public void AuthorizationAttribute_Query_Custom_Attribute()
{
IPrincipal user = this.CreateIPrincipal("user1");
// Instantiate a new DomainService to use for a Query
using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
{
testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Query));
// Get a DomainServiceDescription for that same domain service
DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));
// Locate the QueryAllow query
DomainOperationEntry entry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "QueryAllow");
Assert.IsNotNull(entry, "Did not find QueryAllow entry");
Assert.AreEqual("Query", entry.OperationType, "Query operation type expected for query operation");
// Ask the domain service to perform authorization.
// The principal will be located via the mock data service created above.
AuthorizationResult result = testDomainService.IsAuthorized(entry, entity: null);
if (result != AuthorizationResult.Allowed)
{
Assert.Fail("Expected QueryAllow to be approved: " + result.ErrorMessage);
}
// Try again with a different query that will be denied
entry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "QueryDeny");
Assert.IsNotNull(entry, "Did not find QueryDeny entry");
result = testDomainService.IsAuthorized(entry, entity: null);
Assert.AreNotSame(AuthorizationResult.Allowed, result, "Expected QueryDeny to be denied");
}
}
public void AuthorizationAttribute_Invoke_Custom_Attribute()
{
IPrincipal user = this.CreateIPrincipal("user1");
// Instantiate a new DomainService to use for an Invoke
using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
{
testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Invoke));
// Get a DomainServiceDescription for that same domain service
DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));
// Locate the invoke method
DomainOperationEntry invokeEntry = description.DomainOperationEntries.Single(p => p.Name == "InvokeAllow");
// Ask the domain service to perform authorization.
// The principal will be located via the mock data service created above.
// Invokes do not expect an entity instance.
AuthorizationResult result = testDomainService.IsAuthorized(invokeEntry, entity: null);
Assert.AreSame(AuthorizationResult.Allowed, result, "Expected invoke with custom auth attributes to be allowed.");
// Do that again but using an Invoke that will deny based on its own name
invokeEntry = description.DomainOperationEntries.Single(p => p.Name == "InvokeDeny");
result = testDomainService.IsAuthorized(invokeEntry, entity: null);
Assert.AreNotSame(AuthorizationResult.Allowed, result, "Expected invoke with denying custom attributes to be denied.");
}
}
public void AuthorizationAttribute_Invoke_Allowed_No_Attributes()
{
IPrincipal user = this.CreateIPrincipal("user1");
// Instantiate a new DomainService to use for an Invoke
using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
{
testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Invoke));
// Get a DomainServiceDescription for that same domain service
DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));
// Locate the invoke method
DomainOperationEntry invokeEntry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "InvokeNoAuth");
Assert.IsNotNull(invokeEntry, "Could not locate InvokeNoAuth invoke");
Assert.AreEqual("Invoke", invokeEntry.OperationType, "Invoke operation entry should show Invoke operation type");
// Ask the domain service to perform authorization.
// The principal will be located via the mock data service created above.
// Invokes do not expect an entity instance.
AuthorizationResult result = testDomainService.IsAuthorized(invokeEntry, entity: null);
Assert.AreSame(AuthorizationResult.Allowed, result, "Expected invoke with no auth attributes to be allowed.");
}
}
public void AuthorizationAttribute_Custom_Method_Custom_Attribute()
{
IPrincipal user = this.CreateIPrincipal("user1");
// Instantiate a new DomainService to use for a custom method via a Submit
using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
{
testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Submit));
// Get a DomainServiceDescription for that same domain service
DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));
// Locate the custom method. It has an attribute that will deny only entities whose value is "Fred"
DomainOperationEntry entry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "CustomUpdate");
Assert.IsNotNull(entry, "Did not find CustomUpdate entry");
Assert.AreEqual("Update", entry.OperationType, "Custom op entry should show op type Update");
// Ask the domain service to perform authorization.
// The principal will be located via the mock data service created above.
