public void StopImpersonating_EmptyUser()
{
var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation.
var currentlyAuthenticatedUser = new FakeUserInfo("", "", true); // Unexpected authentication context, similar to anonymous user. Testing for robust impersonation management.
var impersonateUserName = "******";
var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);
// Stopping impersonation should expire the impersonation cookie, even if the authentication context is invalid:
var removeResponse = ImpersonationServiceHelper.RemoveImpersonation(currentlyAuthenticatedUser, initialCookie);
AssertIsBefore(removeResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
Assert.AreEqual(ImpersonationService.CookieKey, removeResponse.ResponseCookie.Key);
Assert.AreEqual(" as ",
ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(removeResponse.ResponseCookie.Value))); // No need for impersonation data in the cookie.
TestUtility.AssertContains(
string.Join(Environment.NewLine, removeResponse.Log),
"Removing impersonation, the original user is no longer authenticated.");
// Next request with expired cookie should be without impersonation, even if the expired cookie is sent again.
var authResponseAfterRemove = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, removeResponse.ResponseCookie);
Assert.AreEqual(
"No impersonation, original not recognized",
ReportImpersonationStatus(authResponseAfterRemove.AuthenticationInfo));
}
public void StopImpersonating()
{
var initialUser = new FakeUserInfo("TestUser");
var impersonateUserName = "******";
var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);
// Review test setup:
Assert.AreEqual(
"TestUser as TestImpersonatedUser, original TestUser",
ReportImpersonationStatus(ImpersonationServiceHelper.GetAuthenticationInfo(initialUser, initialCookie).AuthenticationInfo));
// Stopping impersonation should expire the impersonation cookie:
(var responseCookie, var log) = ImpersonationServiceHelper.RemoveImpersonation(initialUser, initialCookie);
AssertIsBefore(responseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
Assert.AreEqual(ImpersonationService.CookieKey, responseCookie.Key);
Assert.AreEqual(" as ",
ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(responseCookie.Value))); // No need for impersonation data in the cookie.
TestUtility.AssertContains(
string.Join(Environment.NewLine, log),
"StopImpersonating: TestUser as TestImpersonatedUser");
// Next request with expired cookie should be without impersonation, even if the expired cookie is sent again.
Assert.AreEqual(
"No impersonation, original TestUser",
ReportImpersonationStatus(ImpersonationServiceHelper.GetAuthenticationInfo(initialUser, responseCookie).AuthenticationInfo));
}
public void StopImpersonating_DifferentUser()
{
var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation.
var currentlyAuthenticatedUser = new FakeUserInfo("CurrentUser"); // Currently authenticated user does not match the initial user, so the impersonation cookie is invalid.
var impersonateUserName = "******";
var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);
// Stopping impersonation should expire the impersonation cookie, even if the authentication context is invalid:
var removeResponse = ImpersonationServiceHelper.RemoveImpersonation(currentlyAuthenticatedUser, initialCookie);
AssertIsBefore(removeResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
Assert.AreEqual(ImpersonationService.CookieKey, removeResponse.ResponseCookie.Key);
Assert.AreEqual(" as ",
ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(removeResponse.ResponseCookie.Value))); // No need for impersonation data in the cookie.
TestUtility.AssertContains(
string.Join(Environment.NewLine, removeResponse.Log),
"Removing impersonation, the current authentication context (CurrentUser) does not match the initial one (InitialUser).");
// Next request with expired cookie should be without impersonation, even if the expired cookie is sent again.
var authResponseAfterRemove = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, removeResponse.ResponseCookie);
Assert.AreEqual(
"No impersonation, original CurrentUser",
ReportImpersonationStatus(authResponseAfterRemove.AuthenticationInfo));
Assert.IsNull(authResponseAfterRemove.ResponseCookie, "There is no need to send the expired cookie again, client already has the expired one.");
}
