public async Task JsonWebTokenWithX509PublicCertClaimTest()
{
var certificate = new X509Certificate2("valid_cert.pfx", TestConstants.DefaultPassword);
var clientAssertion = new ClientAssertionCertificate(TestConstants.DefaultClientId, certificate);
var context = new AuthenticationContext(TestConstants.TenantSpecificAuthority, new TokenCache());
var validCertClaim = "\"x5c\":\"" + Convert.ToBase64String(certificate.GetRawCertData());
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.TenantSpecificAuthority))
{
Method = HttpMethod.Post,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent("{\"token_type\":\"Bearer\",\"expires_in\":\"3599\",\"access_token\":\"some-access-token\"}")
},
AdditionalRequestValidation = request =>
{
var requestContent = request.Content.ReadAsStringAsync().GetAwaiter().GetResult();
var formsData = EncodingHelper.ParseKeyValueList(requestContent, '&', true, null);
// Check presence of client_assertion in request
string encodedJwt;
Assert.IsTrue(formsData.TryGetValue("client_assertion", out encodedJwt), "Missing client_assertion from request");
// Check presence of x5c cert claim. It should not exist.
var jwtHeader = EncodingHelper.UrlDecode(encodedJwt.Split('.')[0]);
Assert.IsTrue(!jwtHeader.Contains("\"x5c\":"));
}
});
AuthenticationResult result = await context.AcquireTokenAsync(TestConstants.DefaultResource, clientAssertion);
Assert.IsNotNull(result.AccessToken);
}
public void ResponseSizeOverLimitTest()
{
var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
var stringChars = new char[1048577];
var random = new Random();
for (int i = 0; i < stringChars.Length; i++)
{
stringChars[i] = chars[random.Next(chars.Length)];
}
var finalString = new string(stringChars);
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.DefaultAuthorityCommonTenant)
{
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(finalString)
}
});
var exc = AssertException.TaskThrows <HttpRequestException>(() =>
new HttpClientWrapper(TestConstants.DefaultAuthorityCommonTenant, null).GetResponseAsync());
Assert.AreEqual(exc.Message, "Cannot write more bytes to the buffer than the configured maximum buffer size: 1048576.");
}
//292916 Ensure AcquireTokenSilent tests exist in ADAL.NET for public clients
public async Task ExpiredATValidRTInCache_GetNewATRTFromService()
{
var context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, new TokenCache());
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityCommonTenant))
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(),
PostData = new Dictionary <string, string>()
{
{ "client_id", TestConstants.DefaultClientId },
{ "grant_type", "refresh_token" },
{ "refresh_token", "some_rt" }
}
});
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityCommonTenant,
TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId);
context.TokenCache.tokenCacheDictionary[key] = new AuthenticationResultEx
{
RefreshToken = "some_rt",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "existing-access-token",
DateTimeOffset.UtcNow)
};
AuthenticationResult result = await context.AcquireTokenSilentAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
new UserIdentifier(TestConstants.DefaultDisplayableId, UserIdentifierType.RequiredDisplayableId)).ConfigureAwait(false);
Assert.IsNotNull(result);
}
public GitHubClient GetClient(Action <HttpProgressEventArgs> action = null)
{
var progress = new ProgressMessageHandler();
if (action != null)
{
progress.HttpSendProgress += (object sender, HttpProgressEventArgs e) => action(e);
}
progress.InnerHandler = HttpMessageHandlerFactory.CreateDefault();
var connection = new Connection
(
productInformation: new ProductHeaderValue(repositoryName),
baseAddress: new Uri(Url),
credentialStore: new InMemoryCredentialStore(new Credentials(userName, password)),
httpClient: new HttpClientAdapter(() => progress),
serializer: new SimpleJsonSerializer()
