBuilder(); configBuilder.AddEnvironmentVariables(); var config = configBuilder.Build(); var options = new EasyAuthAuthenticationOptions(); options.AddProviderOptions(new ProviderOptions("TestProvider") { Enabled = false }); var services = new ServiceCollection().AddOptions() .AddSingleton <IOptionsFactory <EasyAuthAuthenticationOptions>, OptionsFactory <EasyAuthAuthenticationOptions> >() .Configure <EasyAuthAuthenticationOptions>(EasyAuthAuthenticationDefaults.AuthenticationScheme, o => o.ProviderOptions = options.ProviderOptions) .BuildServiceProvider(); var monitor = services.GetRequiredService <IOptionsMonitor <EasyAuthAuthenticationOptions> >(); Assert.Throws <ArgumentException>(() => new EasyAuthAuthenticationHandler(monitor, new List <IEasyAuthAuthentificationService>(), this.loggerFactory, this.urlEncoder, this.clock, config)); }
public async Task DontCallAProviderIfNotProviderIsRegistered() { // Arrange System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_ENABLED", "True"); System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_UNAUTHENTICATED_ACTION", "RedirectToLoginPage"); var configBuilder = new ConfigurationBuilder(); configBuilder.AddEnvironmentVariables(); var config = configBuilder.Build(); var options = new EasyAuthAuthenticationOptions(); options.AddProviderOptions(new ProviderOptions("TestProvider") { Enabled = false }); var services = new ServiceCollection().AddOptions() .AddSingleton <IOptionsFactory <EasyAuthAuthenticationOptions>, OptionsFactory <EasyAuthAuthenticationOptions> >() .Configure <EasyAuthAuthenticationOptions>(EasyAuthAuthenticationDefaults.AuthenticationScheme, o => o.ProviderOptions = options.ProviderOptions) .BuildServiceProvider(); var monitor = services.GetRequiredService <IOptionsMonitor <EasyAuthAuthenticationOptions> >(); var handler = new EasyAuthAuthenticationHandler(monitor, new List <IEasyAuthAuthentificationService>(), this.loggerFactory, this.urlEncoder, this.clock, config); var schema = new AuthenticationScheme(EasyAuthAuthenticationDefaults.AuthenticationScheme, EasyAuthAuthenticationDefaults.DisplayName, typeof(EasyAuthAuthenticationHandler)); var context = new DefaultHttpContext(); // Act await handler.InitializeAsync(schema, context); var result = await handler.AuthenticateAsync(); // Assert Assert.False(result.Succeeded); }
private EasyAuthWithHeaderService( ILogger logger, IHeaderDictionary headers, EasyAuthAuthenticationOptions options) { this.Logger = logger; this.Headers = headers; this.Options = options; }
private EasyAuthWithAuthMeService( ILogger logger, string httpSchema, string host, IRequestCookieCollection cookies, IHeaderDictionary headers, EasyAuthAuthenticationOptions options) { this.HttpSchema = httpSchema; this.Host = host; this.Cookies = cookies; this.Headers = headers; this.Options = options; this.Logger = logger; }
public async Task IfTheUserIsAlreadyAuthorizedTheAuthResultIsSuccess() { // Arrange System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_ENABLED", "True"); System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_UNAUTHENTICATED_ACTION", "RedirectToLoginPage"); var configBuilder = new ConfigurationBuilder(); configBuilder.AddEnvironmentVariables(); var config = configBuilder.Build(); var options = new EasyAuthAuthenticationOptions(); options.AddProviderOptions(new ProviderOptions("TestProvider") { Enabled = false }); var services = new ServiceCollection().AddOptions() .AddSingleton <IOptionsFactory <EasyAuthAuthenticationOptions>, OptionsFactory <EasyAuthAuthenticationOptions> >() .Configure <EasyAuthAuthenticationOptions>(EasyAuthAuthenticationDefaults.AuthenticationScheme, o => o.ProviderOptions = options.ProviderOptions) .BuildServiceProvider(); var monitor = services.GetRequiredService <IOptionsMonitor <EasyAuthAuthenticationOptions> >(); var handler = new EasyAuthAuthenticationHandler(monitor, this.providers, this.loggerFactory, this.urlEncoder, this.clock, config); var schema = new AuthenticationScheme(EasyAuthAuthenticationDefaults.AuthenticationScheme, EasyAuthAuthenticationDefaults.DisplayName, typeof(EasyAuthAuthenticationHandler)); var context = new DefaultHttpContext(); // If this header is set the fallback with the local authme.json isn't used. context.Request.Headers.Add("X-MS-TOKEN-AAD-ID-TOKEN", "test"); var authResult = new TestProvider().AuthUser(context); context.User = authResult.Principal; // Act await handler.InitializeAsync(schema, context); var result = await handler.AuthenticateAsync(); // Assert Assert.False(result.Succeeded); Assert.True(context.User.Identity.IsAuthenticated); }
