public void RequestWithSecurityPrincipalShouldNotThrow()
{
m_context.User = new GenericPrincipal(new GenericIdentity(UserName), new[] { "Administrators", UserRole });
ISecureServiceBehavior behavior = new AuthorizationBehavior(UserRole);
behavior.OnMethodAuthorizing(m_context, null);
}
public void RequestWithoutTheAuthorizedRoleShouldThrow()
{
m_context.User = new GenericPrincipal(new GenericIdentity(UserName), new[] { "Administrators", UserRole });
ISecureServiceBehavior behavior = new AuthorizationBehavior("Managers", "Accountants");
try
{
behavior.OnMethodAuthorizing(m_context, null);
Assert.Fail();
}
catch (HttpResponseException ex)
{
Assert.That(ex.StatusCode, Is.EqualTo(HttpStatusCode.Forbidden));
}
}
public void RequestWithoutSecurityPrincipalShouldThrow()
{
ISecureServiceBehavior behavior = new AuthorizationBehavior(UserRole);
m_context.User = null;
try
{
behavior.OnMethodAuthorizing(m_context, null);
Assert.Fail();
}
catch (HttpResponseException ex)
{
Assert.That(ex.StatusCode, Is.EqualTo(HttpStatusCode.Forbidden));
}
}
