internal override async Task PreTokenRequest()
{
await base.PreTokenRequest().ConfigureAwait(false);
if (this.PerformUserRealmDiscovery())
{
UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(this.Authenticator.UserRealmUri, this.userCredential.UserName, this.CallState).ConfigureAwait(false);
PlatformPlugin.Logger.Information(this.CallState, string.Format("User with hash '{0}' detected as '{1}'", PlatformPlugin.CryptographyHelper.CreateSha256Hash(this.userCredential.UserName), userRealmResponse.AccountType));
if (string.Compare(userRealmResponse.AccountType, "federated", StringComparison.OrdinalIgnoreCase) == 0)
{
if (string.IsNullOrWhiteSpace(userRealmResponse.FederationMetadataUrl))
{
throw new MsalException(MsalError.MissingFederationMetadataUrl);
}
WsTrustAddress wsTrustAddress = await MexParser.FetchWsTrustAddressFromMexAsync(userRealmResponse.FederationMetadataUrl, this.userCredential.UserAuthType, this.CallState).ConfigureAwait(false);
PlatformPlugin.Logger.Information(this.CallState, string.Format("WS-Trust endpoint '{0}' fetched from MEX at '{1}'", wsTrustAddress.Uri, userRealmResponse.FederationMetadataUrl));
WsTrustResponse wsTrustResponse = await WsTrustRequest.SendRequestAsync(wsTrustAddress, this.userCredential, this.CallState).ConfigureAwait(false);
PlatformPlugin.Logger.Information(this.CallState, string.Format("Token of type '{0}' acquired from WS-Trust endpoint", wsTrustResponse.TokenType));
// We assume that if the response token type is not SAML 1.1, it is SAML 2
this.userAssertion = new UserAssertion(wsTrustResponse.Token, (wsTrustResponse.TokenType == WsTrustResponse.Saml1Assertion) ? OAuthGrantType.Saml11Bearer : OAuthGrantType.Saml20Bearer, this.userCredential.UserName);
}
else
{
throw new MsalException(MsalError.UnsupportedUserType);
}
}
}
public void MexParseExceptionTest()
{
string content = null;
using (Stream stream = new FileStream("TestMex2005.xml", FileMode.Open))
{
using (StreamReader reader = new StreamReader(stream))
{
content = reader.ReadToEnd();
}
}
HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
{
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(content.Replace("<", "<<"))
}
};
try
{
Task <WsTrustAddress> task = MexParser.FetchWsTrustAddressFromMexAsync("https://someUrl",
UserAuthType.IntegratedAuth, null);
var wsTrustAddress = task.Result;
}
catch (AggregateException ae)
{
Assert.IsTrue(ae.InnerException is MsalException);
Assert.AreEqual(MsalError.ParsingWsMetadataExchangeFailed, ((MsalException)ae.InnerException).ErrorCode);
}
}
public async Task WsTrustRequestTest()
{
var federatedSts = SetupStsService(StsType.AADFederatedWithADFS3);
AuthenticationContext context = new AuthenticationContext(federatedSts.Authority, federatedSts.ValidateAuthority);
await context.Authenticator.UpdateFromTemplateAsync(null);
UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(context.Authenticator.UserRealmUri, federatedSts.ValidUserName, null);
XDocument mexDocument = await FecthMexAsync(userRealmResponse.FederationMetadataUrl);
Verify.IsNotNull(mexDocument);
WsTrustAddress wsTrustAddress = MexParser.ExtractWsTrustAddressFromMex(mexDocument, UserAuthType.UsernamePassword, null);
Verify.IsNotNull(wsTrustAddress);
WsTrustResponse wstResponse = await WsTrustRequest.SendRequestAsync(wsTrustAddress, new UserCredential(federatedSts.ValidUserName, federatedSts.ValidPassword), null);
Verify.IsNotNull(wstResponse.Token);
Verify.IsTrue(wstResponse.TokenType.Contains("SAML"));
SecureString securePassword = new SecureString();
foreach (var ch in federatedSts.ValidPassword)
{
securePassword.AppendChar(ch);
}
wstResponse = await WsTrustRequest.SendRequestAsync(wsTrustAddress, new UserCredential(federatedSts.ValidUserName, securePassword), null);
Verify.IsNotNull(wstResponse.Token);
Verify.IsTrue(wstResponse.TokenType.Contains("SAML"));
try
{
