internal override async Task PreTokenRequest() { await base.PreTokenRequest().ConfigureAwait(false); if (this.PerformUserRealmDiscovery()) { UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(this.Authenticator.UserRealmUri, this.userCredential.UserName, this.CallState).ConfigureAwait(false); PlatformPlugin.Logger.Information(this.CallState, string.Format("User with hash '{0}' detected as '{1}'", PlatformPlugin.CryptographyHelper.CreateSha256Hash(this.userCredential.UserName), userRealmResponse.AccountType)); if (string.Compare(userRealmResponse.AccountType, "federated", StringComparison.OrdinalIgnoreCase) == 0) { if (string.IsNullOrWhiteSpace(userRealmResponse.FederationMetadataUrl)) { throw new MsalException(MsalError.MissingFederationMetadataUrl); } WsTrustAddress wsTrustAddress = await MexParser.FetchWsTrustAddressFromMexAsync(userRealmResponse.FederationMetadataUrl, this.userCredential.UserAuthType, this.CallState).ConfigureAwait(false); PlatformPlugin.Logger.Information(this.CallState, string.Format("WS-Trust endpoint '{0}' fetched from MEX at '{1}'", wsTrustAddress.Uri, userRealmResponse.FederationMetadataUrl)); WsTrustResponse wsTrustResponse = await WsTrustRequest.SendRequestAsync(wsTrustAddress, this.userCredential, this.CallState).ConfigureAwait(false); PlatformPlugin.Logger.Information(this.CallState, string.Format("Token of type '{0}' acquired from WS-Trust endpoint", wsTrustResponse.TokenType)); // We assume that if the response token type is not SAML 1.1, it is SAML 2 this.userAssertion = new UserAssertion(wsTrustResponse.Token, (wsTrustResponse.TokenType == WsTrustResponse.Saml1Assertion) ? OAuthGrantType.Saml11Bearer : OAuthGrantType.Saml20Bearer, this.userCredential.UserName); } else { throw new MsalException(MsalError.UnsupportedUserType); } } }
public void MexParseExceptionTest() { string content = null; using (Stream stream = new FileStream("TestMex2005.xml", FileMode.Open)) { using (StreamReader reader = new StreamReader(stream)) { content = reader.ReadToEnd(); } } HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler() { Method = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(content.Replace("<", "<<")) } }; try { Task <WsTrustAddress> task = MexParser.FetchWsTrustAddressFromMexAsync("https://someUrl", UserAuthType.IntegratedAuth, null); var wsTrustAddress = task.Result; } catch (AggregateException ae) { Assert.IsTrue(ae.InnerException is MsalException); Assert.AreEqual(MsalError.ParsingWsMetadataExchangeFailed, ((MsalException)ae.InnerException).ErrorCode); } }
public async Task WsTrustRequestTest() { var federatedSts = SetupStsService(StsType.AADFederatedWithADFS3); AuthenticationContext context = new AuthenticationContext(federatedSts.Authority, federatedSts.ValidateAuthority); await context.Authenticator.UpdateFromTemplateAsync(null); UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(context.Authenticator.UserRealmUri, federatedSts.ValidUserName, null); XDocument mexDocument = await FecthMexAsync(userRealmResponse.FederationMetadataUrl); Verify.IsNotNull(mexDocument); WsTrustAddress wsTrustAddress = MexParser.ExtractWsTrustAddressFromMex(mexDocument, UserAuthType.UsernamePassword, null); Verify.IsNotNull(wsTrustAddress); WsTrustResponse wstResponse = await WsTrustRequest.SendRequestAsync(wsTrustAddress, new UserCredential(federatedSts.ValidUserName, federatedSts.ValidPassword), null); Verify.IsNotNull(wstResponse.Token); Verify.IsTrue(wstResponse.TokenType.Contains("SAML")); SecureString securePassword = new SecureString(); foreach (var ch in federatedSts.ValidPassword) { securePassword.AppendChar(ch); } wstResponse = await WsTrustRequest.SendRequestAsync(wsTrustAddress, new UserCredential(federatedSts.ValidUserName, securePassword), null); Verify.IsNotNull(wstResponse.Token); Verify.IsTrue(wstResponse.TokenType.Contains("SAML")); try { await