AuthorizationTestEntity entity = new AuthorizationTestEntity()
{
TheValue = "Bob"
};
AuthorizationResult result = testDomainService.IsAuthorized(entry, entity);
if (result != AuthorizationResult.Allowed)
{
Assert.Fail("Expected custom method to be approved: " + result.ErrorMessage);
}
// Now set it to an illegal value and verify deny
entity.TheValue = "Fred";
result = testDomainService.IsAuthorized(entry, entity);
Assert.AreNotSame(AuthorizationResult.Allowed, result, "Expected custom method to be denied");
Assert.AreEqual("uhuh", result.ErrorMessage, "Expected denial to return explicit message from code");
}
}
public void AuthorizationAttribute_Custom_Method_Custom_Attribute_Null_Entity_Throws()
{
IPrincipal user = this.CreateIPrincipal("user1");
// Instantiate a new DomainService to use for a custom method via a Submit
using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
{
// Note: Submit context enforces null entity test
testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Submit));
DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));
DomainOperationEntry entry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "CustomUpdate");
Assert.IsNotNull(entry, "Did not find CustomUpdate entry");
// The null entity here should raise ArgNull because the context is Submit
AuthorizationTestEntity entity = null;
ExceptionHelper.ExpectArgumentNullExceptionStandard(() => testDomainService.IsAuthorized(entry, entity), "entity");
}
}
public void AuthorizationAttribute_Custom_Method_Custom_Attribute_Metadata_Context()
{
IPrincipal user = this.CreateIPrincipal("user1");
// Instantiate a new DomainService to use for a custom method via a Submit
using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
{
// Note: Metadata context
testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Metadata));
DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));
DomainOperationEntry entry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "CustomUpdate");
Assert.IsNotNull(entry, "Did not find CustomUpdate entry");
AuthorizationTestEntity entity = null;
AuthorizationResult result = testDomainService.IsAuthorized(entry, entity);
if (result != AuthorizationResult.Allowed)
{
Assert.Fail("Expected custom method to be approved during metadata use: " + result.ErrorMessage);
}
}
}
public void AuthorizationAttribute_Invoke_Allowed_No_Attributes()
{
IPrincipal user = this.CreateIPrincipal("user1");
// Instantiate a new DomainService to use for an Invoke
using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
{
testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Invoke));
// Get a DomainServiceDescription for that same domain service
DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));
// Locate the invoke method
DomainOperationEntry invokeEntry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "InvokeNoAuth");
Assert.IsNotNull(invokeEntry, "Could not locate InvokeNoAuth invoke");
Assert.AreEqual("Invoke", invokeEntry.OperationType, "Invoke operation entry should show Invoke operation type");
// Ask the domain service to perform authorization.
// The principal will be located via the mock data service created above.
// Invokes do not expect an entity instance.
AuthorizationResult result = testDomainService.IsAuthorized(invokeEntry, entity: null);
Assert.AreSame(AuthorizationResult.Allowed, result, "Expected invoke with no auth attributes to be allowed.");
}
}
public void AuthorizationAttribute_Custom_Method_Custom_Attribute_Null_Entity_Throws()
{
IPrincipal user = this.CreateIPrincipal("user1");
// Instantiate a new DomainService to use for a custom method via a Submit
using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
{
// Note: Submit context enforces null entity test
testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Submit));
DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));
DomainOperationEntry entry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "CustomUpdate");
Assert.IsNotNull(entry, "Did not find CustomUpdate entry");
// The null entity here should raise ArgNull because the context is Submit
AuthorizationTestEntity entity = null;
ExceptionHelper.ExpectArgumentNullExceptionStandard(() => testDomainService.IsAuthorized(entry, entity), "entity");
}
}
public void AuthorizationAttribute_Custom_Method_Custom_Attribute_Metadata_Context()
{
IPrincipal user = this.CreateIPrincipal("user1");
// Instantiate a new DomainService to use for a custom method via a Submit
using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
{
// Note: Metadata context
testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Metadata));
DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));
DomainOperationEntry entry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "CustomUpdate");
Assert.IsNotNull(entry, "Did not find CustomUpdate entry");
AuthorizationTestEntity entity = null;
AuthorizationResult result = testDomainService.IsAuthorized(entry, entity);
if (result != AuthorizationResult.Allowed)
Assert.Fail("Expected custom method to be approved during metadata use: " + result.ErrorMessage);
}
}
public void AuthorizationAttribute_Custom_Method_Custom_Attribute()
{
IPrincipal user = this.CreateIPrincipal("user1");
// Instantiate a new DomainService to use for a custom method via a Submit
using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
{
testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Submit));
// Get a DomainServiceDescription for that same domain service
DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));
// Locate the custom method. It has an attribute that will deny only entities whose value is "Fred"
DomainOperationEntry entry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "CustomUpdate");
Assert.IsNotNull(entry, "Did not find CustomUpdate entry");
Assert.AreEqual("Update", entry.OperationType, "Custom op entry should show op type Update");
// Ask the domain service to perform authorization.
