public void GetUriDoesNotIncludeApplicationPathWithSuppliedBaseUri()
{
const string BaseRequestUri = "http://www.testsite.com";
const string ApplicationPathRequestUri = "/MySuperDuperApplication";
const string PathRequestUri = ApplicationPathRequestUri + "/Manage/Default.aspx";
const string QueryRequestUri = "?Param=SomeValue";
var mockRequest = new Mock <HttpRequestBase>();
mockRequest.SetupGet(req => req.ApplicationPath).Returns(ApplicationPathRequestUri);
mockRequest.SetupGet(req => req.Url).Returns(new Uri(BaseRequestUri + PathRequestUri + QueryRequestUri));
mockRequest.SetupGet(req => req.RawUrl).Returns(PathRequestUri + QueryRequestUri);
var mockResponse = new Mock <HttpResponseBase>();
mockResponse.Setup(resp => resp.ApplyAppPathModifier(It.IsAny <string>())).Returns <string>(s => s);
var settings = new Settings {
Mode = Mode.On,
BaseSecureUri = "https://secure.someotherwebsite.com/testsite/"
};
var evaluator = new HeadersSecurityEvaluator();
var enforcer = new SecurityEnforcer(evaluator);
// Act.
var targetUrl = enforcer.GetUriForMatchedSecurityRequest(mockRequest.Object,
mockResponse.Object,
RequestSecurity.Secure,
settings);
// Assert.
Assert.Equal(settings.BaseSecureUri + PathRequestUri.Remove(0, ApplicationPathRequestUri.Length + 1) + QueryRequestUri, targetUrl);
}
public void GetUriReturnsSwitchedUriBasedOnSuppliedBaseInsecureUri()
{
const string BaseRequestUri = "https://www.testsite.com";
const string PathRequestUri = "/Info/Default.aspx";
const string QueryRequestUri = "?Param=SomeValue";
var mockRequest = new Mock <HttpRequestBase>();
mockRequest.SetupGet(req => req.ApplicationPath).Returns("/");
mockRequest.SetupGet(req => req.Url).Returns(new Uri(BaseRequestUri + PathRequestUri + QueryRequestUri));
mockRequest.SetupGet(req => req.RawUrl).Returns(PathRequestUri + QueryRequestUri);
mockRequest.SetupGet(req => req.IsSecureConnection).Returns(true);
var mockResponse = new Mock <HttpResponseBase>();
mockResponse.Setup(resp => resp.ApplyAppPathModifier(It.IsAny <string>())).Returns <string>(s => s);
var settings = new Settings {
Mode = Mode.On,
BaseInsecureUri = "http://www.someotherwebsite.com/"
};
var evaluator = new StandardSecurityEvaluator();
var enforcer = new SecurityEnforcer(evaluator);
// Act.
var targetUrl = enforcer.GetUriForMatchedSecurityRequest(mockRequest.Object,
mockResponse.Object,
RequestSecurity.Insecure,
settings);
// Assert.
Assert.Equal(settings.BaseInsecureUri + PathRequestUri.Remove(0, 1) + QueryRequestUri, targetUrl);
}
