public void AuthorizationAttribute_Invoke_Allowed_No_Attributes()
        {
            IPrincipal user = this.CreateIPrincipal("user1");

            // Instantiate a new DomainService to use for an Invoke
            using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
            {
                testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Invoke));

                // Get a DomainServiceDescription for that same domain service
                DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));

                // Locate the invoke method
                DomainOperationEntry invokeEntry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "InvokeNoAuth");
                Assert.IsNotNull(invokeEntry, "Could not locate InvokeNoAuth invoke");
                Assert.AreEqual("Invoke", invokeEntry.OperationType, "Invoke operation entry should show Invoke operation type");

                // Ask the domain service to perform authorization.
                // The principal will be located via the mock data service created above.
                // Invokes do not expect an entity instance.
                AuthorizationResult result = testDomainService.IsAuthorized(invokeEntry, entity: null);

                Assert.AreSame(AuthorizationResult.Allowed, result, "Expected invoke with no auth attributes to be allowed.");
            }
        }
Ejemplo n.º 2
0
        public void AuthorizationAttribute_Invoke_Allowed_No_Attributes()
        {
            IPrincipal user = this.CreateIPrincipal("user1");

            // Instantiate a new DomainService to use for an Invoke
            using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
            {
                testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Invoke));

                // Get a DomainServiceDescription for that same domain service
                DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));

                // Locate the invoke method
                DomainOperationEntry invokeEntry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "InvokeNoAuth");
                Assert.IsNotNull(invokeEntry, "Could not locate InvokeNoAuth invoke");
                Assert.AreEqual("Invoke", invokeEntry.OperationType, "Invoke operation entry should show Invoke operation type");

                // Ask the domain service to perform authorization.
                // The principal will be located via the mock data service created above.
                // Invokes do not expect an entity instance.
                AuthorizationResult result = testDomainService.IsAuthorized(invokeEntry, entity: null);

                Assert.AreSame(AuthorizationResult.Allowed, result, "Expected invoke with no auth attributes to be allowed.");
            }
        }
Ejemplo n.º 3
0
        public void AuthorizationAttribute_Query_Custom_Attribute()
        {
            IPrincipal user = this.CreateIPrincipal("user1");

            // Instantiate a new DomainService to use for a Query
            using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
            {
                testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Query));

                // Get a DomainServiceDescription for that same domain service
                DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));

                // Locate the QueryAllow query
                DomainOperationEntry entry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "QueryAllow");
                Assert.IsNotNull(entry, "Did not find QueryAllow entry");
                Assert.AreEqual("Query", entry.OperationType, "Query operation type expected for query operation");

                // Ask the domain service to perform authorization.
                // The principal will be located via the mock data service created above.
                AuthorizationResult result = testDomainService.IsAuthorized(entry, entity: null);

                if (result != AuthorizationResult.Allowed)
                {
                    Assert.Fail("Expected QueryAllow to be approved: " + result.ErrorMessage);
                }

                // Try again with a different query that will be denied
                entry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "QueryDeny");
                Assert.IsNotNull(entry, "Did not find QueryDeny entry");

                result = testDomainService.IsAuthorized(entry, entity: null);

                Assert.AreNotSame(AuthorizationResult.Allowed, result, "Expected QueryDeny to be denied");
            }
        }
Ejemplo n.º 4
0
        public void AuthorizationAttribute_Invoke_Custom_Attribute()
        {
            IPrincipal user = this.CreateIPrincipal("user1");

            // Instantiate a new DomainService to use for an Invoke
            using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
            {
                testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Invoke));

                // Get a DomainServiceDescription for that same domain service
                DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));

                // Locate the invoke method
                DomainOperationEntry invokeEntry = description.DomainOperationEntries.Single(p => p.Name == "InvokeAllow");

                // Ask the domain service to perform authorization.
                // The principal will be located via the mock data service created above.
                // Invokes do not expect an entity instance.
                AuthorizationResult result = testDomainService.IsAuthorized(invokeEntry, entity: null);

                Assert.AreSame(AuthorizationResult.Allowed, result, "Expected invoke with custom auth attributes to be allowed.");

