public async Task Authorization_Custom_Authorization_On_Query()
{
CityDomainService cities = new CityDomainService();
DomainServiceDescription serviceDescription = DomainServiceDescription.GetDescription(typeof(CityDomainService));
DomainOperationEntry getZipsIfUser = serviceDescription.GetQueryMethod("GetZipsIfUser");
// The attribute permits only a user named mathew to access the query
MockUser user = new MockUser("NotZipGuy");
MockDataService dataService = new MockDataService(user);
cities.Initialize(new WcfDomainServiceContext(dataService, DomainOperationType.Query));
// not authenticated should be denied cleanly because there is no user name
Exception expectedException = null;
System.Collections.IEnumerable result;
try
{
user.IsAuthenticated = false;
result = (await cities.QueryAsync <Zip>(new QueryDescription(getZipsIfUser), CancellationToken.None)).Result;
}
catch (UnauthorizedAccessException e)
{
expectedException = e;
}
Assert.IsNotNull(expectedException);
Assert.AreEqual("Only one user is authorized for this query, and it isn't you.", expectedException.Message, "Expected this custom authorization deny message for non-authenticated user.");
// Authenticated, but still not the right user name -- should be denied
cities = new CityDomainService();
expectedException = null;
user = new MockUser("NotZipGuy", new string[] { "clerk" });
user.IsAuthenticated = true;
dataService = new MockDataService(user);
cities.Initialize(new WcfDomainServiceContext(dataService, DomainOperationType.Query));
try
{
result = (await cities.QueryAsync <Zip>(new QueryDescription(getZipsIfUser), CancellationToken.None))
.Result;
}
catch (UnauthorizedAccessException e)
{
expectedException = e;
}
Assert.IsNotNull(expectedException);
Assert.AreEqual("Only one user is authorized for this query, and it isn't you.", expectedException.Message, "Expected this custom authorization deny message for authenticated user with wrong name.");
// authenticated and in with the right name -- should be allowed
cities = new CityDomainService();
user = new MockUser("ZipGuy");
user.IsAuthenticated = true;
dataService = new MockDataService(user);
cities.Initialize(new WcfDomainServiceContext(dataService, DomainOperationType.Query));
var queryResult = await cities.QueryAsync <Zip>(new QueryDescription(getZipsIfUser), CancellationToken.None);
Assert.IsNotNull(queryResult.Result);
Assert.IsNull(queryResult.ValidationErrors);
Assert.IsTrue(queryResult.Result.OfType <Zip>().Any(), "Expected non-zero number of zip codes returned");
}
/// <summary>
/// Creates an instance of the specified provider type, initialized with
/// a mock operation context.
/// </summary>
/// <param name="providerType">The Type of provider to create and initialize</param>
/// <param name="operationType">The operation type</param>
/// <returns>The provider instance</returns>
public static DomainService CreateInitializedDomainService(Type providerType, DomainOperationType operationType)
{
DomainService provider = (DomainService)Activator.CreateInstance(providerType);
// create a fully functional, authenticated test context
MockUser mockUser = new MockUser("test_user");
mockUser.IsAuthenticated = true;
MockDataService dataService = new MockDataService(mockUser);
DomainServiceContext operationContext = new DomainServiceContext(dataService, operationType);
provider.Initialize(operationContext);
return(provider);
}
public async Task Authorization_MockUser()
{
CityDomainService cities = new CityDomainService();
DomainServiceDescription serviceDescription = DomainServiceDescription.GetDescription(typeof(CityDomainService));
DomainOperationEntry getZipsIfAuthenticated = serviceDescription.GetQueryMethod("GetZipsIfAuthenticated");
DomainOperationEntry getZipsIfInRole = serviceDescription.GetQueryMethod("GetZipsIfInRole");
// Validate a null principal is denied
MockUser user = null;
MockDataService dataService = new MockDataService(user);
cities.Initialize(new WcfDomainServiceContext(dataService, DomainOperationType.Query));
Exception expectedException = null;
ServiceQueryResult <Zip> result;
try
{
result = await cities.QueryAsync <Zip>(new QueryDescription(getZipsIfAuthenticated), CancellationToken.None);
}
catch (UnauthorizedAccessException e)
{
expectedException = e;
}
Assert.IsNotNull(expectedException);
Assert.AreEqual("Access to operation 'GetZipsIfAuthenticated' was denied.", expectedException.Message, "Expected standard deny message for null principal");
// Validate a non-authenticated user is denied
user = new MockUser("mathew");
dataService = new MockDataService(user);
cities = new CityDomainService();
