Handles the AuthenticateRequest event of a request. Decrypts the authentication token and sets up the current user as a GeneralPrinciple, attaching its roles.
Inheritance: IHttpModule
コード例 #1
0
        public void AuthenticateRequest_WithRequestHavingValidAuthCookies_SetsUserToGenericPrincipalWithRoles()
        {
            // arrange
            var module = new AuthenticationModule();
            const string roles = "Admins|HostAdmins|Users";
            var ticket = new FormsAuthenticationTicket(1, ".ASPXAUTH.42", DateTime.Now, DateTime.Now.AddDays(60), true,
                                                       roles);
            string cookieValue = FormsAuthentication.Encrypt(ticket);
            var authCookie = new HttpCookie(".ASPXAUTH.42") { Value = cookieValue };
            var cookies = new HttpCookieCollection { authCookie };
            var httpContext = new Mock<HttpContextBase>();
            httpContext.Stub(c => c.User);
            httpContext.Setup(c => c.Request.Path).Returns("/");
            httpContext.Setup(c => c.Request.QueryString).Returns(new NameValueCollection());
            httpContext.Setup(c => c.Request.Cookies).Returns(cookies);
            httpContext.Setup(c => c.Response.Cookies).Returns(cookies);
            var blogRequest = new BlogRequest("localhost", string.Empty, new Uri("http://localhost"), false,
                                              RequestLocation.Blog, "/") { Blog = new Blog { Id = 42 } };

            // act
            module.AuthenticateRequest(httpContext.Object, blogRequest);

            // assert
            var principal = httpContext.Object.User as GenericPrincipal;
            Assert.IsNotNull(principal);
            Assert.IsTrue(principal.IsInRole("Admins"));
            Assert.IsTrue(principal.IsInRole("HostAdmins"));
            Assert.IsTrue(principal.IsInRole("Users"));
        }
コード例 #2
0
        public void AuthenticateRequest_WithRequestForStaticFile_ReturnsImmediately()
        {
            // arrange
            var module = new AuthenticationModule();
            var httpContext = new Mock<HttpContextBase>();
            httpContext.Setup(c => c.Request.Cookies).Throws(new InvalidOperationException());
            var blogRequest = new BlogRequest("localhost", string.Empty, new Uri("http://localhost"), false,
                                              RequestLocation.StaticFile, "/");

            // act, assert
            module.AuthenticateRequest(httpContext.Object, blogRequest);
        }
コード例 #3
0
        public void GetFormsAuthenticationTicket_WithRequestHavingExpiredAuthCookies_SetsUserToGenericPrincipalWithRoles()
        {
            // arrange
            var module = new AuthenticationModule();
            const string roles = "Admins|HostAdmins|Users";
            var ticket = new FormsAuthenticationTicket(1, ".ASPXAUTH.42", DateTime.UtcNow, DateTime.UtcNow.AddDays(-10), true,
                                                       roles);
            Assert.IsTrue(ticket.Expired);
            string cookieValue = FormsAuthentication.Encrypt(ticket);
            var authCookie = new HttpCookie(".ASPXAUTH.42") { Value = cookieValue };

            // act
            var authTicket = module.GetFormsAuthenticationTicket(authCookie);

            // assert
            Assert.IsNull(authTicket);
        }
コード例 #4
0
        public void GetFormsAuthenticationTicket_WithRequestHavingIndecipherableAuthCookies_ReturnsNull()
        {
            // arrange
            var module = new AuthenticationModule();
            var badCookie = new HttpCookie(".ASPXAUTH.42") { Value = "STEOHsuthosaeuthoes234234sThisIsGarbage", Expires = DateTime.UtcNow };

            // act
            var ticket = module.GetFormsAuthenticationTicket(badCookie);

            // assert
            Assert.IsNull(ticket);
        }
コード例 #5
0
        public void GetFormsAuthenticationTicket_WithRequestHavingNullAuthTicket_ReturnsNull()
        {
            // arrange
            var module = new AuthenticationModule();
            var authCookie = new HttpCookie(".ASPXAUTH.42") { Value = null };

            // act
            var ticket = module.GetFormsAuthenticationTicket(authCookie);

            // assert
            Assert.IsNull(ticket);
        }
コード例 #6
0
        public void GetFormsAuthenticationTicket_WithRequestHavingNoCookies_ReturnsNull()
        {
            // arrange
            var module = new AuthenticationModule();

            // act
            var authTicket = module.GetFormsAuthenticationTicket(null);

            // assert
            Assert.IsNull(authTicket);
        }
コード例 #7
0
        public void HandleFormsAuthenticationTicket_WithRequestHavingNullAuthTicket_WritesExpiredCookie()
        {
            // arrange
            Func<BlogRequest, HttpContextBase, string> loginFunc = (r, c) => "/foo/login.aspx";
            var module = new AuthenticationModule();
            var authCookie = new HttpCookie(".ASPXAUTH.42") { Value = null };
            var cookies = new HttpCookieCollection { authCookie };
            var httpContext = new Mock<HttpContextBase>();
            httpContext.Stub(c => c.User);
            httpContext.Setup(c => c.Request.Path).Returns("/");
            httpContext.Setup(c => c.Request.QueryString).Returns(new NameValueCollection());
            httpContext.Setup(c => c.Request.Cookies).Returns(cookies);
            httpContext.Setup(c => c.Response.Redirect(It.IsAny<string>(), true));
            var responseCookies = new HttpCookieCollection();
            httpContext.Setup(c => c.Response.Cookies).Returns(responseCookies);
            var blogRequest = new BlogRequest("localhost", string.Empty, new Uri("http://localhost"), false,
                                              RequestLocation.Blog, "/") { Blog = new Blog { Id = 42 } };

            // act
            module.HandleFormsAuthenticationTicket(blogRequest, httpContext.Object, null);

            // assert
            var principal = httpContext.Object.User as GenericPrincipal;
            Assert.IsNull(principal);
            Assert.AreEqual(1, responseCookies.Count);
            HttpCookie cookie = responseCookies[".ASPXAUTH.42"];
            Assert.IsTrue(cookie.Expires.AddYears(20) < DateTime.Now);
        }