public async Task Authorization_Custom_Authorization_On_Query()
        {
            CityDomainService        cities             = new CityDomainService();
            DomainServiceDescription serviceDescription = DomainServiceDescription.GetDescription(typeof(CityDomainService));
            DomainOperationEntry     getZipsIfUser      = serviceDescription.GetQueryMethod("GetZipsIfUser");

            // The attribute permits only a user named mathew to access the query
            MockUser        user        = new MockUser("NotZipGuy");
            MockDataService dataService = new MockDataService(user);

            cities.Initialize(new WcfDomainServiceContext(dataService, DomainOperationType.Query));

            // not authenticated should be denied cleanly because there is no user name
            Exception expectedException = null;

            System.Collections.IEnumerable result;
            try
            {
                user.IsAuthenticated = false;
                result = (await cities.QueryAsync <Zip>(new QueryDescription(getZipsIfUser), CancellationToken.None)).Result;
            }
            catch (UnauthorizedAccessException e)
            {
                expectedException = e;
            }
            Assert.IsNotNull(expectedException);
            Assert.AreEqual("Only one user is authorized for this query, and it isn't you.", expectedException.Message, "Expected this custom authorization deny message for non-authenticated user.");

            // Authenticated, but still not the right user name -- should be denied
            cities            = new CityDomainService();
            expectedException = null;
            user = new MockUser("NotZipGuy", new string[] { "clerk" });
            user.IsAuthenticated = true;
            dataService          = new MockDataService(user);
            cities.Initialize(new WcfDomainServiceContext(dataService, DomainOperationType.Query));
            try
            {
                result = (await cities.QueryAsync <Zip>(new QueryDescription(getZipsIfUser), CancellationToken.None))
                         .Result;
            }
            catch (UnauthorizedAccessException e)
            {
                expectedException = e;
            }
            Assert.IsNotNull(expectedException);
            Assert.AreEqual("Only one user is authorized for this query, and it isn't you.", expectedException.Message, "Expected this custom authorization deny message for authenticated user with wrong name.");

            // authenticated and in with the right name -- should be allowed
            cities = new CityDomainService();
            user   = new MockUser("ZipGuy");
            user.IsAuthenticated = true;
            dataService          = new MockDataService(user);
            cities.Initialize(new WcfDomainServiceContext(dataService, DomainOperationType.Query));
            var queryResult = await cities.QueryAsync <Zip>(new QueryDescription(getZipsIfUser), CancellationToken.None);

            Assert.IsNotNull(queryResult.Result);
            Assert.IsNull(queryResult.ValidationErrors);
            Assert.IsTrue(queryResult.Result.OfType <Zip>().Any(), "Expected non-zero number of zip codes returned");
        }
Beispiel #2
0
        /// <summary>
        /// Creates an instance of the specified provider type, initialized with
        /// a mock operation context.
        /// </summary>
        /// <param name="providerType">The Type of provider to create and initialize</param>
        /// <param name="operationType">The operation type</param>
        /// <returns>The provider instance</returns>
        public static DomainService CreateInitializedDomainService(Type providerType, DomainOperationType operationType)
        {
            DomainService provider = (DomainService)Activator.CreateInstance(providerType);

            // create a fully functional, authenticated test context
            MockUser mockUser = new MockUser("test_user");

            mockUser.IsAuthenticated = true;
            MockDataService      dataService      = new MockDataService(mockUser);
            DomainServiceContext operationContext = new DomainServiceContext(dataService, operationType);

            provider.Initialize(operationContext);
            return(provider);
        }
        public async Task Authorization_MockUser()
        {
            CityDomainService        cities                 = new CityDomainService();
            DomainServiceDescription serviceDescription     = DomainServiceDescription.GetDescription(typeof(CityDomainService));
            DomainOperationEntry     getZipsIfAuthenticated = serviceDescription.GetQueryMethod("GetZipsIfAuthenticated");
            DomainOperationEntry     getZipsIfInRole        = serviceDescription.GetQueryMethod("GetZipsIfInRole");

            // Validate a null principal is denied
            MockUser        user        = null;
            MockDataService dataService = new MockDataService(user);

            cities.Initialize(new WcfDomainServiceContext(dataService, DomainOperationType.Query));
            Exception expectedException = null;
            ServiceQueryResult <Zip> result;

            try
            {
                result = await cities.QueryAsync <Zip>(new QueryDescription(getZipsIfAuthenticated), CancellationToken.None);
            }
            catch (UnauthorizedAccessException e)
            {
                expectedException = e;
            }
            Assert.IsNotNull(expectedException);

            Assert.AreEqual("Access to operation 'GetZipsIfAuthenticated' was denied.", expectedException.Message, "Expected standard deny message for null principal");