                // Do that again but using an Invoke that will deny based on its own name
                invokeEntry = description.DomainOperationEntries.Single(p => p.Name == "InvokeDeny");
                result      = testDomainService.IsAuthorized(invokeEntry, entity: null);
                Assert.AreNotSame(AuthorizationResult.Allowed, result, "Expected invoke with denying custom attributes to be denied.");
            }
        }
Ejemplo n.º 5
0
        public void AuthorizationAttribute_Custom_Method_Custom_Attribute_Null_Entity_Throws()
        {
            IPrincipal user = this.CreateIPrincipal("user1");

            // Instantiate a new DomainService to use for a custom method via a Submit
            using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
            {
                // Note: Submit context enforces null entity test
                testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Submit));

                DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));
                DomainOperationEntry     entry       = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "CustomUpdate");
                Assert.IsNotNull(entry, "Did not find CustomUpdate entry");

                // The null entity here should raise ArgNull because the context is Submit
                AuthorizationTestEntity entity = null;
                ExceptionHelper.ExpectArgumentNullExceptionStandard(() => testDomainService.IsAuthorized(entry, entity), "entity");
            }
        }
Ejemplo n.º 6
0
        public void AuthorizationAttribute_Custom_Method_Custom_Attribute_Metadata_Context()
        {
            IPrincipal user = this.CreateIPrincipal("user1");

            // Instantiate a new DomainService to use for a custom method via a Submit
            using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
            {
                // Note: Metadata context
                testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Metadata));
                DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));
                DomainOperationEntry     entry       = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "CustomUpdate");
                Assert.IsNotNull(entry, "Did not find CustomUpdate entry");

                AuthorizationTestEntity entity = null;
                AuthorizationResult     result = testDomainService.IsAuthorized(entry, entity);

                if (result != AuthorizationResult.Allowed)
                {
                    Assert.Fail("Expected custom method to be approved during metadata use: " + result.ErrorMessage);
                }
            }
        }
Ejemplo n.º 7
0
        public void AuthorizationAttribute_Custom_Method_Custom_Attribute()
        {
            IPrincipal user = this.CreateIPrincipal("user1");

            // Instantiate a new DomainService to use for a custom method via a Submit
            using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
            {
                testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Submit));

                // Get a DomainServiceDescription for that same domain service
                DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));

                // Locate the custom method.  It has an attribute that will deny only entities whose value is "Fred"
                DomainOperationEntry entry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "CustomUpdate");
                Assert.IsNotNull(entry, "Did not find CustomUpdate entry");
                Assert.AreEqual("Update", entry.OperationType, "Custom op entry should show op type Update");

                // Ask the domain service to perform authorization.
                // The principal will be located via the mock data service created above.
                AuthorizationTestEntity entity = new AuthorizationTestEntity()
                {
                    TheValue = "Bob"
                };
                AuthorizationResult result = testDomainService.IsAuthorized(entry, entity);

                if (result != AuthorizationResult.Allowed)
                {
                    Assert.Fail("Expected custom method to be approved: " + result.ErrorMessage);
                }

                // Now set it to an illegal value and verify deny
                entity.TheValue = "Fred";
                result          = testDomainService.IsAuthorized(entry, entity);

                Assert.AreNotSame(AuthorizationResult.Allowed, result, "Expected custom method to be denied");
                Assert.AreEqual("uhuh", result.ErrorMessage, "Expected denial to return explicit message from code");
            }
        }
        public void AuthorizationAttribute_Custom_Method_Custom_Attribute_Null_Entity_Throws()
        {
            IPrincipal user = this.CreateIPrincipal("user1");

            // Instantiate a new DomainService to use for a custom method via a Submit
            using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
            {
                // Note: Submit context enforces null entity test
                testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Submit));

                DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));
                DomainOperationEntry entry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "CustomUpdate");
                Assert.IsNotNull(entry, "Did not find CustomUpdate entry");

                // The null entity here should raise ArgNull because the context is Submit
                AuthorizationTestEntity entity = null;
                ExceptionHelper.ExpectArgumentNullExceptionStandard(() => testDomainService.IsAuthorized(entry, entity), "entity");
            }
        }
        public void AuthorizationAttribute_Custom_Method_Custom_Attribute_Metadata_Context()
        {
            IPrincipal user = this.CreateIPrincipal("user1");