public async Task IfAnProviderIsEnabledUseEnabledProvider() { // Arrange System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_ENABLED", "True"); System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_UNAUTHENTICATED_ACTION", "RedirectToLoginPage"); var configBuilder = new ConfigurationBuilder(); configBuilder.AddEnvironmentVariables(); var config = configBuilder.Build(); var options = new EasyAuthAuthenticationOptions(); options.AddProviderOptions(new ProviderOptions("TestProvider") { Enabled = true }); var services = new ServiceCollection().AddOptions() .AddSingleton <IOptionsFactory <EasyAuthAuthenticationOptions>, OptionsFactory <EasyAuthAuthenticationOptions> >() .Configure <EasyAuthAuthenticationOptions>(EasyAuthAuthenticationDefaults.AuthenticationScheme, o => o.ProviderOptions = options.ProviderOptions) .BuildServiceProvider(); var monitor = services.GetRequiredService <IOptionsMonitor <EasyAuthAuthenticationOptions> >(); var handler = new EasyAuthAuthenticationHandler(monitor, this.providers, this.loggerFactory, this.urlEncoder, this.clock, config); var schema = new AuthenticationScheme(EasyAuthAuthenticationDefaults.AuthenticationScheme, EasyAuthAuthenticationDefaults.DisplayName, typeof(EasyAuthAuthenticationHandler)); var httpContext = new DefaultHttpContext(); await handler.InitializeAsync(schema, httpContext); // Act var result = await handler.AuthenticateAsync(); // Assert Assert.Equal("testName", result.Principal.Identity.Name); Assert.True(result.Succeeded); Assert.Equal("testType", result.Principal.Identity.AuthenticationType); Assert.True(result.Principal.Identity.IsAuthenticated); }
/// <summary> /// build up identity from X-MS-TOKEN-AAD-ID-TOKEN header set by EasyAuth filters if user openId connect session cookie or oauth bearer token authenticated ... /// </summary> /// <param name="logger">An instance of <see cref="ILogger"/>.</param> /// <param name="context">Http context of the request.</param> /// <param name="options">The <c>EasyAuthAuthenticationOptions</c> to use.</param> /// <returns>An <see cref="AuthenticateResult" />.</returns> public static AuthenticateResult AuthUser(ILogger logger, HttpContext context, EasyAuthAuthenticationOptions options) { var service = new EasyAuthWithHeaderService(logger, context.Request.Headers, options); var ticket = service.BuildIdentityFromEasyAuthRequestHeaders(); logger.LogInformation("Set identity to user context object."); context.User = ticket.Principal; logger.LogInformation("identity build was a success, returning ticket"); return(AuthenticateResult.Success(ticket)); }
/// <summary> /// Use this method to authenticate a user with easy auth. /// This will set the `context.User` of your HttpContext. /// </summary> /// <param name="logger">An instance of <see cref="ILogger"/>.</param> /// <param name="context">The http context with the missing user claim.</param> /// <param name="options">The <c>EasyAuthAuthenticationOptions</c> to use.</param> /// <returns>An <see cref="AuthenticateResult" />.</returns> public static async Task <AuthenticateResult> AuthUser(ILogger logger, HttpContext context, EasyAuthAuthenticationOptions options) { try { var authService = new EasyAuthWithAuthMeService( logger, context.Request.Scheme, context.Request.Host.ToString(), context.Request.Cookies, context.Request.Headers, options); var ticket = await authService.CreateUserTicket(); logger.LogInformation("Set identity to user context object."); context.User = ticket.Principal; logger.LogInformation("identity build was a success, returning ticket"); return(AuthenticateResult.Success(ticket)); } catch (Exception ex) { return(AuthenticateResult.Fail(ex.Message)); } }