);
var client = new GitHubClient(connection);
client.Connection.SetRequestTimeout(Timeout);
return(client);
}
public void FailedValidationMissingFieldsInDrsResponseTest()
{
//add mock failure response for on-premise DRS request
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
Url = "https://enterpriseregistration.fabrikam.com/enrollmentserver/contract",
QueryParams = new Dictionary <string, string>
{
{ "api-version", "1.0" }
},
ResponseMessage = MockHelpers.CreateSuccessResponseMessage(File.ReadAllText("drs-response-missing-field.json"))
});
Authority instance = Authority.CreateAuthority(TestConstants.OnPremiseAuthority, true);
Assert.IsNotNull(instance);
Assert.AreEqual(instance.AuthorityType, AuthorityType.Adfs);
try
{
Task.Run(async() =>
{
await instance.ResolveEndpointsAsync(TestConstants.FabrikamDisplayableId, new RequestContext(Guid.NewGuid(), null)).ConfigureAwait(false);
}).GetAwaiter().GetResult();
Assert.Fail("ResolveEndpointsAsync should have failed here");
}
catch (Exception exc)
{
Assert.IsNotNull(exc);
}
Assert.AreEqual(0, HttpMessageHandlerFactory.MockCount);
}
public async Task AcquireTokenWithInvalidResourceTestAsync()
{
var context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, new TokenCache());
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId);
context.TokenCache.tokenCacheDictionary[key] = new AuthenticationResultEx
{
RefreshToken = "some-rt",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "some-access-token", DateTimeOffset.UtcNow)
};
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidRequestTokenResponseMessage()
});
try
{
await context.AcquireTokenSilentAsync("random-resource", TestConstants.DefaultClientId);
}
catch (AdalServiceException exc)
{
Assert.AreEqual(AdalError.FailedToRefreshToken, exc.ErrorCode);
}
}
public async Task WsTrustRequestGenericCloudUrnTest()
{
WsTrustAddress address = new WsTrustAddress()
{
Uri = new Uri("https://some/address/usernamemixed"),
Version = WsTrustVersion.WsTrust13
};
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(File.ReadAllText("WsTrustResponse.xml"))
}
});
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(File.ReadAllText("WsTrustResponse.xml"))
}
});
WsTrustResponse wstResponse = await WsTrustRequest.SendRequestAsync(address, new UserPasswordCredential(TestConstants.DefaultDisplayableId, TestConstants.DefaultPassword), null, TestConstants.CloudAudienceUrn);
Assert.IsNotNull(wstResponse.Token);
wstResponse = await WsTrustRequest.SendRequestAsync(address, new UserCredential(TestConstants.DefaultDisplayableId), null, TestConstants.CloudAudienceUrn);
Assert.IsNotNull(wstResponse.Token);
}
public void AcquireTokenSilentServiceErrorTestAsync()
{
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityCommonTenant,
TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User, "unique_id",
"*****@*****.**");
cache.tokenCacheDictionary[key] = new AuthenticationResultEx
{
RefreshToken = "something-invalid",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "some-access-token", DateTimeOffset.UtcNow)
};
AuthenticationContext context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, cache);
var ex = AssertException.TaskThrows <AdalSilentTokenAcquisitionException>(async() =>
{
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityCommonTenant))
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage()
});
await context.AcquireTokenSilentAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, new UserIdentifier("unique_id", UserIdentifierType.UniqueId));
});
Assert.AreEqual(AdalError.FailedToAcquireTokenSilently, ex.ErrorCode);
Assert.AreEqual(AdalErrorMessage.FailedToRefreshToken, ex.Message);
Assert.IsNotNull(ex.InnerException);
Assert.IsTrue(ex.InnerException is AdalException);
Assert.AreEqual(((AdalException)ex.InnerException).ErrorCode, "invalid_grant");
// There should be one cached entry.
