public void WsFederationAuthenticationMessage_Publics()
{
string issuerAdderss = @"http://www.gotjwt.com";
string wreply = @"http://www.relyingparty.com";
string wct = Guid.NewGuid().ToString();
WsFederationMessage wsFederationMessage = new WsFederationMessage
{
IssuerAddress = issuerAdderss,
Wreply = wreply,
Wct = wct,
};
wsFederationMessage.SetParameter("bob", null);
wsFederationMessage.Parameters.Add("bob", null);
string uriString = wsFederationMessage.BuildRedirectUrl();
Uri uri = new Uri(uriString);
WsFederationMessage wsFederationMessageReturned = WsFederationMessage.FromQueryString(uri.Query);
wsFederationMessageReturned.IssuerAddress = issuerAdderss;
wsFederationMessageReturned.Parameters.Add("bob", null);
Assert.IsTrue(MessageComparer.AreEqual(wsFederationMessage, wsFederationMessageReturned));
wsFederationMessageReturned = WsFederationMessage.FromUri(uri);
wsFederationMessageReturned.IssuerAddress = issuerAdderss;
wsFederationMessageReturned.Parameters.Add("bob", null);
Assert.IsTrue(MessageComparer.AreEqual(wsFederationMessage, wsFederationMessageReturned));
}
public void WaSignIn(WsFederationSigninMessageTheoryData theoryData)
{
var context = TestUtilities.WriteHeader($"{this}.WaSignIn", theoryData);
try
{
var fedMessage = WsFederationMessage.FromQueryString(theoryData.QueryString);
var token = fedMessage.GetToken();
if (theoryData.TokenValidationParameters != null)
{
theoryData.SecurityTokenHandler.ValidateToken(token, theoryData.TokenValidationParameters, out SecurityToken validatedToken);
if (theoryData.SecurityToken != null)
{
IdentityComparer.AreEqual(theoryData.SecurityToken, validatedToken, context);
}
}
theoryData.ExpectedException.ProcessNoException(context);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
TestUtilities.AssertFailIfErrors(context);
}
public void ParametersTest(WsFederationMessageTheoryData theoryData)
{
TestUtilities.WriteHeader($"{this}.ParametersTest", theoryData);
try
{
var wsFederationMessage = new WsFederationMessage
{
IssuerAddress = theoryData.IssuerAddress,
Wreply = theoryData.Wreply,
Wct = theoryData.Wct
};
Assert.Equal(theoryData.IssuerAddress, wsFederationMessage.IssuerAddress);
Assert.Equal(theoryData.Wreply, wsFederationMessage.Wreply);
Assert.Equal(theoryData.Wct, wsFederationMessage.Wct);
// add parameter
wsFederationMessage.SetParameter(theoryData.Parameter1.Key, theoryData.Parameter1.Value);
// add parameters
var nameValueCollection = new NameValueCollection
{
{ theoryData.Parameter2.Key, theoryData.Parameter2.Value },
{ theoryData.Parameter3.Key, theoryData.Parameter3.Value }
};
wsFederationMessage.SetParameters(nameValueCollection);
// validate the parameters are added
Assert.Equal(theoryData.Parameter1.Value, wsFederationMessage.Parameters[theoryData.Parameter1.Key]);
Assert.Equal(theoryData.Parameter2.Value, wsFederationMessage.Parameters[theoryData.Parameter2.Key]);
Assert.Equal(theoryData.Parameter3.Value, wsFederationMessage.Parameters[theoryData.Parameter3.Key]);
// remove parameter
wsFederationMessage.SetParameter(theoryData.Parameter1.Key, null);
// validate the parameter is removed
Assert.False(wsFederationMessage.Parameters.ContainsKey(theoryData.Parameter1.Key));
// create redirectUri
var uriString = wsFederationMessage.BuildRedirectUrl();
Uri uri = new Uri(uriString);
// convert query back to WsFederationMessage
var wsFederationMessageReturned = WsFederationMessage.FromQueryString(uri.Query);
// validate the parameters in the returned wsFederationMessage
Assert.Equal(theoryData.Parameter2.Value, wsFederationMessageReturned.Parameters[theoryData.Parameter2.Key]);
Assert.Equal(theoryData.Parameter3.Value, wsFederationMessageReturned.Parameters[theoryData.Parameter3.Key]);
theoryData.ExpectedException.ProcessNoException();
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex);
}
}
private WsFederationMessage GetSignInRequestMessage(string returnUrl)
{
var decoded = WebUtility.UrlDecode(returnUrl);
WsFederationMessage message = WsFederationMessage.FromQueryString(decoded);
if (message.IsSignInMessage)
{
return(message);
}
return(null);
}
public async Task <IEndpointResult> ProcessAsync(HttpContext context)
{
_logger.LogDebug("Processing WsFederation request.");
if (!HttpMethods.IsGet(context.Request.Method))
{
_logger.LogWarning($"WsFederation endpoint only supports GET requests. Current method is {context.Request.Method}");
