public void AuthenticateDoesNotSucceedWithInvalidSecret() { var config = new SharedSecretAuthenticationConfiguration { PrimaryKey = "its-a-key!", PrimarySecret = "zomg!" }; var headerTokens = new Dictionary <string, string> { { "Authentication", "SharedSecret" } }; var handler = new SharedSecretAuthenticationHandler(config); var mockActionDescriptor = new Mock <HttpActionDescriptor>(); var httpConfiguration = new HttpConfiguration(); var routeData = new HttpRouteData(new HttpRoute()); var request = new HttpRequestMessage(); var controllerDescriptor = new HttpControllerDescriptor { Configuration = httpConfiguration, ControllerName = "generic" }; var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request) { ControllerDescriptor = controllerDescriptor }; var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object); var authcontext = new HttpAuthenticationContext(actionContext, null); request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationKey, config.PrimaryKey); request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationSecret, "wrong!"); var result = handler.Authenticate(headerTokens, authcontext); result.Should().BeNull("because an invalid key was specified in the header"); }
public void AuthenticateDoesNotSucceedWithMissingSecretHeader() { var config = new SharedSecretAuthenticationConfiguration { PrimaryKey = "its-a-key!", PrimarySecret = "zomg!" }; var handler = new SharedSecretAuthenticationHandler(config); var mockActionDescriptor = new Mock <HttpActionDescriptor>(); var httpConfiguration = new HttpConfiguration(); var routeData = new HttpRouteData(new HttpRoute()); var request = new HttpRequestMessage(); var controllerDescriptor = new HttpControllerDescriptor { Configuration = httpConfiguration, ControllerName = "generic" }; var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request) { ControllerDescriptor = controllerDescriptor }; var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object); var authcontext = new HttpAuthenticationContext(actionContext, null); request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationKey, "something"); var result = handler.Authenticate(null, authcontext); result.Should().BeNull("because the header token collection was null"); }
public void GenerateChallengeProducesTheChallenge() { var config = new SharedSecretAuthenticationConfiguration { PrimaryKey = "its-a-key!", PrimarySecret = "zomg!", SecondaryKey = "another-key", SecondarySecret = "another-secret" }; var headerTokens = new Dictionary <string, string> { { "Authentication", "SharedSecret" } }; var handler = new SharedSecretAuthenticationHandler(config); var mockActionDescriptor = new Mock <HttpActionDescriptor>(); var httpConfiguration = new HttpConfiguration(); var routeData = new HttpRouteData(new HttpRoute()); var request = new HttpRequestMessage(); var controllerDescriptor = new HttpControllerDescriptor { Configuration = httpConfiguration, ControllerName = "generic" }; var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request) { ControllerDescriptor = controllerDescriptor }; var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object); var authcontext = new HttpAuthenticationChallengeContext(actionContext, new UnauthorizedResult(new [] { new AuthenticationHeaderValue("TEST", "") }, request)); request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationKey, "bad-key"); request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationSecret, "bad secret"); var result = handler.GenerateChallenge(headerTokens, authcontext); result.Should().NotBeNull("because a challenge should always be generated"); result.Scheme.Should().Be(handler.HandlerType.ToString(), "because the scheme should match the authentication type"); }
public void AuthenticateSuceedsWithSecondaryKeyAndSecret() { var config = new SharedSecretAuthenticationConfiguration { PrimaryKey = "its-a-key!", PrimarySecret = "zomg!", SecondaryKey = "another-key", SecondarySecret = "another-secret" }; var headerTokens = new Dictionary <string, string> { { "Authentication", "SharedSecret" } }; var handler = new SharedSecretAuthenticationHandler(config); var mockActionDescriptor = new Mock <HttpActionDescriptor>(); var httpConfiguration = new HttpConfiguration(); var routeData = new HttpRouteData(new HttpRoute()); var request = new HttpRequestMessage(); var controllerDescriptor = new HttpControllerDescriptor { Configuration = httpConfiguration, ControllerName = "generic" }; var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request) { ControllerDescriptor = controllerDescriptor }; var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object); var authcontext = new HttpAuthenticationContext(actionContext, null); request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationKey, config.SecondaryKey); request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationSecret, config.SecondarySecret); var result = handler.Authenticate(headerTokens, authcontext); result.Should().NotBeNull("because the primary secret was used in the header"); result.Should().BeOfType <ClaimsPrincipal>("because authentication should return a claims principal"); }