public void SplitString_SplitsOnCommaAndTrimsWhitespaceAndIgnoresEmptyStrings(
            string input,
            params string[] expectedResult
            )
        {
            string[] result = AuthorizeAttribute.SplitString(input);

            Assert.Equal(expectedResult, result);
        }
        public void Users_Property()
        {
            AuthorizeAttribute attribute = new AuthorizeAttribute();

            Assert.Reflection.StringProperty(
                attribute,
                a => a.Users,
                expectedDefaultValue: String.Empty
                );
        }
        public void OnAuthorization_IfControllerDescriptorIsMarkedWithAllowAnonymousAttribute_DoesNotShortCircuitResponse()
        {
            _controllerDescriptorMock.Setup(ad => ad.GetCustomAttributes <AllowAnonymousAttribute>()).Returns(_allowAnonymousAttributeCollection);
            Mock <MockableAuthorizeAttribute> authorizeAttributeMock = new Mock <MockableAuthorizeAttribute>()
            {
                CallBase = true
            };
            AuthorizeAttribute attribute = authorizeAttributeMock.Object;

            attribute.OnAuthorization(_actionContext);

            Assert.Null(_actionContext.Response);
        }
        public void OnAuthorization_IfRequestNotAuthorized_CallsHandleUnauthorizedRequest()
        {
            Mock <MockableAuthorizeAttribute> authorizeAttributeMock = new Mock <MockableAuthorizeAttribute>()
            {
                CallBase = true
            };

            _principalMock.Setup(p => p.Identity.IsAuthenticated).Returns(false);
            authorizeAttributeMock.Setup(a => a.HandleUnauthorizedRequestPublic(_actionContext)).Verifiable();
            AuthorizeAttribute attribute = authorizeAttributeMock.Object;

            attribute.OnAuthorization(_actionContext);

            authorizeAttributeMock.Verify();
        }
Exemple #5
0
        public void GetFilterPipeline_Returns_ConfigurationFilters()
        {
            IActionFilter        actionFilter        = new Mock <IActionFilter>().Object;
            IExceptionFilter     exceptionFilter     = new Mock <IExceptionFilter>().Object;
            IAuthorizationFilter authorizationFilter = new AuthorizeAttribute();
            Action deleteAllUsersMethod = _controller.DeleteAllUsers;

            HttpControllerDescriptor controllerDescriptor = new HttpControllerDescriptor(new HttpConfiguration(), "UsersRpcController", typeof(UsersRpcController));

            controllerDescriptor.Configuration.Filters.Add(actionFilter);
            controllerDescriptor.Configuration.Filters.Add(exceptionFilter);
            controllerDescriptor.Configuration.Filters.Add(authorizationFilter);
            ReflectedHttpActionDescriptor actionDescriptor = new ReflectedHttpActionDescriptor(controllerDescriptor, deleteAllUsersMethod.Method);

            Collection <FilterInfo> filters = actionDescriptor.GetFilterPipeline();

            Assert.Same(actionFilter, filters[0].Instance);
            Assert.Same(exceptionFilter, filters[1].Instance);
            Assert.Same(authorizationFilter, filters[2].Instance);
        }
        public void GetFilterPipeline_Returns_ConfigurationFilters()
        {
            IActionFilter actionFilter = new Mock<IActionFilter>().Object;
            IExceptionFilter exceptionFilter = new Mock<IExceptionFilter>().Object;
            IAuthorizationFilter authorizationFilter = new AuthorizeAttribute();
            Action deleteAllUsersMethod = _controller.DeleteAllUsers;

            HttpControllerDescriptor controllerDescriptor = new HttpControllerDescriptor(new HttpConfiguration(), "UsersRpcController", typeof(UsersRpcController));
            controllerDescriptor.Configuration.Filters.Add(actionFilter);
            controllerDescriptor.Configuration.Filters.Add(exceptionFilter);
            controllerDescriptor.Configuration.Filters.Add(authorizationFilter);
            ReflectedHttpActionDescriptor actionDescriptor = new ReflectedHttpActionDescriptor(controllerDescriptor, deleteAllUsersMethod.Method);

            Collection<FilterInfo> filters = actionDescriptor.GetFilterPipeline();

            Assert.Same(actionFilter, filters[0].Instance);
            Assert.Same(exceptionFilter, filters[1].Instance);
            Assert.Same(authorizationFilter, filters[2].Instance);
        }
        private void OnServiceStartup(
            IAppBuilder applicationBuilder, 
            HttpConfiguration configuration)
        {
            if (null == applicationBuilder)
            {
                throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameApplicationBuilder);
            }

            if (null == configuration)
            {
                throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameConfiguration);
            }

            if (null == this.windowsAzureActiveDirectoryBearerAuthenticationOptions)
            {
                return;
            }

            System.Web.Http.Filters.IFilter authorizationFilter = new AuthorizeAttribute();
            configuration.Filters.Add(authorizationFilter);
            
            applicationBuilder
                .UseWindowsAzureActiveDirectoryBearerAuthentication(
                    this.windowsAzureActiveDirectoryBearerAuthenticationOptions);
        }
 /// <summary>
 /// 用户属于当前Action的角色,用户范围中
 /// </summary>
 /// <param name="authorizationUser"></param>
 /// <param name="attr"></param>
 /// <returns></returns>
 private bool IsInRoles(AuthorisedUserView authorizationUser, AuthorizeAttribute attr)
 {
     var inRole = true; //是否在角色内
     var inUser = true; //是否在用户内
     if (!string.IsNullOrWhiteSpace(attr.Roles))
     {
         var roles = attr.Roles.Split(',');
         if (!roles.Intersect(authorizationUser.Roles.ToArray()).Any())
         {
             inRole = false;
         }
     }
     if (!string.IsNullOrWhiteSpace(attr.Users))
     {
         var users = attr.Users.Split(',');
         if (!users.Contains(authorizationUser.UserName))
         {
             inUser = false;
         }
     }
     return inRole && inUser;
 }
        private void OnServiceStartup(IAppBuilder applicationBuilder, HttpConfiguration configuration)
        {
            logger.Info("OnServiceStartup.... ###############");

            // pvs
            // IFilter is defined in System.Web.Http.dll.  
            System.Web.Http.Filters.IFilter authorizationFilter =
              new System.Web.Http.AuthorizeAttribute(); // Defined in System.Web.Http.dll.configuration.Filters.Add(authorizationFilter);

            // SystemIdentityModel.Tokens.TokenValidationParameters is defined in    
            // System.IdentityModel.Token.Jwt.dll.
            System.IdentityModel.Tokens.TokenValidationParameters tokenValidationParameters =
              new TokenValidationParameters()
              {
                  ValidAudience = "00000002-0000-0000-c000-000000000000"
              };

            // WindowsAzureActiveDirectoryBearerAuthenticationOptions is defined in 
            // Microsoft.Owin.Security.ActiveDirectory.dll
            Microsoft.Owin.Security.ActiveDirectory.
            WindowsAzureActiveDirectoryBearerAuthenticationOptions authenticationOptions =
              new WindowsAzureActiveDirectoryBearerAuthenticationOptions()
              {
                  TokenValidationParameters = tokenValidationParameters,
                  Tenant = TENANT_ID // Substitute the appropriate tenant’s 
                  // identifier for this one.  
              };

            applicationBuilder.UseWindowsAzureActiveDirectoryBearerAuthentication(authenticationOptions);
            //~pvs
        }