public void DeniesAccessIfNoUserOrPassword()
{
var basicAuth = new BasicAuthHttpModule(CreateMockConfiguration());
var context = CreateMockContext();
context.Request.Headers.Add("Authorization", BuildAuthorizationHeader("", ""));
basicAuth.AuthenticateRequest(context);
Assert.Equal((int)HttpStatusCode.Unauthorized, context.Response.StatusCode);
}
public void DeniesAccessIfNoAuthorizationHeader()
{
var basicAuth = new BasicAuthHttpModule(CreateMockConfiguration());
var context = CreateMockContext();
basicAuth.AuthenticateRequest(context);
Assert.Equal((int)HttpStatusCode.Unauthorized, context.Response.StatusCode);
}
public void DeniesAccessIfNotBasicAuth()
{
var basicAuth = new BasicAuthHttpModule(CreateMockConfiguration());
var context = CreateMockContext();
context.Request.Headers.Add("Authorization", "some other wacky auth scheme");
basicAuth.AuthenticateRequest(context);
Assert.Equal((int)HttpStatusCode.Unauthorized, context.Response.StatusCode);
}
public void DoesNotSetPrincipalWhenAccessIsDenied()
{
var basicAuth = new BasicAuthHttpModule(CreateMockConfiguration());
var context = CreateMockContext();
context.Request.Headers.Add("Authorization", BuildAuthorizationHeader("user", "badpassword"));
Thread.CurrentPrincipal = null;
basicAuth.AuthenticateRequest(context);
Assert.Equal("", Thread.CurrentPrincipal.Identity.Name);
Assert.Equal("", context.User.Identity.Name);
}
public void GrantsAccessIfPasswordContainsColon()
{
var basicAuth = new BasicAuthHttpModule(CreateMockConfiguration("user", "pass:word"));
var context = CreateMockContext();
context.Request.Headers.Add("Authorization", BuildAuthorizationHeader("user", "pass:word"));
basicAuth.AuthenticateRequest(context);
Assert.Equal(0, context.Response.StatusCode);
}
