public void AuthenticateDoesNotSucceedWithInvalidSecret()
{
var config = new SharedSecretAuthenticationConfiguration
{
PrimaryKey = "its-a-key!",
PrimarySecret = "zomg!"
};
var headerTokens = new Dictionary <string, string>
{
{ "Authentication", "SharedSecret" }
};
var handler = new SharedSecretAuthenticationHandler(config);
var mockActionDescriptor = new Mock <HttpActionDescriptor>();
var httpConfiguration = new HttpConfiguration();
var routeData = new HttpRouteData(new HttpRoute());
var request = new HttpRequestMessage();
var controllerDescriptor = new HttpControllerDescriptor {
Configuration = httpConfiguration, ControllerName = "generic"
};
var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
{
ControllerDescriptor = controllerDescriptor
};
var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
var authcontext = new HttpAuthenticationContext(actionContext, null);
request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationKey, config.PrimaryKey);
request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationSecret, "wrong!");
var result = handler.Authenticate(headerTokens, authcontext);
result.Should().BeNull("because an invalid key was specified in the header");
}
public void AuthenticateDoesNotSucceedWithMissingSecretHeader()
{
var config = new SharedSecretAuthenticationConfiguration
{
PrimaryKey = "its-a-key!",
PrimarySecret = "zomg!"
};
var handler = new SharedSecretAuthenticationHandler(config);
var mockActionDescriptor = new Mock <HttpActionDescriptor>();
var httpConfiguration = new HttpConfiguration();
var routeData = new HttpRouteData(new HttpRoute());
var request = new HttpRequestMessage();
var controllerDescriptor = new HttpControllerDescriptor {
Configuration = httpConfiguration, ControllerName = "generic"
};
var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
{
ControllerDescriptor = controllerDescriptor
};
var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
var authcontext = new HttpAuthenticationContext(actionContext, null);
request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationKey, "something");
var result = handler.Authenticate(null, authcontext);
result.Should().BeNull("because the header token collection was null");
}
public async Task ConfigureDeppendencyResolverDiscoversAuthenticationHandlers()
{
var mockConfigurationFactory = new Mock <IConfigurationFactory>();
var httpConfig = new HttpConfiguration();
var sharedSecretConfig = new SharedSecretAuthenticationConfiguration {
Enabled = true, PrimarySecret = "test", PrimaryKey = "key!"
};
var clientCertificateConfig = new ClientCertificateAuthenticationConfiguration {
Enabled = true, EnforceLocalCertificateValidation = false, SerializedCertificateClaimsMapping = "{\";4497ebb9f0f694d219fe8652a8d4922fead6a5d9\";:{\";urn:ordering:security:privilege:sudo\";:\";true\";}}"
};
try
{
mockConfigurationFactory
.Setup(factory => factory.Create(It.IsAny <Type>()))
.Returns <Type>(type =>
{
if (type == typeof(SharedSecretAuthenticationConfiguration))
{
return(sharedSecretConfig);
}
else if (type == typeof(ClientCertificateAuthenticationConfiguration))
{
return(clientCertificateConfig);
}
return(Activator.CreateInstance(type));
});
Startup.ConfigureDependencyResolver(httpConfig, () => mockConfigurationFactory.Object);
var locator = httpConfig.DependencyResolver;
locator.Should().NotBeNull("because the dependency resolver should have been set");
var authenticationHandlers = locator.GetServices(typeof(IAuthenticationHandler));
authenticationHandlers.Should().NotBeNullOrEmpty("because the authentication handlers should have been found");
var expected = typeof(IAuthenticationHandler).Assembly.GetTypes().Where(type => type.GetInterface(nameof(IAuthenticationHandler)) != null);
authenticationHandlers.Select(handler => handler.GetType()).Should().BeEquivalentTo(expected, "because the locator should discover handlers defined along side the interface");
await Task.Delay(1000);
}
finally
{
httpConfig?.DependencyResolver?.Dispose();
}
}
/// <summary>
/// Initializes a new instance of the <see cref="SharedSecretAuthenticationHandler"/> class.
/// </summary>
///
/// <param name="configuration">The configuration of the athentication scheme.</param>
///
public SharedSecretAuthenticationHandler(SharedSecretAuthenticationConfiguration configuration)
{
if (configuration == null)
{
throw new ArgumentNullException(nameof(configuration));
}
if ((configuration.Enabled) && (String.IsNullOrEmpty(configuration.PrimaryKey)))
{
throw new ArgumentException($"The primary key must be configured in { nameof(configuration.PrimaryKey) }", nameof(configuration));
}
if ((configuration.Enabled) && (String.IsNullOrWhiteSpace(configuration.PrimarySecret)))
{
throw new ArgumentException($"The primary secret must be configured in { nameof(configuration.PrimarySecret) }", nameof(configuration));
}
this.configuration = configuration;
}
public void GenerateChallengeProducesTheChallenge()
{
var config = new SharedSecretAuthenticationConfiguration
{
PrimaryKey = "its-a-key!",
PrimarySecret = "zomg!",
SecondaryKey = "another-key",
SecondarySecret = "another-secret"
};
var headerTokens = new Dictionary <string, string>
{
{ "Authentication", "SharedSecret" }
};
var handler = new SharedSecretAuthenticationHandler(config);
var mockActionDescriptor = new Mock <HttpActionDescriptor>();
var httpConfiguration = new HttpConfiguration();
var routeData = new HttpRouteData(new HttpRoute());
var request = new HttpRequestMessage();
var controllerDescriptor = new HttpControllerDescriptor {
Configuration = httpConfiguration, ControllerName = "generic"
};
var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
{
ControllerDescriptor = controllerDescriptor
};
var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
var authcontext = new HttpAuthenticationChallengeContext(actionContext, new UnauthorizedResult(new [] { new AuthenticationHeaderValue("TEST", "") }, request));
request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationKey, "bad-key");
request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationSecret, "bad secret");
var result = handler.GenerateChallenge(headerTokens, authcontext);
result.Should().NotBeNull("because a challenge should always be generated");
result.Scheme.Should().Be(handler.HandlerType.ToString(), "because the scheme should match the authentication type");
}
public void AuthenticateSuceedsWithSecondaryKeyAndSecret()
{
var config = new SharedSecretAuthenticationConfiguration
{
PrimaryKey = "its-a-key!",
PrimarySecret = "zomg!",
SecondaryKey = "another-key",
SecondarySecret = "another-secret"
};
var headerTokens = new Dictionary <string, string>
{
{ "Authentication", "SharedSecret" }
};
var handler = new SharedSecretAuthenticationHandler(config);
var mockActionDescriptor = new Mock <HttpActionDescriptor>();
var httpConfiguration = new HttpConfiguration();
var routeData = new HttpRouteData(new HttpRoute());
var request = new HttpRequestMessage();
var controllerDescriptor = new HttpControllerDescriptor {
Configuration = httpConfiguration, ControllerName = "generic"
};
var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
{
ControllerDescriptor = controllerDescriptor
};
var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
var authcontext = new HttpAuthenticationContext(actionContext, null);
request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationKey, config.SecondaryKey);
request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationSecret, config.SecondarySecret);
var result = handler.Authenticate(headerTokens, authcontext);
result.Should().NotBeNull("because the primary secret was used in the header");
result.Should().BeOfType <ClaimsPrincipal>("because authentication should return a claims principal");
}
