public void EvaluateSucceedsWhenNotEnabled()
{
var mockActionDescriptor = new Mock <HttpActionDescriptor>();
var httpConfiguration = new HttpConfiguration();
var routeData = new HttpRouteData(new HttpRoute());
var request = new HttpRequestMessage();
var controllerDescriptor = new HttpControllerDescriptor {
Configuration = httpConfiguration, ControllerName = "generic"
};
var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
{
ControllerDescriptor = controllerDescriptor
};
var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
var config = new AuthenticatedPrincipalAuthorizationPolicyConfiguration {
Enabled = false
};
var policy = new AuthenticatedPrincipalAuthorizationPolicy(config);
mockActionDescriptor.SetupGet(descriptor => descriptor.ActionName).Returns("someAction");
request.SetConfiguration(httpConfiguration);
request.SetRouteData(routeData);
policy.Evaluate(actionContext).Should().BeNull("because the policy should always be satisfied if not enabled");
}
public void EvaluateFailsWhenThePrincipalIsNotAuthenticated()
{
var mockIdentity = new Mock <IIdentity>();
var mockActionDescriptor = new Mock <HttpActionDescriptor>();
var httpConfiguration = new HttpConfiguration();
var routeData = new HttpRouteData(new HttpRoute());
var request = new HttpRequestMessage();
var controllerDescriptor = new HttpControllerDescriptor {
Configuration = httpConfiguration, ControllerName = "generic", ControllerType = this.GetType()
};
var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
{
ControllerDescriptor = controllerDescriptor
};
var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
var config = new AuthenticatedPrincipalAuthorizationPolicyConfiguration {
Enabled = true
};
var policy = new AuthenticatedPrincipalAuthorizationPolicy(config);
mockIdentity.SetupGet(identity => identity.IsAuthenticated).Returns(false);
mockActionDescriptor.SetupGet(descriptor => descriptor.ActionName).Returns("someAction");
mockActionDescriptor.Setup(descriptor => descriptor.GetCustomAttributes <AllowAnonymousAttribute>()).Returns(new Collection <AllowAnonymousAttribute>());
request.SetConfiguration(httpConfiguration);
request.SetRouteData(routeData);
actionContext.RequestContext.Principal = new ClaimsPrincipal(mockIdentity.Object);
policy.Evaluate(actionContext).Should().Be(HttpStatusCode.Unauthorized, "because the policy should fail for a request that has no authentiected principal");
}
public void EvaluateSucceedsForAuthenticatedPrincipals()
{
var mockActionDescriptor = new Mock <HttpActionDescriptor>();
var httpConfiguration = new HttpConfiguration();
var routeData = new HttpRouteData(new HttpRoute());
var request = new HttpRequestMessage();
var controllerDescriptor = new HttpControllerDescriptor {
Configuration = httpConfiguration, ControllerName = "generic", ControllerType = this.GetType()
};
var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
{
ControllerDescriptor = controllerDescriptor
};
var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
var config = new AuthenticatedPrincipalAuthorizationPolicyConfiguration {
Enabled = true
};
var policy = new AuthenticatedPrincipalAuthorizationPolicy(config);
mockActionDescriptor.SetupGet(descriptor => descriptor.ActionName).Returns("someAction");
mockActionDescriptor.Setup(descriptor => descriptor.GetCustomAttributes <AllowAnonymousAttribute>()).Returns(new Collection <AllowAnonymousAttribute>());
request.SetConfiguration(httpConfiguration);
request.SetRouteData(routeData);
actionContext.RequestContext.Principal = new ClaimsPrincipal(new ClaimsIdentity("dummy auth"));
policy.Evaluate(actionContext).Should().BeNull("because the policy should always be satisfied when an authenticated principal is present");
}
public void EvaluateSucceedsWhenTheControllerAllowsAnonymous()
{
var mockActionDescriptor = new Mock <HttpActionDescriptor>();
var httpConfiguration = new HttpConfiguration();
var routeData = new HttpRouteData(new HttpRoute());
var request = new HttpRequestMessage();
var controllerDescriptor = new HttpControllerDescriptor {
Configuration = httpConfiguration, ControllerName = "generic", ControllerType = typeof(AllowAnonymousController)
};
var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
{
ControllerDescriptor = controllerDescriptor
};
var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
var config = new AuthenticatedPrincipalAuthorizationPolicyConfiguration {
Enabled = true
};
var policy = new AuthenticatedPrincipalAuthorizationPolicy(config);
mockActionDescriptor.SetupGet(descriptor => descriptor.ActionName).Returns("someAction");
mockActionDescriptor.Setup(descriptor => descriptor.GetCustomAttributes <AllowAnonymousAttribute>()).Returns(new Collection <AllowAnonymousAttribute>());
request.SetConfiguration(httpConfiguration);
request.SetRouteData(routeData);
policy.Evaluate(actionContext).Should().BeNull("because the policy should always be satisfied when the controller allows anonymous access");
}
public void EnabledPropertyIsConfigured()
{
var config = new AuthenticatedPrincipalAuthorizationPolicyConfiguration {
Enabled = true
};
var policy = new AuthenticatedPrincipalAuthorizationPolicy(config);
policy.Enabled.Should().Be(config.Enabled, "because the Enabled property should be driven by configuration");
}
public void PolicyReflectsTheExpectedPolicy()
{
var policy = new AuthenticatedPrincipalAuthorizationPolicy(new AuthenticatedPrincipalAuthorizationPolicyConfiguration());
policy.Policy.Should().Be(AuthorizationPolicy.AuthenticatedPrincipal, "because the policy should match the class name");
}
