public void RequestWithSecurityPrincipalShouldNotThrow()
        {
            m_context.User = new GenericPrincipal(new GenericIdentity(UserName), new[] { "Administrators", UserRole });

            ISecureServiceBehavior behavior = new AuthorizationBehavior(UserRole);
            behavior.OnMethodAuthorizing(m_context, null);
        }
        public void RequestWithoutTheAuthorizedRoleShouldThrow()
        {
            m_context.User = new GenericPrincipal(new GenericIdentity(UserName), new[] { "Administrators", UserRole });

            ISecureServiceBehavior behavior = new AuthorizationBehavior("Managers", "Accountants");

            try
            {
                behavior.OnMethodAuthorizing(m_context, null);
                Assert.Fail();
            }
            catch (HttpResponseException ex)
            {
                Assert.That(ex.StatusCode, Is.EqualTo(HttpStatusCode.Forbidden));
            }
        }
        public void RequestWithoutSecurityPrincipalShouldThrow()
        {
            ISecureServiceBehavior behavior = new AuthorizationBehavior(UserRole);

            m_context.User = null;

            try
            {
                behavior.OnMethodAuthorizing(m_context, null);
                Assert.Fail();
            }
            catch (HttpResponseException ex)
            {
                Assert.That(ex.StatusCode, Is.EqualTo(HttpStatusCode.Forbidden));
            }
        }