public async Task WindowsAuthTest(TestVariant variant) { var deploymentParameters = new IISDeploymentParameters(variant) { ApplicationPath = Helpers.GetOutOfProcessTestSitesPath(), }; deploymentParameters.AddWindowsAuthToServerConfig(); // The default in hosting sets windows auth to true. var deploymentResult = await DeployAsync(deploymentParameters); var response = await deploymentResult.HttpClient.GetAsync("/Auth"); var responseText = await response.Content.ReadAsStringAsync(); Assert.True("backcompat;Windows".Equals(responseText) || "latest;Windows".Equals(responseText), "Auth"); }
public async Task NtlmAuthentication(TestVariant variant) { var deploymentParameters = new IISDeploymentParameters(variant) { ApplicationPath = Helpers.GetOutOfProcessTestSitesPath(), ApplicationBaseUriHint = $"http://localhost:0/" }; deploymentParameters.AddWindowsAuthToServerConfig(); var result = await DeployAsync(deploymentParameters); var response = await result.RetryingHttpClient.GetAsync("/HelloWorld"); var responseText = await response.Content.ReadAsStringAsync(); Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.Equal("Hello World", responseText); var httpClient = result.HttpClient; response = await httpClient.GetAsync("/Anonymous"); responseText = await response.Content.ReadAsStringAsync(); Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.Equal("Anonymous?True", responseText); response = await httpClient.GetAsync("/Restricted"); Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); Assert.Contains("NTLM", response.Headers.WwwAuthenticate.ToString()); Assert.Contains("Negotiate", response.Headers.WwwAuthenticate.ToString()); response = await httpClient.GetAsync("/RestrictedNTLM"); Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); Assert.Contains("NTLM", response.Headers.WwwAuthenticate.ToString()); // Note we can't restrict a challenge to a specific auth type, the native auth modules always add themselves. Assert.Contains("Negotiate", response.Headers.WwwAuthenticate.ToString()); response = await httpClient.GetAsync("/Forbidden"); Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode); var httpClientHandler = new HttpClientHandler() { UseDefaultCredentials = true }; httpClient = result.CreateClient(httpClientHandler); response = await httpClient.GetAsync("/Anonymous"); responseText = await response.Content.ReadAsStringAsync(); Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.Equal("Anonymous?True", responseText); response = await httpClient.GetAsync("/Restricted"); responseText = await response.Content.ReadAsStringAsync(); Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.NotEmpty(responseText); }