Assert.AreEqual(1, context.TokenCache.Count);
}
public void TestInitialize()
{
cache = new TokenCache();
Authority.ValidatedAuthorities.Clear();
HttpClientFactory.ReturnHttpClientForMocks = true;
HttpMessageHandlerFactory.ClearMockHandlers();
}
public void Initialize()
{
HttpMessageHandlerFactory.InitializeMockProvider();
InstanceDiscovery.InstanceCache.Clear();
HttpMessageHandlerFactory.AddMockHandler(MockHelpers.CreateInstanceDiscoveryMockHandler(TestConstants.GetDiscoveryEndpoint(TestConstants.DefaultAuthorityCommonTenant)));
platformParameters = new PlatformParameters(PromptBehavior.Auto);
}
public async Task TestInstanceDiscovery_WhenMetadataIsReturned_ShouldUsePreferredNetworkForUserRealmDiscoveryAsync()
{
string host = "login.windows.net";
string preferredNetwork = "login.microsoftonline.com";
var authenticator = new Authenticator($"https://{host}/contoso.com/", false);
AddMockInstanceDiscovery(host);
await authenticator.UpdateFromTemplateAsync(new CallState(Guid.NewGuid())).ConfigureAwait(false);
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Get,
Url = $"https://{preferredNetwork}/common/userrealm/[email protected]", // This validates the token request is sending to expected host
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent("{\"account_type\":\"managed\"}")
}
});
var requestData = new RequestData
{
Authenticator = authenticator,
Resource = "resource1",
ClientKey = new ClientKey(new ClientCredential("client1", "something")),
SubjectType = TokenSubjectType.Client,
ExtendedLifeTimeEnabled = false
};
var privateObject = new PrivateObject(new AcquireTokenNonInteractiveHandler(
requestData, new UserPasswordCredential("*****@*****.**", "fakepassword")));
await((Task)privateObject.Invoke("PreTokenRequestAsync")).ConfigureAwait(false);
Assert.AreEqual(0, HttpMessageHandlerFactory.MockHandlersCount()); // This validates that all the mock handlers have been consumed
}
public void ForcePromptForNeverPromptBehaviorTestAsync()
{
var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, new TokenCache());
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId);
context.TokenCache.tokenCacheDictionary[key] = new AuthenticationResultEx
{
RefreshToken = "some-rt",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "existing-access-token", DateTimeOffset.UtcNow)
};
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityHomeTenant))
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidRequestTokenResponseMessage()
});
var exc = AssertException.TaskThrows <AdalServiceException>(() =>
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, new PlatformParameters(PromptBehavior.Never)));
Assert.AreEqual(AdalError.FailedToRefreshToken, exc.ErrorCode);
// There should be only one cache entry.
Assert.AreEqual(1, context.TokenCache.Count);
}
public void FailedTenantDiscoveryMissingEndpointsTest()
{
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
Url = "https://fs.contoso.com/adfs/.well-known/openid-configuration",
ResponseMessage = MockHelpers.CreateSuccessResponseMessage(File.ReadAllText("OpenidConfiguration-MissingFields-OnPremise.json"))
});
Authority instance = Authority.CreateAuthority(TestConstants.OnPremiseAuthority, false);
Assert.IsNotNull(instance);
Assert.AreEqual(instance.AuthorityType, AuthorityType.Adfs);
try
{
Task.Run(async() =>
{
await instance.ResolveEndpointsAsync(TestConstants.FabrikamDisplayableId, new RequestContext(Guid.NewGuid(), null)).ConfigureAwait(false);
}).GetAwaiter().GetResult();
Assert.Fail("validation should have failed here");
}
catch (MsalClientException exc)
{
Assert.AreEqual(MsalClientException.TenantDiscoveryFailedError, exc.ErrorCode);
}
Assert.AreEqual(0, HttpMessageHandlerFactory.MockCount);
}
public bool Create_DecompressionAlwaysOn(HttpRequestInfo value)
{
var handler = new HttpMessageHandlerFactory().Create(value) as HttpClientHandler;
return(((handler.AutomaticDecompression & DecompressionMethods.Deflate) == DecompressionMethods.Deflate) |
((handler.AutomaticDecompression & DecompressionMethods.GZip) == DecompressionMethods.GZip));
}
public async Task AutoPromptBehaviorTestAsync()
{
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultRedirectUri + "?code=some-code"));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityHomeTenant))
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(),
PostData = new Dictionary <string, string>()
{
{ "grant_type", "authorization_code" }
}
});
var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, true, new TokenCache());
AuthenticationResult result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, new PlatformParameters(PromptBehavior.Auto));
Assert.IsNotNull(result);
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, context.Authenticator.Authority);
Assert.AreEqual("some-access-token", result.AccessToken);
Assert.IsNotNull(result.UserInfo);
Assert.AreEqual(TestConstants.DefaultDisplayableId, result.UserInfo.DisplayableId);
Assert.AreEqual(TestConstants.DefaultUniqueId, result.UserInfo.UniqueId);
// There should be one cached entry.
