public void RequestWithoutAuthorizationHeaderShouldThrow() { ISecureServiceBehavior behavior = new DigestAuthenticationBehavior(); IServiceContext context = GenerateInitialContext(); try { behavior.OnMethodAuthorizing(context, null); Assert.Fail(); } catch (HttpResponseException ex) { Assert.That(ex.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized)); } finally { MockContextManager.DestroyContext(); } }
public void RequestUsingDigestWithAuthShouldNotThrow() { ISecureServiceBehavior behavior = new DigestAuthenticationBehavior(new TestAuthorizationManager()); string authorizationHeaderString; try { // creating initial unauthorized context IServiceContext initialContext = GenerateInitialContext(); try { behavior.OnMethodAuthorizing(initialContext, null); Assert.Fail(); } catch (HttpResponseException ex) { Assert.That(ex.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized)); } // generating authorization header string authenticateHeaderString = initialContext.Response.GetHeader("WWW-Authenticate"); Assert.That(authenticateHeaderString, Is.Not.Null); Assert.That(authenticateHeaderString, Is.StringStarting("Digest")); authorizationHeaderString = String.Format("Digest {0} username=\"{1}\", cnonce=\"{2}\", nc=\"{3}\", uri=\"{4}\"", authenticateHeaderString.Replace("Digest ", String.Empty), UserName, ClientNonce, NonceCount, ServiceUri); } finally { MockContextManager.DestroyContext(); } AuthorizationHeader authorizationHeader; Assert.That(AuthorizationHeaderParser.TryParse(authorizationHeaderString, out authorizationHeader)); // generating digest response string response; using (var encoder = new MD5Encoder()) { string ha1 = encoder.Encode(String.Format("{0}:{1}:{2}", UserName, authorizationHeader.Parameters.Get("realm"), Password)); string ha2 = encoder.Encode(String.Format("{0}:{1}", "POST", ServiceUri)); response = encoder.Encode(String.Format("{0}:{1}:{2}:{3}:{4}:{5}", ha1, authorizationHeader.Parameters.Get("nonce"), NonceCount, ClientNonce, "auth", ha2)); } try { // creating authorized context IServiceContext authorizedContext = GenerateAuthorizedContext(authorizationHeaderString, response); behavior.OnMethodAuthorizing(authorizedContext, null); } finally { MockContextManager.DestroyContext(); } }