// The principal will be located via the mock data service created above.
AuthorizationTestEntity entity = new AuthorizationTestEntity() { TheValue = "Bob" };
AuthorizationResult result = testDomainService.IsAuthorized(entry, entity);
if (result != AuthorizationResult.Allowed)
Assert.Fail("Expected custom method to be approved: " + result.ErrorMessage);
// Now set it to an illegal value and verify deny
entity.TheValue = "Fred";
result = testDomainService.IsAuthorized(entry, entity);
Assert.AreNotSame(AuthorizationResult.Allowed, result, "Expected custom method to be denied");
Assert.AreEqual("uhuh", result.ErrorMessage, "Expected denial to return explicit message from code");
}
}
public void AuthorizationAttribute_Query_Custom_Attribute()
{
IPrincipal user = this.CreateIPrincipal("user1");
// Instantiate a new DomainService to use for a Query
using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
{
testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Query));
// Get a DomainServiceDescription for that same domain service
DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));
// Locate the QueryAllow query
DomainOperationEntry entry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "QueryAllow");
Assert.IsNotNull(entry, "Did not find QueryAllow entry");
Assert.AreEqual("Query", entry.OperationType, "Query operation type expected for query operation");
// Ask the domain service to perform authorization.
// The principal will be located via the mock data service created above.
AuthorizationResult result = testDomainService.IsAuthorized(entry, entity: null);
if (result != AuthorizationResult.Allowed)
Assert.Fail("Expected QueryAllow to be approved: " + result.ErrorMessage);
// Try again with a different query that will be denied
entry = description.DomainOperationEntries.SingleOrDefault(p => p.Name == "QueryDeny");
Assert.IsNotNull(entry, "Did not find QueryDeny entry");
result = testDomainService.IsAuthorized(entry, entity: null);
Assert.AreNotSame(AuthorizationResult.Allowed, result, "Expected QueryDeny to be denied");
}
}
public void AuthorizationAttribute_Invoke_Custom_Attribute()
{
IPrincipal user = this.CreateIPrincipal("user1");
// Instantiate a new DomainService to use for an Invoke
using (AuthorizationTestDomainService testDomainService = new AuthorizationTestDomainService())
{
testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Invoke));
// Get a DomainServiceDescription for that same domain service
DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(AuthorizationTestDomainService));
// Locate the invoke method
DomainOperationEntry invokeEntry = description.DomainOperationEntries.Single(p => p.Name == "InvokeAllow");
// Ask the domain service to perform authorization.
// The principal will be located via the mock data service created above.
// Invokes do not expect an entity instance.
AuthorizationResult result = testDomainService.IsAuthorized(invokeEntry, entity: null);
Assert.AreSame(AuthorizationResult.Allowed, result, "Expected invoke with custom auth attributes to be allowed.");
// Do that again but using an Invoke that will deny based on its own name
invokeEntry = description.DomainOperationEntries.Single(p => p.Name == "InvokeDeny");
result = testDomainService.IsAuthorized(invokeEntry, entity: null);
Assert.AreNotSame(AuthorizationResult.Allowed, result, "Expected invoke with denying custom attributes to be denied.");
}
}