Example how to use ActiveLogin.Authentication.BankId.AspNetCore nuget package with test environment
Intro
In the previous part I showed how easy it is to start working with a simulated environment on a dev machine.
But later on in the development process with QA and UAT it is better to have a dedicated test environment. This in turn requires proper test users instead of the hard coded users we have in the simulated environment. Another issue is how we can verify the the whole flow including authentication. In this post I will show you how to create proper test users that can be used for verifying BankID functionality. Which can give us the real authentication flow through BankID test endpoints. My starting point in this blog post will be my previous demo. Where I created a demo application with a configured simulated environment. Building upon this application we can now do a few configurations to be able to use a dedicated test environment and test users.
A good place to start is the official documentation from BankID: https://www.bankid.com/utvecklare/testmiljoe.
Configuration
First of all we need to configure the BankID application, it could be either on your phone or locally on your desktop. Here I will use the desktop app to show the functionality of “Denna enhet” button.
You can install it from https://install.bankid.com. After the first launch it will create all the necessary directories.
Following that link you can easily find all the necessary configuring instructions: https://demo.bankid.com/Konfigurera.aspx which are:
-
Navigate to
~/Library/Application Support/BankID/Config
for MAC or%appdata%\BankID\Config
for Windows. -
Create
CavaServerSelector.txt
file -
Edit this file with only one word:
kundtest
Note:
This will switch your app to the test mode so you will
NOT
be able to use it in your every day life since it will be pointed towards test BankID endpoints.
Certificates
The BankId endpoint can only be accessed by a RelyingParty that has a valid SSL Client cert. The RelyingParty certificate is obtained from the bank that the RelyingParty has purchased the BankID service from. Then it is verified by the BankId server when the channel is established.
And the BankId server will then present its server certificate to your application, which is needed to be verified.
We will need two certificates:
-
Client Certificate. Can be downloaded from https://www.bankid.com/assets/bankid/rp/FPTestcert3_20200618.p12). This certificate comes in
.p12
format, we just need to rename it to:BankIdClientCertificate-Test.crt
-
Root CA Certificate. Can be found in developers guideline document https://www.bankid.com/assets/bankid/rp/bankid-relying-party-guidelines-v3.4.pdf under section
8 Test Environment
(Save certificate code asBankIdRootCaCertificate-Test.crt
, be careful with encoding and BOM!).
Both certificates (BankIdClientCertificate-Test.crt
and BankIdRootCaCertificate-Test.crt
) we can put into Certificates
folder in the root of our project.
Test user
Following https://demo.bankid.com we can create our test user. Instructions from BankID: https://www.bankid.com/assets/bankid/rp/how-to-get-bankid-for-test-v1.7.pdf
First we need to login with our real BankID into Log in with a Production-BankID
.
Then we can Issue BankID for Test
using a random testperson identity number from Skatteverket from https://swedish.identityinfo.net. I choose on file
to test desktop application.
Follow the instruction on how to add this file to the desktop application. Where on the final step you will be prompted to specify password.
Eventually you will have this new identity in the app:
Code
In the Startup.cs
we will need to remove .UseSimulatedEnvironment();
and insert:
|
|
As you can see here we access the configuration to fetch path to certificates. Lets add it after line 9 in appsettings.json
|
|
Environment
variable will require you to add one more argument to Startup class construct IWebHostEnvironment env
and instantiate a public property.
We will need to add each certificate from Certificates
folder to our project as content. Edit ActiveLoginDemo.csproj
file and add:
|
|
Demo
Now we can start our application and go through the whole flow:
Summary
The configuration was a bit tricky but we achieved communication with a real BankID test endpoint and verified it by using test user on the desktop app (which we re-configured to point to test endpoint).
Don’t forget to remove
CavaServerSelector.txt
file if you need to use BankID desktop application as a real one.
For more configuration alternatives you can navigate to https://github.com/ActiveLogin/ActiveLogin.Authentication/blob/master/docs/getting-started-bankid.md. Please leave me feedback if you experienced any problems with this example or with general questions you are welcome to our github page