Assert.AreEqual(1, context.TokenCache.Count);
}
public async Task JsonWebTokenWithX509PublicCertSendX5CTestAsync()
{
var certificate = new X509Certificate2("valid_cert.pfx", TestConstants.DefaultPassword);
var clientAssertion = new ClientAssertionCertificate(TestConstants.DefaultClientId, certificate);
var context = new AuthenticationContext(TestConstants.TenantSpecificAuthority, new TokenCache());
var validCertClaim = "\"x5c\":\"" + Convert.ToBase64String(certificate.GetRawCertData());
//Check for x5c claim
HttpMessageHandlerFactory.AddMockHandler(X5CMockHandler);
AuthenticationResult result = await context.AcquireTokenAsync(TestConstants.DefaultResource, clientAssertion, true).ConfigureAwait(false);
Assert.IsNotNull(result.AccessToken);
HttpMessageHandlerFactory.AddMockHandler(X5CMockHandler);
result = await context.AcquireTokenByAuthorizationCodeAsync(TestConstants.DefaultAuthorizationCode, TestConstants.DefaultRedirectUri, clientAssertion, TestConstants.DefaultResource, true).ConfigureAwait(false);
Assert.IsNotNull(result.AccessToken);
//Check for empty x5c claim
HttpMessageHandlerFactory.AddMockHandler(EmptyX5CMockHandler);
context.TokenCache.Clear();
result = await context.AcquireTokenAsync(TestConstants.DefaultResource, clientAssertion, false).ConfigureAwait(false);
Assert.IsNotNull(result.AccessToken);
HttpMessageHandlerFactory.AddMockHandler(EmptyX5CMockHandler);
result = await context.AcquireTokenByAuthorizationCodeAsync(TestConstants.DefaultAuthorizationCode, TestConstants.DefaultRedirectUri, clientAssertion, TestConstants.DefaultResource, false).ConfigureAwait(false);
Assert.IsNotNull(result.AccessToken);
}
public void ValidationOffSuccessTest()
{
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
Url = "https://login.microsoftonline.in/mytenant.com/v2.0/.well-known/openid-configuration",
ResponseMessage = MockHelpers.CreateSuccessResponseMessage(File.ReadAllText("OpenidConfiguration.json"))
});
Authority instance = Authority.CreateAuthority("https://login.microsoftonline.in/mytenant.com", false);
Assert.IsNotNull(instance);
Assert.AreEqual(instance.AuthorityType, AuthorityType.Aad);
Task.Run(async() =>
{
await instance.ResolveEndpointsAsync(null, new RequestContext(Guid.NewGuid(), null)).ConfigureAwait(false);
})
.GetAwaiter()
.GetResult();
Assert.AreEqual("https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/oauth2/v2.0/authorize",
instance.AuthorizationEndpoint);
Assert.AreEqual("https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/oauth2/v2.0/token",
instance.TokenEndpoint);
Assert.AreEqual("https://sts.windows.net/6babcaad-604b-40ac-a9d7-9fd97c0b779f/",
instance.SelfSignedJwtAudience);
Assert.AreEqual(0, HttpMessageHandlerFactory.MockCount);
}
public void ValidationOffSuccessTest()
{
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
Url = "https://fs.contoso.com/adfs/.well-known/openid-configuration",
ResponseMessage = MockHelpers.CreateSuccessResponseMessage(File.ReadAllText("OpenidConfiguration-OnPremise.json"))
});
Authority instance = Authority.CreateAuthority(TestConstants.OnPremiseAuthority, false);
Assert.IsNotNull(instance);
Assert.AreEqual(instance.AuthorityType, AuthorityType.Adfs);
Task.Run(async() =>
{
await instance.ResolveEndpointsAsync(TestConstants.FabrikamDisplayableId, new RequestContext(Guid.NewGuid(), null)).ConfigureAwait(false);
}).GetAwaiter().GetResult();
Assert.AreEqual("https://fs.contoso.com/adfs/oauth2/authorize/",
instance.AuthorizationEndpoint);
Assert.AreEqual("https://fs.contoso.com/adfs/oauth2/token/",
instance.TokenEndpoint);
Assert.AreEqual("https://fs.contoso.com/adfs",
instance.SelfSignedJwtAudience);
Assert.AreEqual(0, HttpMessageHandlerFactory.MockCount);
}
public async Task CloudAudienceUrnNullTest()
{
AuthenticationContext context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant);
await context.Authenticator.UpdateFromTemplateAsync(null);
UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(context.Authenticator.UserRealmUri, TestConstants.DefaultDisplayableId, null);
WsTrustAddress address = new WsTrustAddress()
{
Uri = new Uri("https://some/address/usernamemixed"),
Version = WsTrustVersion.WsTrust13
};
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(File.ReadAllText("WsTrustResponse.xml"))
}
});
WsTrustResponse wsTrustResponse = await WsTrustRequest.SendRequestAsync(address, new UserCredential(TestConstants.DefaultDisplayableId), null, null);
VerifyCloudInstanceUrnResponse(userRealmResponse.CloudAudienceUrn, "urn:federation:MicrosoftOnline");
}
public override void ApplyConfiguration(BindingElement bindingElement)
{
base.ApplyConfiguration(bindingElement);
HttpTransportBindingElement binding = (HttpTransportBindingElement)bindingElement;
binding.AllowCookies = this.AllowCookies;
binding.AuthenticationScheme = this.AuthenticationScheme;
binding.BypassProxyOnLocal = this.BypassProxyOnLocal;
#if DESKTOP
binding.DecompressionEnabled = this.DecompressionEnabled;
binding.KeepAliveEnabled = this.KeepAliveEnabled;
binding.HostNameComparisonMode = this.HostNameComparisonMode;
binding.MaxPendingAccepts = this.MaxPendingAccepts;
binding.Realm = this.Realm;
binding.RequestInitializationTimeout = this.RequestInitializationTimeout;
binding.UnsafeConnectionNtlmAuthentication = this.UnsafeConnectionNtlmAuthentication;
binding.ExtendedProtectionPolicy = ChannelBindingUtility.BuildPolicy(this.ExtendedProtectionPolicy);
if (this.MessageHandlerFactory != null)
{
binding.MessageHandlerFactory = HttpMessageHandlerFactory.CreateFromConfigurationElement(this.MessageHandlerFactory);
}
#endif
PropertyInformationCollection propertyInfo = this.ElementInformation.Properties;
if (propertyInfo[ConfigurationStrings.MaxBufferSize].ValueOrigin != PropertyValueOrigin.Default)
{
binding.MaxBufferSize = this.MaxBufferSize;
}
binding.ProxyAddress = this.ProxyAddress;
binding.ProxyAuthenticationScheme = this.ProxyAuthenticationScheme;
binding.TransferMode = this.TransferMode;
binding.UseDefaultWebProxy = this.UseDefaultWebProxy;
this.WebSocketSettings.ApplyConfiguration(binding.WebSocketSettings);
}
public async Task TestInstanceDiscovery_WhenAuthorityIsAdfs_ShouldNotDoInstanceDiscovery()
{
HttpMessageHandlerFactory.AddMockHandler(MockHelpers.CreateInstanceDiscoveryMockHandler(TestConstants.GetDiscoveryEndpoint(TestConstants.DefaultAuthorityCommonTenant)));
var authenticator = new Authenticator("https://login.contoso.com/adfs", false);
await authenticator.UpdateFromTemplateAsync(new CallState(Guid.NewGuid())).ConfigureAwait(false);
Assert.AreEqual(1, HttpMessageHandlerFactory.MockHandlersCount()); // mock is NOT consumed, so no new request was NOT attempted
}
public void TestInitialize()
{
cache = new TokenCache();
Authority.ValidatedAuthorities.Clear();
HttpClientFactory.ReturnHttpClientForMocks = true;
HttpMessageHandlerFactory.ClearMockHandlers();
Telemetry.GetInstance().RegisterReceiver(_myReceiver.OnEvents);
}
public async Task AuthenticationContextAuthorityValidationTestAsync()
{
AuthenticationContext context = null;
AuthenticationResult result = null;
try
{
context = new AuthenticationContext("https://login.contoso.com/adfs");
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, platformParameters);
}
catch (ArgumentException ex)
{
Assert.AreEqual(ex.ParamName, "validateAuthority");
}
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultRedirectUri + "?code=some-code"));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
//whitelisted authority
context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, true);
result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, platformParameters,
new UserIdentifier(TestConstants.DefaultDisplayableId, UserIdentifierType.RequiredDisplayableId));
Assert.IsNotNull(result);
Assert.AreEqual(result.AccessToken, "some-access-token");
Assert.IsNotNull(result.UserInfo);