WsTrustRequest.SendRequestAsync(new WsTrustAddress { Uri = new Uri(wsTrustAddress.Uri.AbsoluteUri + "x") }, new UserCredential(federatedSts.ValidUserName, federatedSts.ValidPassword), null); } catch (AdalException ex) { Verify.IsNotNull(ex.ErrorCode, AdalError.FederatedServiceReturnedError); Verify.IsNotNull(ex.InnerException); } try { await WsTrustRequest.SendRequestAsync(new WsTrustAddress { Uri = new Uri(wsTrustAddress.Uri.AbsoluteUri) }, new UserCredential(federatedSts.ValidUserName, "InvalidPassword"), null); } catch (AdalException ex) { Verify.IsNotNull(ex.ErrorCode, AdalError.FederatedServiceReturnedError); Verify.IsNotNull(ex.InnerException); } }
protected override async Task PreTokenRequestAsync() { await base.PreTokenRequestAsync().ConfigureAwait(false); if (this.PerformUserRealmDiscovery()) { UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(this.Authenticator.UserRealmUri, this.userCredential.UserName, this.CallState).ConfigureAwait(false); CallState.Logger.InformationPii(CallState, string.Format(CultureInfo.CurrentCulture, " User with user name '{0}' detected as '{1}'", userCredential.UserName, userRealmResponse.AccountType)); if (string.Compare(userRealmResponse.AccountType, "federated", StringComparison.OrdinalIgnoreCase) == 0) { if (string.IsNullOrWhiteSpace(userRealmResponse.FederationMetadataUrl)) { throw new AdalException(AdalError.MissingFederationMetadataUrl); } WsTrustAddress wsTrustAddress = await MexParser.FetchWsTrustAddressFromMexAsync(userRealmResponse.FederationMetadataUrl, this.userCredential.UserAuthType, this.CallState).ConfigureAwait(false); CallState.Logger.InformationPii(CallState, string.Format(CultureInfo.CurrentCulture, " WS-Trust endpoint '{0}' fetched from MEX at '{1}'", wsTrustAddress.Uri, userRealmResponse.FederationMetadataUrl)); WsTrustResponse wsTrustResponse = await WsTrustRequest.SendRequestAsync(wsTrustAddress, this.userCredential, this.CallState, userRealmResponse.CloudAudienceUrn).ConfigureAwait(false); var msg = string.Format(CultureInfo.CurrentCulture, " Token of type '{0}' acquired from WS-Trust endpoint", wsTrustResponse.TokenType); CallState.Logger.Information(this.CallState, msg); CallState.Logger.InformationPii(this.CallState, msg); // We assume that if the response token type is not SAML 1.1, it is SAML 2 this.userAssertion = new UserAssertion(wsTrustResponse.Token, (wsTrustResponse.TokenType == WsTrustResponse.Saml1Assertion) ? OAuthGrantType.Saml11Bearer : OAuthGrantType.Saml20Bearer); } else if (string.Compare(userRealmResponse.AccountType, "managed", StringComparison.OrdinalIgnoreCase) == 0) { // handle password grant flow for the managed user if (this.userCredential.PasswordToCharArray() == null) { throw new AdalException(AdalError.PasswordRequiredForManagedUserError); } } else { throw new AdalException(AdalError.UnknownUserType); } } }
public async Task MexParserGetWsTrustAddressTest() { HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler() { Method = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(File.ReadAllText("TestMex2005.xml")) } }); WsTrustAddress address = await MexParser.FetchWsTrustAddressFromMexAsync("https://some-url", UserAuthType.IntegratedAuth, null); Assert.IsNotNull(address); }
public async Task WsTrust2005AddressExtractionTest() { await Task.Factory.StartNew(() => { XDocument mexDocument = null; using (Stream stream = new FileStream("TestMex2005.xml", FileMode.Open)) { mexDocument = XDocument.Load(stream); } Assert.IsNotNull(mexDocument); WsTrustAddress wsTrustAddress = MexParser.ExtractWsTrustAddressFromMex(mexDocument, UserAuthType.IntegratedAuth, null); Assert.IsNotNull(wsTrustAddress); Assert.AreEqual(wsTrustAddress.Version, WsTrustVersion.WsTrust2005); wsTrustAddress = MexParser.ExtractWsTrustAddressFromMex(mexDocument, UserAuthType.UsernamePassword, null); Assert.IsNotNull(wsTrustAddress); Assert.AreEqual(wsTrustAddress.Version, WsTrustVersion.WsTrust2005); }); }
