Intro

Post logo

In the previous part I showed how easy it is to start working with a simulated environment on a dev machine.

But later on in the development process with QA and UAT it is better to have a dedicated test environment. This in turn requires proper test users instead of the hard coded users we have in the simulated environment. Another issue is how we can verify the the whole flow including authentication. In this post I will show you how to create proper test users that can be used for verifying BankID functionality. Which can give us the real authentication flow through BankID test endpoints. My starting point in this blog post will be my previous demo. Where I created a demo application with a configured simulated environment. Building upon this application we can now do a few configurations to be able to use a dedicated test environment and test users.

A good place to start is the official documentation from BankID: https://www.bankid.com/utvecklare/testmiljoe.

Configuration

First of all we need to configure the BankID application, it could be either on your phone or locally on your desktop. Here I will use the desktop app to show the functionality of “Denna enhet” button.

You can install it from https://install.bankid.com. After the first launch it will create all the necessary directories.

Following that link you can easily find all the necessary configuring instructions: https://demo.bankid.com/Konfigurera.aspx which are:

  1. Navigate to ~/Library/Application Support/BankID/Config for MAC or %appdata%\BankID\Config for Windows.

  2. Create CavaServerSelector.txt file

  3. Edit this file with only one word: kundtest

Note:

This will switch your app to the test mode so you will NOT be able to use it in your every day life since it will be pointed towards test BankID endpoints.

Certificates

The BankId endpoint can only be accessed by a RelyingParty that has a valid SSL Client cert. The RelyingParty certificate is obtained from the bank that the RelyingParty has purchased the BankID service from. Then it is verified by the BankId server when the channel is established.

And the BankId server will then present its server certificate to your application, which is needed to be verified.

We will need two certificates:

  1. Client Certificate. Can be downloaded from https://www.bankid.com/assets/bankid/rp/FPTestcert3_20200618.p12). This certificate comes in .p12 format, we just need to rename it to: BankIdClientCertificate-Test.crt

  2. Root CA Certificate. Can be found in developers guideline document https://www.bankid.com/assets/bankid/rp/bankid-relying-party-guidelines-v3.4.pdf under section 8 Test Environment (Save certificate code as BankIdRootCaCertificate-Test.crt, be careful with encoding and BOM!).

Both certificates (BankIdClientCertificate-Test.crt and BankIdRootCaCertificate-Test.crt) we can put into Certificates folder in the root of our project.

Test user

Following https://demo.bankid.com we can create our test user. Instructions from BankID: https://www.bankid.com/assets/bankid/rp/how-to-get-bankid-for-test-v1.7.pdf

First we need to login with our real BankID into Log in with a Production-BankID.

Then we can Issue BankID for Test using a random testperson identity number from Skatteverket from https://swedish.identityinfo.net. I choose on file to test desktop application.

Add new user

Follow the instruction on how to add this file to the desktop application. Where on the final step you will be prompted to specify password.

Eventually you will have this new identity in the app:

User in the app

Code

In the Startup.cs we will need to remove .UseSimulatedEnvironment(); and insert:

1
2
3
4
5
6

.UseTestEnvironment()
.UseClientCertificate(() =>
    new X509Certificate2(Path.Combine(Environment.ContentRootPath,
        Configuration.GetValue<string>("ActiveLogin:BankId:ClientCertificate:FilePath")), "qwerty123"))
.UseRootCaCertificate(Path.Combine(Environment.ContentRootPath,
    Configuration.GetValue<string>("ActiveLogin:BankId:CaCertificate:FilePath")))

As you can see here we access the configuration to fetch path to certificates. Lets add it after line 9 in appsettings.json

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AllowedHosts": "*",
  "ActiveLogin": {
    "BankId": {
      "ClientCertificate": {
        "FilePath": "Certificates/BankIdClientCertificate-Test.crt"
      },
      "CaCertificate": {
        "FilePath": "Certificates/BankIdRootCaCertificate-Test.crt"
      }      
    }
  }
}

Environment variable will require you to add one more argument to Startup class construct IWebHostEnvironment env and instantiate a public property.

We will need to add each certificate from Certificates folder to our project as content. Edit ActiveLoginDemo.csproj file and add:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

<ItemGroup>
  <None Remove="Certificates\BankIdClientCertificate-Test.crt" />
  <Content Include="Certificates\BankIdClientCertificate-Test.crt">
    <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
  </Content>
  <None Remove="Certificates\BankIdRootCaCertificate-Test.crt" />
  <Content Include="Certificates\BankIdRootCaCertificate-Test.crt">
    <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
  </Content>
</ItemGroup>

Demo

Now we can start our application and go through the whole flow:

Flow

Summary

The configuration was a bit tricky but we achieved communication with a real BankID test endpoint and verified it by using test user on the desktop app (which we re-configured to point to test endpoint).

Don’t forget to remove CavaServerSelector.txt file if you need to use BankID desktop application as a real one.

For more configuration alternatives you can navigate to https://github.com/ActiveLogin/ActiveLogin.Authentication/blob/master/docs/getting-started-bankid.md. Please leave me feedback if you experienced any problems with this example or with general questions you are welcome to our github page