return(new StatusCodeResult(HttpStatusCode.MethodNotAllowed));
}
var queryString = context.Request.QueryString;
_logger.LogDebug($"Proccessing WsFederation signin request with QueryString: {queryString}.");
var message = WsFederationMessage.FromQueryString(queryString.Value);
var user = await _userSession.GetUserAsync();
if (message.IsSignOutMessage)
{
var signoutValidationResult = await _signoutValidator.ValidateAsync(message);
return(new WsFederationSignoutResult(signoutValidationResult));
}
else //Sign in validator also handles errors for unsupported wa
{
var validationResult = await _signinValidator.ValidateAsync(message, user);
if (validationResult.IsError)
{
_logger.LogError("WsFederation Signin request validation failed.");
return(new WsFederationSigninResult(new WsFederationSigninResponse
{
Request = validationResult.ValidatedRequest,
Error = validationResult.Error,
ErrorDescription = validationResult.ErrorDescription
}));
}
//if needed, show login page
if (IsLoginRequired(user, message))
{
return(new WsFederationLoginPageResult(validationResult.ValidatedRequest));
}
//Otherwise, return result
var response = await _responseGenerator.GenerateResponseAsync(validationResult.ValidatedRequest);
_logger.LogTrace("End get WsFederation signin request.");
return(new WsFederationSigninResult(response));
}
}
public void QueryStringTest(WsFederationMessageTheoryData theoryData)
{
var context = TestUtilities.WriteHeader($"{this}.QueryStringTest", theoryData);
try
{
var wsFederationMessage = WsFederationMessage.FromQueryString(theoryData.WsFederationMessageTestSet.Xml);
theoryData.ExpectedException.ProcessNoException();
IdentityComparer.AreWsFederationMessagesEqual(wsFederationMessage, theoryData.WsFederationMessageTestSet.WsFederationMessage, context);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex);
}
TestUtilities.AssertFailIfErrors(context);
}
/// <summary>
/// Processes the request.
/// </summary>
/// <param name="request">The request.</param>
/// <param name="helper">The helper.</param>
/// <returns></returns>
public async Task <IActionResult> ProcessRequestAsync(HttpRequest request, IUrlHelper helper)
{
var queryString = request.QueryString;
var user = await _userSession.GetUserAsync().ConfigureAwait(false);
var message = WsFederationMessage.FromQueryString(queryString.ToString());
if (message.IsSignInMessage)
{
return(await ProcessSignInAsync(message, user, request, helper).ConfigureAwait(false));
}
if (message.IsSignOutMessage)
{
return(new RedirectResult($"~/connect/endsession{queryString}"));
}
return(new BadRequestObjectResult("Invalid WS-Federation request"));
}
public async Task Invoke(HttpContext context)
{
var segment = _options.WsFedEndpoint;
if (context.Request.Path.StartsWithSegments(new PathString(segment), StringComparison.InvariantCultureIgnoreCase))
{
_logger.LogInformation("Received WsFed Request. {0}", context.Request.QueryString.ToUriComponent());
if (!context.User.Identity.IsAuthenticated)
{
_logger.LogInformation("User is not authenticated. Redirecting to authentication provider");
var qs = context.Request.QueryString;
var url = $"{context.Request.Scheme}://{context.Request.Host}{context.Request.PathBase}{segment}/{context.Request.QueryString}";
await context.ChallengeAsync(new AuthenticationProperties
{
RedirectUri = url
});
return;
}
var message = WsFederationMessage.FromQueryString(context.Request.QueryString.ToUriComponent());
if (message.IsSignInMessage)
{
var relyingParty = await _relyingPartyStore.GetByRealm(message.Wtrealm);
if (relyingParty == null)
{
_logger.LogWarning("No relying party found for realm {0}", message.Wtrealm);
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
await context.Response.WriteAsync($"The realm { message.Wtrealm} is not registered");
}
_logger.LogWarning("Processing WsFed Sign In for realm {0}", message.Wtrealm);
var output = await HandleSignIn(message, context, relyingParty.ReplyUrl);
context.Response.ContentType = "text/html";
await context.Response.WriteAsync(output);
return;
}
else if (message.IsSignOutMessage)
{
_logger.LogWarning("Processing WsFed Sign Out");
var output = await HandleSignOut(message, context);
context.Response.ContentType = "text/html";
await context.Response.WriteAsync(output);
return;
}
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
await context.Response.WriteAsync($"Invalid Ws-Fed Request Message");
return;
}
await _next(context);
}