await WsTrustRequest.SendRequestAsync(new WsTrustAddress { Uri = new Uri(wsTrustAddress.Uri.AbsoluteUri + "x") },
new UserCredential(federatedSts.ValidUserName, federatedSts.ValidPassword), null);
}
catch (AdalException ex)
{
Verify.IsNotNull(ex.ErrorCode, AdalError.FederatedServiceReturnedError);
Verify.IsNotNull(ex.InnerException);
}
try
{
await WsTrustRequest.SendRequestAsync(new WsTrustAddress { Uri = new Uri(wsTrustAddress.Uri.AbsoluteUri) }, new UserCredential(federatedSts.ValidUserName, "InvalidPassword"), null);
}
catch (AdalException ex)
{
Verify.IsNotNull(ex.ErrorCode, AdalError.FederatedServiceReturnedError);
Verify.IsNotNull(ex.InnerException);
}
}
protected override async Task PreTokenRequestAsync()
{
await base.PreTokenRequestAsync().ConfigureAwait(false);
if (this.PerformUserRealmDiscovery())
{
UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(this.Authenticator.UserRealmUri, this.userCredential.UserName, this.CallState).ConfigureAwait(false);
CallState.Logger.InformationPii(CallState, string.Format(CultureInfo.CurrentCulture,
" User with user name '{0}' detected as '{1}'", userCredential.UserName,
userRealmResponse.AccountType));
if (string.Compare(userRealmResponse.AccountType, "federated", StringComparison.OrdinalIgnoreCase) == 0)
{
if (string.IsNullOrWhiteSpace(userRealmResponse.FederationMetadataUrl))
{
throw new AdalException(AdalError.MissingFederationMetadataUrl);
}
WsTrustAddress wsTrustAddress = await MexParser.FetchWsTrustAddressFromMexAsync(userRealmResponse.FederationMetadataUrl, this.userCredential.UserAuthType, this.CallState).ConfigureAwait(false);
CallState.Logger.InformationPii(CallState,
string.Format(CultureInfo.CurrentCulture, " WS-Trust endpoint '{0}' fetched from MEX at '{1}'",
wsTrustAddress.Uri, userRealmResponse.FederationMetadataUrl));
WsTrustResponse wsTrustResponse = await WsTrustRequest.SendRequestAsync(wsTrustAddress, this.userCredential, this.CallState, userRealmResponse.CloudAudienceUrn).ConfigureAwait(false);
var msg = string.Format(CultureInfo.CurrentCulture,
" Token of type '{0}' acquired from WS-Trust endpoint", wsTrustResponse.TokenType);
CallState.Logger.Information(this.CallState, msg);
CallState.Logger.InformationPii(this.CallState, msg);
// We assume that if the response token type is not SAML 1.1, it is SAML 2
this.userAssertion = new UserAssertion(wsTrustResponse.Token, (wsTrustResponse.TokenType == WsTrustResponse.Saml1Assertion) ? OAuthGrantType.Saml11Bearer : OAuthGrantType.Saml20Bearer);
}
else if (string.Compare(userRealmResponse.AccountType, "managed", StringComparison.OrdinalIgnoreCase) == 0)
{
// handle password grant flow for the managed user
if (this.userCredential.PasswordToCharArray() == null)
{
throw new AdalException(AdalError.PasswordRequiredForManagedUserError);
}
}
else
{
throw new AdalException(AdalError.UnknownUserType);
}
}
}
public async Task MexParserGetWsTrustAddressTest()
{
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(File.ReadAllText("TestMex2005.xml"))
}
});
WsTrustAddress address = await MexParser.FetchWsTrustAddressFromMexAsync("https://some-url", UserAuthType.IntegratedAuth, null);
Assert.IsNotNull(address);
}
public async Task WsTrust2005AddressExtractionTest()
{
await Task.Factory.StartNew(() => {
XDocument mexDocument = null;
using (Stream stream = new FileStream("TestMex2005.xml", FileMode.Open))
{
mexDocument = XDocument.Load(stream);
}
Assert.IsNotNull(mexDocument);
WsTrustAddress wsTrustAddress = MexParser.ExtractWsTrustAddressFromMex(mexDocument, UserAuthType.IntegratedAuth, null);
Assert.IsNotNull(wsTrustAddress);
Assert.AreEqual(wsTrustAddress.Version, WsTrustVersion.WsTrust2005);
wsTrustAddress = MexParser.ExtractWsTrustAddressFromMex(mexDocument, UserAuthType.UsernamePassword, null);
Assert.IsNotNull(wsTrustAddress);
Assert.AreEqual(wsTrustAddress.Version, WsTrustVersion.WsTrust2005);
