コード例 #1
0
        public void GetUriRequestReturnsNullIfOffloadedHeaderSecurityAlreadyMatchesSpecifiedSecurity()
        {
            // Arrange.
            var mockRequest = new Mock<HttpRequestBase>();
            mockRequest.SetupGet(req => req.IsSecureConnection).Returns(false);

            var mockResponse = new Mock<HttpResponseBase>();
            var settings = new Settings();
            var evaluator = new HeadersSecurityEvaluator();
            var enforcer = new SecurityEnforcer(evaluator);

            // Act.
            mockRequest.SetupGet(req => req.Headers).Returns(new NameValueCollection {
                { "SSL_REQUEST", "on" },
                { "OTHER_HEADER", "some-value" }
            });
            settings.OffloadedSecurityHeaders = "SSL_REQUEST=";
            var targetUrlForAlreadySecuredRequest = enforcer.GetUriForMatchedSecurityRequest(mockRequest.Object,
                                                                                             mockResponse.Object,
                                                                                             RequestSecurity.Secure,
                                                                                             settings);

            mockRequest.SetupGet(req => req.Headers).Returns(new NameValueCollection {
                { "OTHER_HEADER", "some-value" }
            });
            var targetUrlForAlreadyInsecureRequest = enforcer.GetUriForMatchedSecurityRequest(mockRequest.Object,
                                                                                              mockResponse.Object,
                                                                                              RequestSecurity.Insecure,
                                                                                              settings);

            // Assert.
            Assert.Null(targetUrlForAlreadySecuredRequest);
            Assert.Null(targetUrlForAlreadyInsecureRequest);
        }
コード例 #2
0
        public void GetUriDoesNotIncludeApplicationPathWithSuppliedBaseUri()
        {
            const string BaseRequestUri = "http://www.testsite.com";
            const string ApplicationPathRequestUri = "/MySuperDuperApplication";
            const string PathRequestUri = ApplicationPathRequestUri + "/Manage/Default.aspx";
            const string QueryRequestUri = "?Param=SomeValue";

            var mockRequest = new Mock<HttpRequestBase>();
            mockRequest.SetupGet(req => req.ApplicationPath).Returns(ApplicationPathRequestUri);
            mockRequest.SetupGet(req => req.Url).Returns(new Uri(BaseRequestUri + PathRequestUri + QueryRequestUri));
            mockRequest.SetupGet(req => req.RawUrl).Returns(PathRequestUri + QueryRequestUri);

            var mockResponse = new Mock<HttpResponseBase>();
            mockResponse.Setup(resp => resp.ApplyAppPathModifier(It.IsAny<string>())).Returns<string>(s => s);

            var settings = new Settings {
                Mode = Mode.On,
                BaseSecureUri = "https://secure.someotherwebsite.com/testsite/"
            };
            var evaluator = new HeadersSecurityEvaluator();
            var enforcer = new SecurityEnforcer(evaluator);

            // Act.
            var targetUrl = enforcer.GetUriForMatchedSecurityRequest(mockRequest.Object,
                                                                     mockResponse.Object,
                                                                     RequestSecurity.Secure,
                                                                     settings);

            // Assert.
            Assert.Equal(settings.BaseSecureUri + PathRequestUri.Remove(0, ApplicationPathRequestUri.Length + 1) + QueryRequestUri, targetUrl);
        }
コード例 #3
0
        public void IsSecureConnectionReturnsFalseIfNoHeaderMatchesAnOffloadHeader()
        {
            // Arrange.
            var mockRequest = new Mock<HttpRequestBase>();
            mockRequest.SetupGet(req => req.Headers).Returns(new NameValueCollection {
                { "SOME_HEADER", "some-value" }
            });

            var settings = new Settings {
                OffloadedSecurityHeaders = "SSL_REQUEST=on"
            };

            var evaluator = new HeadersSecurityEvaluator();

            // Act.
            var result = evaluator.IsSecureConnection(mockRequest.Object, settings);

            // Assert.
            Assert.False(result);
        }
コード例 #4
0
        public void IsSecureConnectionReturnsTrueIfHeaderMatchesAnOffloadHeader()
        {
            // Arrange.
            var mockRequest = new Mock<HttpRequestBase>();
            mockRequest.SetupGet(req => req.Headers).Returns(new NameValueCollection {
                { "SOME_HEADER", "some-value" },
                { "SSL_REQUEST", "on" }
            });

            var settings = new Settings();
            var evaluator = new HeadersSecurityEvaluator();

            // Act.
            settings.OffloadedSecurityHeaders = "SSL_REQUEST=on";
            var resultWithHeaderValueMatch = evaluator.IsSecureConnection(mockRequest.Object, settings);

            settings.OffloadedSecurityHeaders = "SSL_REQUEST=";
            var resultWithJustHeaderPresent = evaluator.IsSecureConnection(mockRequest.Object, settings);

            // Assert.
            Assert.True(resultWithHeaderValueMatch);
            Assert.True(resultWithJustHeaderPresent);
        }
コード例 #5
0
        public void GetUriReturnsTheRequestUrlWithProtocolReplacedWhenNoBaseUriIsSupplied()
        {
            // Arrange.
            const string BaseRequestUri = "http://www.testsite.com";
            const string PathRequestUri = "/Manage/Default.aspx?Param=SomeValue";

            var mockRequest = new Mock<HttpRequestBase>();
            mockRequest.SetupGet(req => req.Url).Returns(new Uri(BaseRequestUri + PathRequestUri));
            mockRequest.SetupGet(req => req.RawUrl).Returns(PathRequestUri);

            var mockResponse = new Mock<HttpResponseBase>();
            mockResponse.Setup(resp => resp.ApplyAppPathModifier(It.IsAny<string>())).Returns<string>(s => s);

            var settings = new Settings {
                Mode = Mode.On,
                Paths = {
                    new TestPathSetting("/Manage")
                }
            };
            var evaluator = new HeadersSecurityEvaluator();
            var enforcer = new SecurityEnforcer(evaluator);

            // Act.
            var targetUrl = enforcer.GetUriForMatchedSecurityRequest(mockRequest.Object,
                                                                     mockResponse.Object,
                                                                     RequestSecurity.Secure,
                                                                     settings);

            // Assert.
            Assert.Equal(BaseRequestUri.Replace("http://", "https://") + PathRequestUri, targetUrl);
        }