public async Task UnsolicitedAssertion() { var opStore = new StandardProviderApplicationStore(); Handle(RPUri).By( async req => { var rp = new OpenIdRelyingParty(new StandardRelyingPartyApplicationStore(), this.HostFactories); IAuthenticationResponse response = await rp.GetResponseAsync(req); Assert.That(response, Is.Not.Null); Assert.AreEqual(AuthenticationStatus.Authenticated, response.Status); return new HttpResponseMessage(); }); Handle(OPUri).By( async (req, ct) => { var op = new OpenIdProvider(opStore, this.HostFactories); return await this.AutoProviderActionAsync(op, req, ct); }); this.RegisterMockRPDiscovery(ssl: false); { var op = new OpenIdProvider(opStore, this.HostFactories); Identifier id = GetMockIdentifier(ProtocolVersion.V20); var assertion = await op.PrepareUnsolicitedAssertionAsync(OPUri, RPRealmUri, id, OPLocalIdentifiers[0]); using (var httpClient = this.HostFactories.CreateHttpClient()) { using (var response = await httpClient.GetAsync(assertion.Headers.Location)) { response.EnsureSuccessStatusCode(); } } } }
public AuthorizationServerHost() { // Use a default in-memory provider application store. This is a class that is ideal for use in test // applications as it requires no further setup and can be used as both the crypto key- and nonce store. // In real-life situations you would of course implement your own crypto key- and nonce store, which will // most likely use some kind of persistent storage to store keys and nonces. As the nonces are kept in memory // only, it is not possible to refresh tokens as the issued tokens will have been removed from memory the moment // the refresh token request is being processed this.standardProviderApplicationStore = new StandardProviderApplicationStore(); }
protected void Application_Start() { RouteConfig.RegisterRoutes(RouteTable.Routes); // DotNetOpenAuth only issues access tokens when the client uses an HTTPS connection. As we will most // likely run the server on our local development machine with only a self-signed SSL certificate, setting up // connection to the server will fail as the SSL certificate is considered invalid by the .NET framework. // To circumvent this, we add the line below that will consider all SSL certificates as valid, including // self-signed certificaties. Note: this should only be used for testing purposes. ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true; // Use a default in-memory provider application store. This is a class that is ideal for use in test // applications as it requires no further setup and can be used as both the crypto key- and nonce store. // In real-life situations you would of course implement your own crypto key- and nonce store, which will // most likely use some kind of persistent storage to store keys and nonces. As the nonces are kept in memory // only, it is not possible to refresh tokens as the issued tokens will have been removed from memory the moment // the refresh token request is being processed var standardProviderApplicationStore = new StandardProviderApplicationStore(); var clientRepository = new InMemoryClientRepository(); clientRepository.Save(new Client() { Id = "demo-client-auth-code-identifier", SecretKey = "demo-client-auth-code-secret-key", CallbackUrl = new Uri("http://localhost/OAuth2WebClient/") }); clientRepository.Save(new Client() { Id = "demo-client-credentials-identifier", SecretKey = "demo-client-credentials-secret-key" }); clientRepository.Save(new Client() { Id = "demo-client-res-owner-identifier" }); var userRepository = new InMemoryUserRepository(); userRepository.Save(new User { Name = "demo-user-username", Password = "******" }); var authorizationServerHost = new AuthorizationServerHost(standardProviderApplicationStore, standardProviderApplicationStore, clientRepository, userRepository); // Create our authorization server using our own, custom IAuthorizationServerHost implementation AuthorizationServer = new AuthorizationServer(authorizationServerHost); }
public async Task AssertionWithEndpointFilter() { var opStore = new StandardProviderApplicationStore(); Handle(RPUri).By( async req => { var rp = new OpenIdRelyingParty(new StandardRelyingPartyApplicationStore(), this.HostFactories); // Rig it to always deny the incoming OP rp.EndpointFilter = op => false; // Receive the unsolicited assertion var response = await rp.GetResponseAsync(req); Assert.That(response, Is.Not.Null); Assert.AreEqual(AuthenticationStatus.Failed, response.Status); return new HttpResponseMessage(); }); this.RegisterAutoProvider(); { var op = new OpenIdProvider(opStore, this.HostFactories); Identifier id = GetMockIdentifier(ProtocolVersion.V20); var assertion = await op.PrepareUnsolicitedAssertionAsync(OPUri, GetMockRealm(false), id, id); using (var httpClient = this.HostFactories.CreateHttpClient()) { using (var response = await httpClient.GetAsync(assertion.Headers.Location)) { response.EnsureSuccessStatusCode(); } } } }
/// <summary> /// Gets the standard state storage mechanism that uses ASP.NET's /// HttpApplication state dictionary to store associations and nonces. /// </summary> /// <param name="context">The context.</param> /// <returns>The application store.</returns> public static IOpenIdApplicationStore GetHttpApplicationStore(HttpContextBase context = null) { if (context == null) { ErrorUtilities.VerifyOperation(HttpContext.Current != null, Strings.StoreRequiredWhenNoHttpContextAvailable, typeof(IOpenIdApplicationStore).Name); context = new HttpContextWrapper(HttpContext.Current); } var store = (IOpenIdApplicationStore)context.Application[ApplicationStoreKey]; if (store == null) { context.Application.Lock(); try { if ((store = (IOpenIdApplicationStore)context.Application[ApplicationStoreKey]) == null) { context.Application[ApplicationStoreKey] = store = new StandardProviderApplicationStore(); } } finally { context.Application.UnLock(); } } return store; }
public async Task ExtensionsAreIdentifiedAsSignedOrUnsigned() { Protocol protocol = Protocol.Default; var opStore = new StandardProviderApplicationStore(); int rpStep = 0; Handle(RPUri).By( async req => { var rp = new OpenIdRelyingParty(new StandardRelyingPartyApplicationStore(), this.HostFactories); RegisterMockExtension(rp.Channel); switch (++rpStep) { case 1: var response = await rp.Channel.ReadFromRequestAsync<IndirectSignedResponse>(req, CancellationToken.None); Assert.AreEqual(1, response.SignedExtensions.Count(), "Signed extension should have been received."); Assert.AreEqual(0, response.UnsignedExtensions.Count(), "No unsigned extension should be present."); break; case 2: response = await rp.Channel.ReadFromRequestAsync<IndirectSignedResponse>(req, CancellationToken.None); Assert.AreEqual(0, response.SignedExtensions.Count(), "No signed extension should have been received."); Assert.AreEqual(1, response.UnsignedExtensions.Count(), "Unsigned extension should have been received."); break; default: throw Assumes.NotReachable(); } return new HttpResponseMessage(); }); Handle(OPUri).By( async req => { var op = new OpenIdProvider(opStore, this.HostFactories); return await AutoProviderActionAsync(op, req, CancellationToken.None); }); { var op = new OpenIdProvider(opStore, this.HostFactories); RegisterMockExtension(op.Channel); var redirectingResponse = await op.Channel.PrepareResponseAsync(CreateResponseWithExtensions(protocol)); using (var httpClient = this.HostFactories.CreateHttpClient()) { using (var response = await httpClient.GetAsync(redirectingResponse.Headers.Location)) { response.EnsureSuccessStatusCode(); } } op.SecuritySettings.SignOutgoingExtensions = false; redirectingResponse = await op.Channel.PrepareResponseAsync(CreateResponseWithExtensions(protocol)); using (var httpClient = this.HostFactories.CreateHttpClient()) { using (var response = await httpClient.GetAsync(redirectingResponse.Headers.Location)) { response.EnsureSuccessStatusCode(); } } } }