//add handler to return failed discovery response
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Get,
ResponseMessage =
MockHelpers.CreateFailureResponseMessage(
"{\"error\":\"invalid_instance\",\"error_description\":\"AADSTS70002: Error in validating authority.\"}")
});
try
{
context = new AuthenticationContext("https://login.microsoft0nline.com/common");
result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, platformParameters);
}
catch (AdalException ex)
{
Assert.AreEqual(ex.ErrorCode, AdalError.AuthorityNotInValidList);
}
}
public async Task ForcePromptForSelectAccountPromptBehaviorTestAsync()
{
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultRedirectUri + "?code=some-code"),
// validate that authorizationUri passed to WebUi contains prompt=select_account query parameter
new Dictionary <string, string> {
{ "prompt", "select_account" }
});
var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, true, new TokenCache());
await context.TokenCache.StoreToCacheAsync(new AuthenticationResultEx
{
RefreshToken = "some-rt",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "existing-access-token",
DateTimeOffset.UtcNow + TimeSpan.FromMinutes(100))
{
UserInfo =
new UserInfo()
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId
}
},
},
TestConstants.DefaultAuthorityHomeTenant, TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User,
new CallState(new Guid())).ConfigureAwait(false);
ResetInstanceDiscovery();
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityHomeTenant))
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(),
PostData = new Dictionary <string, string>
{
{ "grant_type", "authorization_code" }
}
});
AuthenticationResult result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, new PlatformParameters(PromptBehavior.SelectAccount)).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, context.Authenticator.Authority);
Assert.AreEqual("some-access-token", result.AccessToken);
Assert.IsNotNull(result.UserInfo);
Assert.AreEqual(TestConstants.DefaultDisplayableId, result.UserInfo.DisplayableId);
Assert.AreEqual(TestConstants.DefaultUniqueId, result.UserInfo.UniqueId);
// There should be only one cache entry.
Assert.AreEqual(1, context.TokenCache.Count);
}
public AddinDiscoverer(Options options)
{
// Setup the Github client
var proxy = string.IsNullOrEmpty(options.ProxyUrl) ? null : new WebProxy(options.ProxyUrl);
var credentials = !string.IsNullOrEmpty(options.GithubToken) ? new Credentials(options.GithubToken) : new Credentials(options.GithubUsername, options.GithuPassword);
var connection = new Connection(new ProductHeaderValue(Constants.PRODUCT_NAME), new HttpClientAdapter(() => HttpMessageHandlerFactory.CreateDefault(proxy)))
{
Credentials = credentials,
};
// Setup nuget
var providers = new List <Lazy <INuGetResourceProvider> >();
providers.AddRange(NuGet.Protocol.Core.Types.Repository.Provider.GetCoreV3()); // Add v3 API support
var packageSource = new PackageSource("https://api.nuget.org/v3/index.json");
// Setup the context that will be passed to each step
_context = new DiscoveryContext()
{
Addins = Array.Empty <AddinMetadata>(),
GithubClient = new GitHubClient(connection),
GithubHttpClient = new HttpClientAdapter(() => HttpMessageHandlerFactory.CreateDefault(proxy)),
HttpClient = new HttpClient(new HttpClientHandler()
{
Proxy = proxy, UseProxy = proxy != null
}),
NugetRepository = new SourceRepository(packageSource, providers),
Options = options,
TempFolder = Path.Combine(options.TemporaryFolder, Constants.PRODUCT_NAME),
Version = typeof(AddinDiscoverer).GetTypeInfo().Assembly.GetName().Version.ToString(3)
};
// Using '.CodeBase' because it returns where the assembly is located when not executing (in other words, the 'permanent' path of the assembly).
// '.Location' would seem more intuitive but in the case of shadow copied assemblies, it would return a path in a temp directory.