cities.Initialize(new WcfDomainServiceContext(dataService, DomainOperationType.Query));
expectedException = null;
try
{
user.IsAuthenticated = false;
result = await cities.QueryAsync <Zip>(new QueryDescription(getZipsIfAuthenticated), CancellationToken.None);
}
catch (UnauthorizedAccessException e)
{
expectedException = e;
}
Assert.IsNotNull(expectedException);
// we're authenticated, so this should succeed
expectedException = null;
user.IsAuthenticated = true;
result = await cities.QueryAsync <Zip>(new QueryDescription(getZipsIfAuthenticated), CancellationToken.None);
Assert.IsNotNull(result.Result);
// authenticated, but not in role, so we should fail
cities = new CityDomainService();
expectedException = null;
user = new MockUser("mathew", new string[] { "clerk" });
user.IsAuthenticated = true;
dataService = new MockDataService(user);
cities.Initialize(new WcfDomainServiceContext(dataService, DomainOperationType.Query));
try
{
result = await cities.QueryAsync <Zip>(new QueryDescription(getZipsIfInRole), CancellationToken.None);
}
catch (UnauthorizedAccessException e)
{
expectedException = e;
}
Assert.IsNotNull(expectedException);
// authenticated and in role, so we should succeed
cities = new CityDomainService();
user = new MockUser("mathew", new string[] { "manager" });
user.IsAuthenticated = true;
dataService = new MockDataService(user);
cities.Initialize(new WcfDomainServiceContext(dataService, DomainOperationType.Query));
result = await cities.QueryAsync <Zip>(new QueryDescription(getZipsIfInRole), CancellationToken.None);
Assert.IsNotNull(result);
}
public void Authorization_MockUser()
{
int count;
CityDomainService cities = new CityDomainService();
DomainServiceDescription serviceDescription = DomainServiceDescription.GetDescription(typeof(CityDomainService));
DomainOperationEntry getZipsIfAuthenticated = serviceDescription.GetQueryMethod("GetZipsIfAuthenticated");
DomainOperationEntry getZipsIfInRole = serviceDescription.GetQueryMethod("GetZipsIfInRole");
// Validate a null principal is denied
MockUser user = null;
MockDataService dataService = new MockDataService(user);
cities.Initialize(new DomainServiceContext(dataService, DomainOperationType.Query));
Exception expectedException = null;
System.Collections.IEnumerable result;
IEnumerable <ValidationResult> validationErrors = null;
try
{
result = cities.Query(new QueryDescription(getZipsIfAuthenticated), out validationErrors, out count);
}
catch (UnauthorizedAccessException e)
{
expectedException = e;
}
Assert.IsNotNull(expectedException);
Assert.IsNull(validationErrors);
Assert.AreEqual("Access to operation 'GetZipsIfAuthenticated' was denied.", expectedException.Message, "Expected standard deny message for null principal");
// Validate a non-authenticated user is denied
user = new MockUser("mathew");
dataService = new MockDataService(user);
cities = new CityDomainService();
cities.Initialize(new DomainServiceContext(dataService, DomainOperationType.Query));
expectedException = null;
validationErrors = null;
try
{
user.IsAuthenticated = false;
result = cities.Query(new QueryDescription(getZipsIfAuthenticated), out validationErrors, out count);
}
catch (UnauthorizedAccessException e)
{
expectedException = e;
}
Assert.IsNotNull(expectedException);
Assert.IsNull(validationErrors);
// we're authenticated, so this should succeed
expectedException = null;
user.IsAuthenticated = true;
result = cities.Query(new QueryDescription(getZipsIfAuthenticated), out validationErrors, out count);
Assert.IsNotNull(result);
Assert.IsNull(validationErrors);
// authenticated, but not in role, so we should fail
cities = new CityDomainService();
expectedException = null;
user = new MockUser("mathew", new string[] { "clerk" });
user.IsAuthenticated = true;
dataService = new MockDataService(user);
cities.Initialize(new DomainServiceContext(dataService, DomainOperationType.Query));
try
{
result = cities.Query(new QueryDescription(getZipsIfInRole), out validationErrors, out count);
}
catch (UnauthorizedAccessException e)
{
expectedException = e;
}
Assert.IsNotNull(expectedException);
Assert.IsNull(validationErrors);
// authenticated and in role, so we should succeed
cities = new CityDomainService();
expectedException = null;
user = new MockUser("mathew", new string[] { "manager" });
user.IsAuthenticated = true;
dataService = new MockDataService(user);
cities.Initialize(new DomainServiceContext(dataService, DomainOperationType.Query));
result = cities.Query(new QueryDescription(getZipsIfInRole), out validationErrors, out count);
Assert.IsNotNull(result);
Assert.IsNull(validationErrors);
}