            // Instantiate a new DomainService to use for a custom method via a Submit
            using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
            {
                // Note: Metadata context
                testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Metadata));
                DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));
                DomainOperationEntry entry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "CustomUpdate");
                Assert.IsNotNull(entry, "Did not find CustomUpdate entry");

                AuthorizationTestEntity entity = null;
                AuthorizationResult result = testDomainService.IsAuthorized(entry, entity);

                if (result != AuthorizationResult.Allowed)
                    Assert.Fail("Expected custom method to be approved during metadata use: " + result.ErrorMessage);
            }
        }
        public void AuthorizationAttribute_Custom_Method_Custom_Attribute()
        {
            IPrincipal user = this.CreateIPrincipal("user1");

            // Instantiate a new DomainService to use for a custom method via a Submit
            using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
            {
                testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Submit));

                // Get a DomainServiceDescription for that same domain service
                DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));

                // Locate the custom method.  It has an attribute that will deny only entities whose value is "Fred"
                DomainOperationEntry entry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "CustomUpdate");
                Assert.IsNotNull(entry, "Did not find CustomUpdate entry");
                Assert.AreEqual("Update", entry.OperationType, "Custom op entry should show op type Update");

                // Ask the domain service to perform authorization.
                // The principal will be located via the mock data service created above.
                AuthorizationTestEntity entity = new AuthorizationTestEntity() { TheValue = "Bob" };
                AuthorizationResult result = testDomainService.IsAuthorized(entry, entity);

                if (result != AuthorizationResult.Allowed)
                    Assert.Fail("Expected custom method to be approved: " + result.ErrorMessage);

                // Now set it to an illegal value and verify deny
                entity.TheValue = "Fred";
                result = testDomainService.IsAuthorized(entry, entity);

                Assert.AreNotSame(AuthorizationResult.Allowed, result, "Expected custom method to be denied");
                Assert.AreEqual("uhuh", result.ErrorMessage, "Expected denial to return explicit message from code");
            }
        }
        public void AuthorizationAttribute_Query_Custom_Attribute()
        {
            IPrincipal user = this.CreateIPrincipal("user1");

            // Instantiate a new DomainService to use for a Query
            using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
            {
                testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Query));

                // Get a DomainServiceDescription for that same domain service
                DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));

                // Locate the QueryAllow query
                DomainOperationEntry entry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "QueryAllow");
                Assert.IsNotNull(entry, "Did not find QueryAllow entry");
                Assert.AreEqual("Query", entry.OperationType, "Query operation type expected for query operation");

                // Ask the domain service to perform authorization.
                // The principal will be located via the mock data service created above.
                AuthorizationResult result = testDomainService.IsAuthorized(entry, entity: null);

                if (result != AuthorizationResult.Allowed)
                    Assert.Fail("Expected QueryAllow to be approved: " + result.ErrorMessage);

                // Try again with a different query that will be denied
                entry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "QueryDeny");
                Assert.IsNotNull(entry, "Did not find QueryDeny entry");

                result = testDomainService.IsAuthorized(entry, entity: null);

                Assert.AreNotSame(AuthorizationResult.Allowed, result, "Expected QueryDeny to be denied");
            }
        }
        public void AuthorizationAttribute_Invoke_Custom_Attribute()
        {
            IPrincipal user = this.CreateIPrincipal("user1");

            // Instantiate a new DomainService to use for an Invoke
            using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
            {
                testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Invoke));

                // Get a DomainServiceDescription for that same domain service
                DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));

                // Locate the invoke method
                DomainOperationEntry invokeEntry = description.DomainOperationEntries.Single(p => p.Name == "InvokeAllow");

                // Ask the domain service to perform authorization.
                // The principal will be located via the mock data service created above.
                // Invokes do not expect an entity instance.
                AuthorizationResult result = testDomainService.IsAuthorized(invokeEntry, entity: null);

                Assert.AreSame(AuthorizationResult.Allowed, result, "Expected invoke with custom auth attributes to be allowed.");

                // Do that again but using an Invoke that will deny based on its own name
                invokeEntry = description.DomainOperationEntries.Single(p => p.Name == "InvokeDeny");
                result = testDomainService.IsAuthorized(invokeEntry, entity: null);
                Assert.AreNotSame(AuthorizationResult.Allowed, result, "Expected invoke with denying custom attributes to be denied.");
            }
        }