var currentPath = new Uri(Assembly.GetExecutingAssembly().CodeBase).LocalPath;
var currentFolder = Path.GetDirectoryName(currentPath);
var exclusionFilePath = Path.Combine(currentFolder, "exclusionlist.json");
var inclusionFilePath = Path.Combine(currentFolder, "inclusionlist.json");
using (var sr = new StreamReader(exclusionFilePath))
{
var json = sr.ReadToEnd();
var jObject = JObject.Parse(json);
_context.ExcludedAddins = jObject.Property("packages")?.Value.ToObject <string[]>() ?? Array.Empty <string>();
_context.ExcludedTags = jObject.Property("labels")?.Value.ToObject <string[]>() ?? Array.Empty <string>();
}
using (var sr = new StreamReader(inclusionFilePath))
{
var json = sr.ReadToEnd();
var jObject = JObject.Parse(json);
_context.IncludedAddins = jObject.Property("packages")?.Value.ToObject <string[]>() ?? Array.Empty <string>();
}
}
public bool Create_Proxy_PassedThrough(HttpRequestInfo info, IWebProxy value)
{
info.Proxy = value;
var handler = new HttpMessageHandlerFactory().Create(info) as HttpClientHandler;
return(value != null
? handler.UseProxy && ReferenceEquals(handler.Proxy, value)
: !handler.UseProxy && ReferenceEquals(handler.Proxy, null));
}
public bool Create_Redirects_PassedThrough(HttpRequestInfo info, int value)
{
info.MaxRedirects = value;
var handler = new HttpMessageHandlerFactory().Create(info) as HttpClientHandler;
return(value > 0
? handler.AllowAutoRedirect && handler.MaxAutomaticRedirections == value
: !handler.AllowAutoRedirect);
}
public async Task IntegratedAuthUsingUpn_MexDoesNotReturnAuthEndpointTestAsync()
{
AuthenticationContext context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, new TokenCache());
await context.Authenticator.UpdateFromTemplateAsync(null).ConfigureAwait(false);
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent("{\"ver\":\"1.0\",\"account_type\":\"federated\",\"domain_name\":\"microsoft.com\"," +
"\"federation_protocol\":\"WSTrust\",\"federation_metadata_url\":" +
"\"https://msft.sts.microsoft.com/adfs/services/trust/mex\"," +
"\"federation_active_auth_url\":\"https://msft.sts.microsoft.com/adfs/services/trust/2005/usernamemixed\"" +
",\"cloud_instance_name\":\"login.microsoftonline.com\"}")
},
QueryParams = new Dictionary <string, string>()
{
{ "api-version", "1.0" }
}
});
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler("https://msft.sts.microsoft.com/adfs/services/trust/mex")
{
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(File.ReadAllText("TestMex.xml"))
}
});
// Mex does not return integrated auth endpoint (.../13/windowstransport)
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler("https://msft.sts.microsoft.com/adfs/services/trust/13/windowstransport")
{
Method = HttpMethod.Post,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.NotFound)
{
Content = new StringContent("Not found")
}
});
// Call acquire token, endpoint not found
var result = AssertException.TaskThrows <Exception>(() =>
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, new UserCredential(TestConstants.DefaultDisplayableId)));
// Check exception message
Assert.AreEqual("Federated service at https://msft.sts.microsoft.com/adfs/services/trust/13/windowstransport returned error: See inner exception for detail.", result.Message);
Assert.AreEqual("Response status code does not indicate success: 404 (NotFound).", result.InnerException.Message);
// There should be no cached entries.
Assert.AreEqual(0, context.TokenCache.Count);
// All mocks are consumed
Assert.AreEqual(0, HttpMessageHandlerFactory.MockHandlersCount());
}
public void ConfidentialClientUsingSecretTest()
{
ConfidentialClientApplication app = new ConfidentialClientApplication(TestConstants.ClientId,
TestConstants.RedirectUri, new ClientCredential(TestConstants.ClientSecret),
new TokenCache(), new TokenCache())
{
ValidateAuthority = false
};
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(app.Authority)
});
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessfulClientCredentialTokenResponseMessage()
});
Task <AuthenticationResult> task = app.AcquireTokenForClientAsync(TestConstants.Scope.ToArray());
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.IsNotNull("header.payload.signature", result.AccessToken);
Assert.AreEqual(TestConstants.Scope.AsSingleString(), result.Scopes.AsSingleString());
//make sure user token cache is empty
Assert.AreEqual(0, app.UserTokenCache.TokenCacheAccessor.AccessTokenCacheDictionary.Count);
Assert.AreEqual(0, app.UserTokenCache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count);
//check app token cache count to be 1
Assert.AreEqual(1, app.AppTokenCache.TokenCacheAccessor.AccessTokenCacheDictionary.Count);
