public void Validate_UserUnauthenticated_DoesNotInvokeSessionHelper()
{
var mock = Mock.Get(_httpContext);
mock.Setup(c => c.User.Identity.IsAuthenticated).Returns(false);
var sessionIdManager = new AuthenticatedSessionIDManager(_httpContext, _configEnabled, _sessionIDHelper);
sessionIdManager.Validate("someid");
Mock.Get(_sessionIDHelper).Verify(s => s.Validate(It.IsAny <String>(), It.IsAny <String>()), Times.Never());
}
public void Validate_UserAuthenticated_ReturnsTrueOnValidAuthenticatedSessionID()
{
var mock = Mock.Get(_httpContext);
mock.Setup(c => c.User.Identity.IsAuthenticated).Returns(true);
mock.Setup(c => c.User.Identity.Name).Returns("klings");
var sessionIdManager = new AuthenticatedSessionIDManager(_httpContext, _configEnabled, _sessionIDHelper);
Mock.Get(_sessionIDHelper).Setup(s => s.Validate("klings", "secureid")).Returns(true);
Assert.True(sessionIdManager.Validate("secureid"));
}
public void Validate_DisabledInConfigUserAuthenticated_ReturnsTrueOnValidAspnetSessionID()
{
var mock = Mock.Get(_httpContext);
mock.Setup(c => c.User.Identity.IsAuthenticated).Returns(true);
mock.Setup(c => c.User.Identity.Name).Returns("klings");
var config = new SessionSecurityConfigurationSection {
SessionIDAuthentication = { Enabled = false }
};
var sessionIdManager = new AuthenticatedSessionIDManager(_httpContext, config, _sessionIDHelper);
Mock.Get(_sessionIDHelper).Setup(s => s.Validate(It.IsAny <String>(), It.IsAny <String>())).Returns(false);
Assert.True(sessionIdManager.Validate("abcdefghijklmnopqrstuvwx"));
}
