public void AuthenticateDoesNotSucceedWithInvalidSecret() { var config = new SharedSecretAuthenticationConfiguration { PrimaryKey = "its-a-key!", PrimarySecret = "zomg!" }; var headerTokens = new Dictionary <string, string> { { "Authentication", "SharedSecret" } }; var handler = new SharedSecretAuthenticationHandler(config); var mockActionDescriptor = new Mock <HttpActionDescriptor>(); var httpConfiguration = new HttpConfiguration(); var routeData = new HttpRouteData(new HttpRoute()); var request = new HttpRequestMessage(); var controllerDescriptor = new HttpControllerDescriptor { Configuration = httpConfiguration, ControllerName = "generic" }; var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request) { ControllerDescriptor = controllerDescriptor }; var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object); var authcontext = new HttpAuthenticationContext(actionContext, null); request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationKey, config.PrimaryKey); request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationSecret, "wrong!"); var result = handler.Authenticate(headerTokens, authcontext); result.Should().BeNull("because an invalid key was specified in the header"); }
public void AuthenticateDoesNotSucceedWithMissingSecretHeader() { var config = new SharedSecretAuthenticationConfiguration { PrimaryKey = "its-a-key!", PrimarySecret = "zomg!" }; var handler = new SharedSecretAuthenticationHandler(config); var mockActionDescriptor = new Mock <HttpActionDescriptor>(); var httpConfiguration = new HttpConfiguration(); var routeData = new HttpRouteData(new HttpRoute()); var request = new HttpRequestMessage(); var controllerDescriptor = new HttpControllerDescriptor { Configuration = httpConfiguration, ControllerName = "generic" }; var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request) { ControllerDescriptor = controllerDescriptor }; var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object); var authcontext = new HttpAuthenticationContext(actionContext, null); request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationKey, "something"); var result = handler.Authenticate(null, authcontext); result.Should().BeNull("because the header token collection was null"); }
public async Task ConfigureDeppendencyResolverDiscoversAuthenticationHandlers() { var mockConfigurationFactory = new Mock <IConfigurationFactory>(); var httpConfig = new HttpConfiguration(); var sharedSecretConfig = new SharedSecretAuthenticationConfiguration { Enabled = true, PrimarySecret = "test", PrimaryKey = "key!" }; var clientCertificateConfig = new ClientCertificateAuthenticationConfiguration { Enabled = true, EnforceLocalCertificateValidation = false, SerializedCertificateClaimsMapping = "{\";4497ebb9f0f694d219fe8652a8d4922fead6a5d9\";:{\";urn:ordering:security:privilege:sudo\";:\";true\";}}" }; try { mockConfigurationFactory .Setup(factory => factory.Create(It.IsAny <Type>())) .Returns <Type>(type => { if (type == typeof(SharedSecretAuthenticationConfiguration)) { return(sharedSecretConfig); } else if (type == typeof(ClientCertificateAuthenticationConfiguration)) { return(clientCertificateConfig); } return(Activator.CreateInstance(type)); }); Startup.ConfigureDependencyResolver(httpConfig, () => mockConfigurationFactory.Object); var locator = httpConfig.DependencyResolver; locator.Should().NotBeNull("because the dependency resolver should have been set"); var authenticationHandlers = locator.GetServices(typeof(IAuthenticationHandler)); authenticationHandlers.Should().NotBeNullOrEmpty("because the authentication handlers should have been found"); var expected = typeof(IAuthenticationHandler).Assembly.GetTypes().Where(type => type.GetInterface(nameof(IAuthenticationHandler)) != null); authenticationHandlers.Select(handler => handler.GetType()).Should().BeEquivalentTo(expected, "because the locator should discover handlers defined along side the interface"); await Task.Delay(1000); } finally { httpConfig?.DependencyResolver?.Dispose(); } }
/// <summary> /// Initializes a new instance of the <see cref="SharedSecretAuthenticationHandler"/> class. /// </summary> /// /// <param name="configuration">The configuration of the athentication scheme.</param> /// public SharedSecretAuthenticationHandler(SharedSecretAuthenticationConfiguration configuration) { if (configuration == null) { throw new ArgumentNullException(nameof(configuration)); } if ((configuration.Enabled) && (String.IsNullOrEmpty(configuration.PrimaryKey))) { throw new ArgumentException($"The primary key must be configured in { nameof(configuration.PrimaryKey) }", nameof(configuration)); } if ((configuration.Enabled) && (String.IsNullOrWhiteSpace(configuration.PrimarySecret))) { throw new ArgumentException($"The primary secret must be configured in { nameof(configuration.PrimarySecret) }", nameof(configuration)); } this.configuration = configuration; }
public void GenerateChallengeProducesTheChallenge() { var config = new SharedSecretAuthenticationConfiguration { PrimaryKey = "its-a-key!", PrimarySecret = "zomg!", SecondaryKey = "another-key", SecondarySecret = "another-secret" }; var headerTokens = new Dictionary <string, string> { { "Authentication", "SharedSecret" } }; var handler = new SharedSecretAuthenticationHandler(config); var mockActionDescriptor = new Mock <HttpActionDescriptor>(); var httpConfiguration = new HttpConfiguration(); var routeData = new HttpRouteData(new HttpRoute()); var request = new HttpRequestMessage(); var controllerDescriptor = new HttpControllerDescriptor { Configuration = httpConfiguration, ControllerName = "generic" }; var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request) { ControllerDescriptor = controllerDescriptor }; var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object); var authcontext = new HttpAuthenticationChallengeContext(actionContext, new UnauthorizedResult(new [] { new AuthenticationHeaderValue("TEST", "") }, request)); request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationKey, "bad-key"); request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationSecret, "bad secret"); var result = handler.GenerateChallenge(headerTokens, authcontext); result.Should().NotBeNull("because a challenge should always be generated"); result.Scheme.Should().Be(handler.HandlerType.ToString(), "because the scheme should match the authentication type"); }
public void AuthenticateSuceedsWithSecondaryKeyAndSecret() { var config = new SharedSecretAuthenticationConfiguration { PrimaryKey = "its-a-key!", PrimarySecret = "zomg!", SecondaryKey = "another-key", SecondarySecret = "another-secret" }; var headerTokens = new Dictionary <string, string> { { "Authentication", "SharedSecret" } }; var handler = new SharedSecretAuthenticationHandler(config); var mockActionDescriptor = new Mock <HttpActionDescriptor>(); var httpConfiguration = new HttpConfiguration(); var routeData = new HttpRouteData(new HttpRoute()); var request = new HttpRequestMessage(); var controllerDescriptor = new HttpControllerDescriptor { Configuration = httpConfiguration, ControllerName = "generic" }; var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request) { ControllerDescriptor = controllerDescriptor }; var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object); var authcontext = new HttpAuthenticationContext(actionContext, null); request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationKey, config.SecondaryKey); request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationSecret, config.SecondarySecret); var result = handler.Authenticate(headerTokens, authcontext); result.Should().NotBeNull("because the primary secret was used in the header"); result.Should().BeOfType <ClaimsPrincipal>("because authentication should return a claims principal"); }