Assert.AreEqual(0, app.AppTokenCache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count); //no refresh tokens are returned
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
//call AcquireTokenForClientAsync again to get result back from the cache
task = app.AcquireTokenForClientAsync(TestConstants.Scope.ToArray());
result = task.Result;
Assert.IsNotNull(result);
Assert.IsNotNull("header.payload.signature", result.AccessToken);
Assert.AreEqual(TestConstants.Scope.AsSingleString(), result.Scopes.AsSingleString());
//make sure user token cache is empty
Assert.AreEqual(0, app.UserTokenCache.TokenCacheAccessor.AccessTokenCacheDictionary.Count);
Assert.AreEqual(0, app.UserTokenCache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count);
//check app token cache count to be 1
Assert.AreEqual(1, app.AppTokenCache.TokenCacheAccessor.AccessTokenCacheDictionary.Count);
Assert.AreEqual(0, app.AppTokenCache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count); //no refresh tokens are returned
}
public async Task UserRealmDiscoveryTest()
{
AuthenticationContext context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant);
await context.Authenticator.UpdateFromTemplateAsync(null);
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent("{\"ver\":\"1.0\",\"account_type\":\"Federated\",\"domain_name\":\"microsoft.com\"," +
"\"federation_protocol\":\"WSTrust\",\"federation_metadata_url\":" +
"\"https://msft.sts.microsoft.com/adfs/services/trust/mex\"," +
"\"federation_active_auth_url\":\"https://msft.sts.microsoft.com/adfs/services/trust/2005/usernamemixed\"" +
",\"cloudinstancename\":\"login.microsoftonline.com\"}")
},
QueryParams = new Dictionary <string, string>()
{
{ "api-version", "1.0" }
}
});
UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(context.Authenticator.UserRealmUri, TestConstants.DefaultDisplayableId, null);
VerifyUserRealmResponse(userRealmResponse, "Federated");
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent("{\"ver\":\"1.0\",\"account_type\":\"Unknown\",\"cloudinstancename\":\"login.microsoftonline.com\"}")
},
QueryParams = new Dictionary <string, string>()
{
{ "api-version", "1.0" }
}
});
userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(context.Authenticator.UserRealmUri, TestConstants.DefaultDisplayableId, null);
VerifyUserRealmResponse(userRealmResponse, "Unknown");
try
{
await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(context.Authenticator.UserRealmUri, null, null);
Assert.Fail("Exception expected");
}
catch (AdalException ex)
{
Assert.IsNotNull(ex.ErrorCode, AdalError.UnknownUser);
}
}
public void DefaultHttpMessagePluginFactory_Method1()
{
var be = new HttpMessageHandlerFactory();
be.Create(null);
}
public void DefaultHttpMessagePluginFactory_Constructor1()
{
var be = new HttpMessageHandlerFactory(null);
}
public void DefaultHttpMessagePluginFactory_Constructor3()
{
var plugins = new Type[] { typeof(int) };
var be = new HttpMessageHandlerFactory(plugins);
}
public void DefaultHttpMessagePluginFactory_Constructor2()
{
var be = new HttpMessageHandlerFactory();
Assert.IsNotNull(be);
Assert.IsTrue(typeof(HttpMessageHandlerFactory).IsAssignableFrom(be.GetType()));
}
public HttpQueryMessageHandlerFactory(int queryLimit, HttpMessageHandlerFactory innerFactory = null)
{
this.queryLimit = queryLimit;
this.innerFactory = innerFactory;
}
public void DefaultHttpMessagePluginFactory_Constructor4()
{
var plugins = new Type[] { typeof(DelegatingChannel) };
var be = new HttpMessageHandlerFactory(plugins);
}
public void HttpMessageHandlerFactory_Constructor2()
{
HttpMessageHandlerFactory factory = new HttpMessageHandlerFactory();
Assert.IsNotNull(factory);
}
public void Create_Throww_With_Null_Parameter()
{
HttpMessageHandlerFactory factory = new HttpMessageHandlerFactory(typeof(MockValidMessageHandler));
ExceptionAssert.ThrowsArgumentNull("innerChannel", () => factory.Create(null));
}
public void HttpMessageHandlers_Returns_Handler_Types()
{
HttpMessageHandlerFactory factory = new HttpMessageHandlerFactory(typeof(MockValidMessageHandler));
ReadOnlyCollection<Type> handlers = factory.HttpMessageHandlers;
Assert.IsNotNull(handlers);
Assert.AreEqual(1, handlers.Count());
}
public void DefaultHttpMessagePluginFactory_Constructor7()
{
var plugins = new Type[] { typeof(ValidConstructorHandler), typeof(InvalidConstructorHandler) };
var be = new HttpMessageHandlerFactory(plugins);
}
public void DefaultHttpMessagePluginFactory_Property1()
{
var be = new HttpMessageHandlerFactory();
var plugins = be.HttpMessageHandlers;
Assert.IsNotNull(plugins);
Assert.AreEqual(0, plugins.Count());
}