private async static Task <XDocument> FecthMexAsync(string metadataUrl) { if (MockService) { if (metadataUrl.EndsWith("xx")) { throw new AdalException(AdalError.AccessingWsMetadataExchangeFailed); } using (Stream stream = new FileStream("TestMex.xml", FileMode.Open)) { return(XDocument.Load(stream)); } } else { return(await MexParser.FetchMexAsync(metadataUrl, null)); } }
public async Task WsTrustAddressExtractionTest() { var federatedSts = SetupStsService(StsType.AADFederatedWithADFS3); AuthenticationContext context = new AuthenticationContext(federatedSts.Authority, federatedSts.ValidateAuthority); await context.Authenticator.UpdateFromTemplateAsync(null); UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(context.Authenticator.UserRealmUri, federatedSts.ValidUserName, null); XDocument mexDocument = await FecthMexAsync(userRealmResponse.FederationMetadataUrl); Verify.IsNotNull(mexDocument); WsTrustAddress wsTrustAddress = MexParser.ExtractWsTrustAddressFromMex(mexDocument, UserAuthType.IntegratedAuth, null); Verify.IsNotNull(wsTrustAddress); wsTrustAddress = MexParser.ExtractWsTrustAddressFromMex(mexDocument, UserAuthType.UsernamePassword, null); Verify.IsNotNull(wsTrustAddress); string mexDocumentContent = mexDocument.ToString(); try { string modifiedMexDocumentContent = mexDocumentContent.Replace("securitypolicy", string.Empty); XDocument modifiedMexDocument = ConvertStringToXDocument(modifiedMexDocumentContent); MexParser.ExtractWsTrustAddressFromMex(modifiedMexDocument, UserAuthType.UsernamePassword, null); Verify.Fail("Exception expected"); } catch (AdalException ex) { Verify.AreEqual(ex.ErrorCode, AdalError.WsTrustEndpointNotFoundInMetadataDocument); } try { string modifiedMexDocumentContent = mexDocumentContent.Replace(wsTrustAddress.Uri.AbsoluteUri, string.Empty); XDocument modifiedMexDocument = ConvertStringToXDocument(modifiedMexDocumentContent); MexParser.ExtractWsTrustAddressFromMex(modifiedMexDocument, UserAuthType.UsernamePassword, null); Verify.Fail("Exception expected"); } catch (AdalException ex) { Verify.AreEqual(ex.ErrorCode, AdalError.WsTrustEndpointNotFoundInMetadataDocument); } }
public async Task WsTrustPolicyExtraction() { XDocument mexDocument = null; using (Stream stream = new FileStream("TestMex2005.xml", FileMode.Open)) { mexDocument = XDocument.Load(stream); } Verify.IsNotNull(mexDocument); Dictionary <string, MexPolicy> policies = MexParser.ReadPolicies(mexDocument); Verify.IsNotNull(policies); Verify.IsTrue(policies.Count == 2); foreach (var policy in policies) { Verify.IsTrue(policy.Value.Version == WsTrustVersion.WsTrust2005); } }
public async Task MexParserGetWsTrustAddressTest() { HttpMessageHandlerFactory.InitializeMockProvider(); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.DefaultAuthorityCommonTenant) { Method = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(File.ReadAllText("TestMex2005.xml")) } }); WsTrustAddress address = await MexParser.FetchWsTrustAddressFromMexAsync(TestConstants.DefaultAuthorityCommonTenant, UserAuthType.IntegratedAuth, null); Assert.IsNotNull(address); // All mocks are consumed Assert.AreEqual(0, HttpMessageHandlerFactory.MockHandlersCount()); }
public void FetchWsTrustAddressFromMexTest() { using (Stream stream = new FileStream("TestMex2005.xml", FileMode.Open)) { HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler() { Method = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StreamContent(stream) } }; Task <WsTrustAddress> task = MexParser.FetchWsTrustAddressFromMexAsync("https://someUrl", UserAuthType.IntegratedAuth, null); WsTrustAddress address = task.Result; Assert.IsNotNull(address); Assert.AreEqual("https://sts.usystech.net/adfs/services/trust/2005/windowstransport", address.Uri.AbsoluteUri); Assert.AreEqual(WsTrustVersion.WsTrust2005, address.Version); } }