public void GetKeyFromConfig_UseMachineKeyTrue_ReturnsMachineKey()
{
var sessionSecurityConfig = new SessionSecurityConfigurationSection();
sessionSecurityConfig.SessionIDAuthentication.UseMachineKey = true;
var helper = new SessionIDAuthenticationConfigurationHelper(sessionSecurityConfig, _machineKeyHelper, _appsettingHelper);
var key = helper.GetKeyFromConfig();
Assert.AreEqual(_expectedMachineKey, key);
}
public void Setup()
{
var httpContextMock = new Mock <HttpContextBase>();
httpContextMock.Setup(c => c.Items).Returns(new ListDictionary());
_httpContext = httpContextMock.Object;
_configEnabled = new SessionSecurityConfigurationSection {
SessionIDAuthentication = { Enabled = true }
};
_sessionIDHelper = new Mock <IAuthenticatedSessionIDHelper>().Object;
}
public void GetKeyFromConfig_UseMachineKeyFalseNoAuthenticationKeyAppsettingConfigured_ReturnsKeyFromAppsetting()
{
var sessionSecurityConfig = new SessionSecurityConfigurationSection();
sessionSecurityConfig.SessionIDAuthentication.UseMachineKey = false;
sessionSecurityConfig.SessionIDAuthentication.AuthenticationKeyAppsetting = "AuthKey";
var helper = new SessionIDAuthenticationConfigurationHelper(sessionSecurityConfig, _machineKeyHelper, _appsettingHelper);
var key = helper.GetKeyFromConfig();
Assert.AreEqual(_expectedAppsettingKey, key);
}
public void Setup()
{
_rng = new PredictableNumberGenerator(0x05);
_hmac = new Mock <IHmacHelper>().Object;
Mock.Get(_hmac).Setup(h => h.CalculateMac(It.IsAny <byte[]>(), It.IsAny <byte[]>())).Returns(GetMockMac);
var config = new SessionSecurityConfigurationSection();
config.SessionIDAuthentication.Enabled = true;
config.SessionIDAuthentication.AuthenticationKey = "0101010101010101010101010101010101010101010101010101010101010101";
_helper = new AuthenticatedSessionIDHelper(_rng, new byte[32], _hmac);
}
public void Validate_DisabledInConfigUserAuthenticated_ReturnsTrueOnValidAspnetSessionID()
{
var mock = Mock.Get(_httpContext);
mock.Setup(c => c.User.Identity.IsAuthenticated).Returns(true);
mock.Setup(c => c.User.Identity.Name).Returns("klings");
var config = new SessionSecurityConfigurationSection {
SessionIDAuthentication = { Enabled = false }
};
var sessionIdManager = new AuthenticatedSessionIDManager(_httpContext, config, _sessionIDHelper);
Mock.Get(_sessionIDHelper).Setup(s => s.Validate(It.IsAny <String>(), It.IsAny <String>())).Returns(false);
Assert.True(sessionIdManager.Validate("abcdefghijklmnopqrstuvwx"));
}
public void CreateSessionID_DisabledInConfigUserAuthenticated_ReturnsAspNetSessionID()
{
var mock = Mock.Get(_httpContext);
mock.Setup(c => c.User.Identity.IsAuthenticated).Returns(true);
mock.Setup(c => c.User.Identity.Name).Returns("klings");
var config = new SessionSecurityConfigurationSection {
SessionIDAuthentication = { Enabled = false }
};
var sessionIdManager = new AuthenticatedSessionIDManager(_httpContext, config, _sessionIDHelper);
Mock.Get(_sessionIDHelper).Setup(s => s.Create("klings")).Returns("secureid");
Assert.True(sessionIdManager.CreateSessionID(null).Length == 24, "Generated session id was not length 24, and propably not an ASP.NET session ID.");
}
internal AuthenticatedSessionIDManager(HttpContextBase context, SessionSecurityConfigurationSection config, IAuthenticatedSessionIDHelper helper)
{
_mockContext = context;
_authenticatedSessionsEnabled = config.SessionIDAuthentication.Enabled;
_sessionIdHelper = helper;
}