});
}
private async static Task <XDocument> FecthMexAsync(string metadataUrl)
{
if (MockService)
{
if (metadataUrl.EndsWith("xx"))
{
throw new AdalException(AdalError.AccessingWsMetadataExchangeFailed);
}
using (Stream stream = new FileStream("TestMex.xml", FileMode.Open))
{
return(XDocument.Load(stream));
}
}
else
{
return(await MexParser.FetchMexAsync(metadataUrl, null));
}
}
public async Task WsTrustAddressExtractionTest()
{
var federatedSts = SetupStsService(StsType.AADFederatedWithADFS3);
AuthenticationContext context = new AuthenticationContext(federatedSts.Authority, federatedSts.ValidateAuthority);
await context.Authenticator.UpdateFromTemplateAsync(null);
UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(context.Authenticator.UserRealmUri, federatedSts.ValidUserName, null);
XDocument mexDocument = await FecthMexAsync(userRealmResponse.FederationMetadataUrl);
Verify.IsNotNull(mexDocument);
WsTrustAddress wsTrustAddress = MexParser.ExtractWsTrustAddressFromMex(mexDocument, UserAuthType.IntegratedAuth, null);
Verify.IsNotNull(wsTrustAddress);
wsTrustAddress = MexParser.ExtractWsTrustAddressFromMex(mexDocument, UserAuthType.UsernamePassword, null);
Verify.IsNotNull(wsTrustAddress);
string mexDocumentContent = mexDocument.ToString();
try
{
string modifiedMexDocumentContent = mexDocumentContent.Replace("securitypolicy", string.Empty);
XDocument modifiedMexDocument = ConvertStringToXDocument(modifiedMexDocumentContent);
MexParser.ExtractWsTrustAddressFromMex(modifiedMexDocument, UserAuthType.UsernamePassword, null);
Verify.Fail("Exception expected");
}
catch (AdalException ex)
{
Verify.AreEqual(ex.ErrorCode, AdalError.WsTrustEndpointNotFoundInMetadataDocument);
}
try
{
string modifiedMexDocumentContent = mexDocumentContent.Replace(wsTrustAddress.Uri.AbsoluteUri, string.Empty);
XDocument modifiedMexDocument = ConvertStringToXDocument(modifiedMexDocumentContent);
MexParser.ExtractWsTrustAddressFromMex(modifiedMexDocument, UserAuthType.UsernamePassword, null);
Verify.Fail("Exception expected");
}
catch (AdalException ex)
{
Verify.AreEqual(ex.ErrorCode, AdalError.WsTrustEndpointNotFoundInMetadataDocument);
}
}
public async Task WsTrustPolicyExtraction()
{
XDocument mexDocument = null;
using (Stream stream = new FileStream("TestMex2005.xml", FileMode.Open))
{
mexDocument = XDocument.Load(stream);
}
Verify.IsNotNull(mexDocument);
Dictionary <string, MexPolicy> policies = MexParser.ReadPolicies(mexDocument);
Verify.IsNotNull(policies);
Verify.IsTrue(policies.Count == 2);
foreach (var policy in policies)
{
Verify.IsTrue(policy.Value.Version == WsTrustVersion.WsTrust2005);
}
}
public async Task MexParserGetWsTrustAddressTest()
{
HttpMessageHandlerFactory.InitializeMockProvider();
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.DefaultAuthorityCommonTenant)
{
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(File.ReadAllText("TestMex2005.xml"))
}
});
WsTrustAddress address = await MexParser.FetchWsTrustAddressFromMexAsync(TestConstants.DefaultAuthorityCommonTenant, UserAuthType.IntegratedAuth, null);
Assert.IsNotNull(address);
// All mocks are consumed
Assert.AreEqual(0, HttpMessageHandlerFactory.MockHandlersCount());
}
public void FetchWsTrustAddressFromMexTest()
{
using (Stream stream = new FileStream("TestMex2005.xml", FileMode.Open))
{
HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
{
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StreamContent(stream)
}
};
Task <WsTrustAddress> task = MexParser.FetchWsTrustAddressFromMexAsync("https://someUrl", UserAuthType.IntegratedAuth, null);
WsTrustAddress address = task.Result;
Assert.IsNotNull(address);
Assert.AreEqual("https://sts.usystech.net/adfs/services/trust/2005/windowstransport", address.Uri.AbsoluteUri);
Assert.AreEqual(WsTrustVersion.WsTrust2005, address.Version);
}
}