            // Validate a non-authenticated user is denied
            user        = new MockUser("mathew");
            dataService = new MockDataService(user);
            cities      = new CityDomainService();
            cities.Initialize(new WcfDomainServiceContext(dataService, DomainOperationType.Query));

            expectedException = null;
            try
            {
                user.IsAuthenticated = false;
                result = await cities.QueryAsync <Zip>(new QueryDescription(getZipsIfAuthenticated), CancellationToken.None);
            }
            catch (UnauthorizedAccessException e)
            {
                expectedException = e;
            }
            Assert.IsNotNull(expectedException);

            // we're authenticated, so this should succeed
            expectedException    = null;
            user.IsAuthenticated = true;
            result = await cities.QueryAsync <Zip>(new QueryDescription(getZipsIfAuthenticated), CancellationToken.None);

            Assert.IsNotNull(result.Result);

            // authenticated, but not in role, so we should fail
            cities            = new CityDomainService();
            expectedException = null;
            user = new MockUser("mathew", new string[] { "clerk" });
            user.IsAuthenticated = true;
            dataService          = new MockDataService(user);
            cities.Initialize(new WcfDomainServiceContext(dataService, DomainOperationType.Query));
            try
            {
                result = await cities.QueryAsync <Zip>(new QueryDescription(getZipsIfInRole), CancellationToken.None);
            }
            catch (UnauthorizedAccessException e)
            {
                expectedException = e;
            }
            Assert.IsNotNull(expectedException);

            // authenticated and in role, so we should succeed
            cities = new CityDomainService();
            user   = new MockUser("mathew", new string[] { "manager" });
            user.IsAuthenticated = true;
            dataService          = new MockDataService(user);
            cities.Initialize(new WcfDomainServiceContext(dataService, DomainOperationType.Query));
            result = await cities.QueryAsync <Zip>(new QueryDescription(getZipsIfInRole), CancellationToken.None);

            Assert.IsNotNull(result);
        }
Beispiel #4
0
        public void Authorization_MockUser()
        {
            int count;
            CityDomainService        cities                 = new CityDomainService();
            DomainServiceDescription serviceDescription     = DomainServiceDescription.GetDescription(typeof(CityDomainService));
            DomainOperationEntry     getZipsIfAuthenticated = serviceDescription.GetQueryMethod("GetZipsIfAuthenticated");
            DomainOperationEntry     getZipsIfInRole        = serviceDescription.GetQueryMethod("GetZipsIfInRole");

            // Validate a null principal is denied
            MockUser        user        = null;
            MockDataService dataService = new MockDataService(user);

            cities.Initialize(new DomainServiceContext(dataService, DomainOperationType.Query));
            Exception expectedException = null;

            System.Collections.IEnumerable result;
            IEnumerable <ValidationResult> validationErrors = null;

            try
            {
                result = cities.Query(new QueryDescription(getZipsIfAuthenticated), out validationErrors, out count);
            }
            catch (UnauthorizedAccessException e)
            {
                expectedException = e;
            }
            Assert.IsNotNull(expectedException);
            Assert.IsNull(validationErrors);
            Assert.AreEqual("Access to operation 'GetZipsIfAuthenticated' was denied.", expectedException.Message, "Expected standard deny message for null principal");

            // Validate a non-authenticated user is denied
            user        = new MockUser("mathew");
            dataService = new MockDataService(user);
            cities      = new CityDomainService();
            cities.Initialize(new DomainServiceContext(dataService, DomainOperationType.Query));

            expectedException = null;
            validationErrors  = null;
            try
            {
                user.IsAuthenticated = false;
                result = cities.Query(new QueryDescription(getZipsIfAuthenticated), out validationErrors, out count);
            }
            catch (UnauthorizedAccessException e)
            {
                expectedException = e;
            }
            Assert.IsNotNull(expectedException);
            Assert.IsNull(validationErrors);

            // we're authenticated, so this should succeed
            expectedException    = null;
            user.IsAuthenticated = true;
            result = cities.Query(new QueryDescription(getZipsIfAuthenticated), out validationErrors, out count);
            Assert.IsNotNull(result);
            Assert.IsNull(validationErrors);

            // authenticated, but not in role, so we should fail
            cities            = new CityDomainService();
            expectedException = null;
            user = new MockUser("mathew", new string[] { "clerk" });
            user.IsAuthenticated = true;
            dataService          = new MockDataService(user);
            cities.Initialize(new DomainServiceContext(dataService, DomainOperationType.Query));
            try
            {
                result = cities.Query(new QueryDescription(getZipsIfInRole), out validationErrors, out count);
            }
            catch (UnauthorizedAccessException e)
            {
                expectedException = e;
            }
            Assert.IsNotNull(expectedException);
            Assert.IsNull(validationErrors);

            // authenticated and in role, so we should succeed
            cities            = new CityDomainService();
            expectedException = null;
            user = new MockUser("mathew", new string[] { "manager" });
            user.IsAuthenticated = true;
            dataService          = new MockDataService(user);
            cities.Initialize(new DomainServiceContext(dataService, DomainOperationType.Query));
            result = cities.Query(new QueryDescription(getZipsIfInRole), out validationErrors, out count);
            Assert.IsNotNull(result);
            Assert.IsNull(validationErrors);
        }