コード例 #1
0
        public void RequestWithoutAuthorizationHeaderShouldThrow()
        {
            ISecureServiceBehavior behavior = new DigestAuthenticationBehavior();
            IServiceContext context = GenerateInitialContext();

            try
            {
                behavior.OnMethodAuthorizing(context, null);
                Assert.Fail();
            }
            catch (HttpResponseException ex)
            {
                Assert.That(ex.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
            }
            finally
            {
                MockContextManager.DestroyContext();
            }
        }
コード例 #2
0
        public void RequestUsingDigestWithAuthShouldNotThrow()
        {
            ISecureServiceBehavior behavior = new DigestAuthenticationBehavior(new TestAuthorizationManager());

            string authorizationHeaderString;

            try
            {
                // creating initial unauthorized context
                IServiceContext initialContext = GenerateInitialContext();

                try
                {
                    behavior.OnMethodAuthorizing(initialContext, null);
                    Assert.Fail();
                }
                catch (HttpResponseException ex)
                {
                    Assert.That(ex.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
                }

                // generating authorization header
                string authenticateHeaderString = initialContext.Response.GetHeader("WWW-Authenticate");
                Assert.That(authenticateHeaderString, Is.Not.Null);
                Assert.That(authenticateHeaderString, Is.StringStarting("Digest"));

                authorizationHeaderString = String.Format("Digest {0} username=\"{1}\", cnonce=\"{2}\", nc=\"{3}\", uri=\"{4}\"",
                                                                 authenticateHeaderString.Replace("Digest ", String.Empty),
                                                                 UserName,
                                                                 ClientNonce,
                                                                 NonceCount,
                                                                 ServiceUri);
            }
            finally
            {
                MockContextManager.DestroyContext();
            }

            AuthorizationHeader authorizationHeader;
            Assert.That(AuthorizationHeaderParser.TryParse(authorizationHeaderString, out authorizationHeader));

            // generating digest response
            string response;

            using (var encoder = new MD5Encoder())
            {
                string ha1 = encoder.Encode(String.Format("{0}:{1}:{2}", UserName, authorizationHeader.Parameters.Get("realm"), Password));
                string ha2 = encoder.Encode(String.Format("{0}:{1}", "POST", ServiceUri));

                response = encoder.Encode(String.Format("{0}:{1}:{2}:{3}:{4}:{5}", ha1, authorizationHeader.Parameters.Get("nonce"), NonceCount, ClientNonce, "auth", ha2));
            }

            try
            {
                // creating authorized context
                IServiceContext authorizedContext = GenerateAuthorizedContext(authorizationHeaderString, response);
                behavior.OnMethodAuthorizing(authorizedContext, null);
            }
            finally
            {
                MockContextManager.DestroyContext();
            }
        }