public void StopImpersonating() { var initialUser = new FakeUserInfo("TestUser"); var impersonateUserName = "******"; var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName); // Review test setup: Assert.AreEqual( "TestUser as TestImpersonatedUser, original TestUser", ReportImpersonationStatus(ImpersonationServiceHelper.GetAuthenticationInfo(initialUser, initialCookie).AuthenticationInfo)); // Stopping impersonation should expire the impersonation cookie: (var responseCookie, var log) = ImpersonationServiceHelper.RemoveImpersonation(initialUser, initialCookie); AssertIsBefore(responseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1)); Assert.AreEqual(ImpersonationService.CookieKey, responseCookie.Key); Assert.AreEqual(" as ", ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(responseCookie.Value))); // No need for impersonation data in the cookie. TestUtility.AssertContains( string.Join(Environment.NewLine, log), "StopImpersonating: TestUser as TestImpersonatedUser"); // Next request with expired cookie should be without impersonation, even if the expired cookie is sent again. Assert.AreEqual( "No impersonation, original TestUser", ReportImpersonationStatus(ImpersonationServiceHelper.GetAuthenticationInfo(initialUser, responseCookie).AuthenticationInfo)); }
public void StopImpersonating_EmptyUser() { var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation. var currentlyAuthenticatedUser = new FakeUserInfo("", "", true); // Unexpected authentication context, similar to anonymous user. Testing for robust impersonation management. var impersonateUserName = "******"; var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName); // Stopping impersonation should expire the impersonation cookie, even if the authentication context is invalid: var removeResponse = ImpersonationServiceHelper.RemoveImpersonation(currentlyAuthenticatedUser, initialCookie); AssertIsBefore(removeResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1)); Assert.AreEqual(ImpersonationService.CookieKey, removeResponse.ResponseCookie.Key); Assert.AreEqual(" as ", ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(removeResponse.ResponseCookie.Value))); // No need for impersonation data in the cookie. TestUtility.AssertContains( string.Join(Environment.NewLine, removeResponse.Log), "Removing impersonation, the original user is no longer authenticated."); // Next request with expired cookie should be without impersonation, even if the expired cookie is sent again. var authResponseAfterRemove = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, removeResponse.ResponseCookie); Assert.AreEqual( "No impersonation, original not recognized", ReportImpersonationStatus(authResponseAfterRemove.AuthenticationInfo)); }
public void RenewCookieAfterHalfExpirationTime_HalfTimeHasNotPassed() { var testUser = new FakeUserInfo("TestUser"); var impersonateUserName = "******"; var options = new ImpersonationOptions { CookieDurationMinutes = 3 }; var cookie = ImpersonationServiceHelper.SetImpersonation(testUser, impersonateUserName, options); var impersonationInfo = ImpersonationServiceHelper.DecryptCookieValue(cookie.Value); AssertIsWithinOneSecond(DateTime.Now.AddMinutes(options.CookieDurationMinutes), impersonationInfo.Expires); // Reviewing the test setup. // Half-time has not passed: impersonationInfo.Expires = DateTime.Now.AddMinutes(options.CookieDurationMinutes / 2.0).AddSeconds(1); cookie.Value = ImpersonationServiceHelper.EncryptCookieValue(impersonationInfo); (var impersonationService, var httpContext, _) = ImpersonationServiceHelper.CreateImpersonationService(testUser, options); httpContext.RequestCookies.Add(cookie); var user = impersonationService.GetAuthenticationInfo(); // Impersonation should still be valid, the cookie should not be modified. Assert.AreEqual( "TestUser as TestImpersonatedUser, original TestUser", ReportImpersonationStatus(user)); Assert.AreEqual(0, httpContext.ResponseCookies.Count); }
public void StopImpersonating_DifferentUser() { var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation. var currentlyAuthenticatedUser = new FakeUserInfo("CurrentUser"); // Currently authenticated user does not match the initial user, so the impersonation cookie is invalid. var impersonateUserName = "******"; var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName); // Stopping impersonation should expire the impersonation cookie, even if the authentication context is invalid: var removeResponse = ImpersonationServiceHelper.RemoveImpersonation(currentlyAuthenticatedUser, initialCookie); AssertIsBefore(removeResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1)); Assert.AreEqual(ImpersonationService.CookieKey, removeResponse.ResponseCookie.Key); Assert.AreEqual(" as ", ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(removeResponse.ResponseCookie.Value))); // No need for impersonation data in the cookie. TestUtility.AssertContains( string.Join(Environment.NewLine, removeResponse.Log), "Removing impersonation, the current authentication context (CurrentUser) does not match the initial one (InitialUser)."); // Next request with expired cookie should be without impersonation, even if the expired cookie is sent again. var authResponseAfterRemove = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, removeResponse.ResponseCookie); Assert.AreEqual( "No impersonation, original CurrentUser", ReportImpersonationStatus(authResponseAfterRemove.AuthenticationInfo)); Assert.IsNull(authResponseAfterRemove.ResponseCookie, "There is no need to send the expired cookie again, client already has the expired one."); }