public void AddingExistingIdentityChangesDefaultButPreservesPrior()
{
IOwinContext context = new OwinContext();
IOwinRequest request = context.Request;
request.User = new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), null);
var helper = new SecurityHelper(context);
request.User.Identity.AuthenticationType.ShouldBe("Alpha");
request.User.Identity.Name.ShouldBe("Test1");
helper.AddUserIdentity(new GenericIdentity("Test2", "Beta"));
request.User.Identity.AuthenticationType.ShouldBe("Beta");
request.User.Identity.Name.ShouldBe("Test2");
helper.AddUserIdentity(new GenericIdentity("Test3", "Gamma"));
request.User.Identity.AuthenticationType.ShouldBe("Gamma");
request.User.Identity.Name.ShouldBe("Test3");
var principal = (ClaimsPrincipal)request.User;
principal.Identities.Count().ShouldBe(3);
principal.Identities.Skip(0).First().Name.ShouldBe("Test3");
principal.Identities.Skip(1).First().Name.ShouldBe("Test2");
principal.Identities.Skip(2).First().Name.ShouldBe("Test1");
}
public void AddingToNullUserCreatesUserAsClaimsPrincipalWithSingleIdentity()
{
var request = OwinRequest.Create();
request.User.ShouldBe(null);
var helper = new SecurityHelper(request);
helper.AddUserIdentity(new GenericIdentity("Test1", "Alpha"));
request.User.ShouldNotBe(null);
request.User.Identity.AuthenticationType.ShouldBe("Alpha");
request.User.Identity.Name.ShouldBe("Test1");
request.User.ShouldBeTypeOf<ClaimsPrincipal>();
request.User.Identity.ShouldBeTypeOf<ClaimsIdentity>();
((ClaimsPrincipal)request.User).Identities.Count().ShouldBe(1);
}
public void AddingToAnonymousIdentityDoesNotKeepAnonymousIdentity()
{
var request = OwinRequest.Create();
request.User = new GenericPrincipal(new GenericIdentity(string.Empty, string.Empty), null);
request.User.Identity.IsAuthenticated.ShouldBe(false);
var helper = new SecurityHelper(request);
helper.AddUserIdentity(new GenericIdentity("Test1", "Alpha"));
request.User.ShouldNotBe(null);
request.User.Identity.AuthenticationType.ShouldBe("Alpha");
request.User.Identity.Name.ShouldBe("Test1");
request.User.ShouldBeTypeOf<ClaimsPrincipal>();
request.User.Identity.ShouldBeTypeOf<ClaimsIdentity>();
((ClaimsPrincipal)request.User).Identities.Count().ShouldBe(1);
}
protected async Task BaseInitializeAsync(AuthenticationOptions options, IOwinContext context)
{
_baseOptions = options;
Context = context;
Helper = new SecurityHelper(context);
RequestPathBase = Request.PathBase;
_registration = Request.RegisterAuthenticationHandler(this);
Response.OnSendingHeaders(OnSendingHeaderCallback, this);
await InitializeCoreAsync();
if (BaseOptions.AuthenticationMode == AuthenticationMode.Active)
{
AuthenticationTicket ticket = await AuthenticateAsync();
if (ticket != null && ticket.Identity != null)
{
Helper.AddUserIdentity(ticket.Identity);
}
}
}
protected async Task BaseInitialize(AuthenticationOptions options, OwinRequest request, OwinResponse response)
{
_baseOptions = options;
Request = request;
Response = response;
Helper = new SecurityHelper(request);
RequestPathBase = Request.PathBase;
_registration = Request.RegisterAuthenticationHandler(this);
Request.OnSendingHeaders(state => ((AuthenticationHandler)state).ApplyResponse().Wait(), this);
await InitializeCore();
if (BaseOptions.AuthenticationMode == AuthenticationMode.Active)
{
AuthenticationTicket ticket = await Authenticate();
if (ticket != null && ticket.Identity != null)
{
Helper.AddUserIdentity(ticket.Identity);
}
}
}
public bool Equals(SecurityHelper other)
{
return(Equals(_context, other._context));
}
public bool Equals(SecurityHelper other)
{
return Equals(_context, other._context);
}
public void NoExtraDataMeansChallengesAreDeterminedOnlyByActiveOrPassiveMode()
{
IOwinContext context = new OwinContext();
IOwinRequest request = context.Request;
IOwinResponse response = context.Response;
var helper = new SecurityHelper(context);
AuthenticationResponseChallenge activeNoChallenge = helper.LookupChallenge("Alpha", AuthenticationMode.Active);
AuthenticationResponseChallenge passiveNoChallenge = helper.LookupChallenge("Alpha", AuthenticationMode.Passive);
response.StatusCode = 401;
AuthenticationResponseChallenge activeEmptyChallenge = helper.LookupChallenge("Alpha", AuthenticationMode.Active);
AuthenticationResponseChallenge passiveEmptyChallenge = helper.LookupChallenge("Alpha", AuthenticationMode.Passive);
activeNoChallenge.ShouldNotBe(null);
passiveNoChallenge.ShouldBe(null);
activeEmptyChallenge.ShouldNotBe(null);
passiveEmptyChallenge.ShouldBe(null);
}
public void WithExtraDataMeansChallengesAreDeterminedOnlyByMatchingAuthenticationType()
{
IOwinContext context = new OwinContext();
IOwinRequest request = context.Request;
IOwinResponse response = context.Response;
var helper = new SecurityHelper(context);
context.Authentication.Challenge(new AuthenticationProperties(), "Beta", "Gamma");
AuthenticationResponseChallenge activeNoMatch = helper.LookupChallenge("Alpha", AuthenticationMode.Active);
AuthenticationResponseChallenge passiveNoMatch = helper.LookupChallenge("Alpha", AuthenticationMode.Passive);
context.Authentication.Challenge(new AuthenticationProperties(), "Beta", "Alpha");
AuthenticationResponseChallenge activeWithMatch = helper.LookupChallenge("Alpha", AuthenticationMode.Active);
AuthenticationResponseChallenge passiveWithMatch = helper.LookupChallenge("Alpha", AuthenticationMode.Passive);
activeNoMatch.ShouldBe(null);
passiveNoMatch.ShouldBe(null);
activeWithMatch.ShouldNotBe(null);
passiveWithMatch.ShouldNotBe(null);
}
public void NoExtraDataMeansChallengesAreDeterminedOnlyByActiveOrPassiveMode()
{
var request = OwinRequest.Create();
var response = new OwinResponse(request);
var helper = new SecurityHelper(request);
var activeNoChallenge = helper.LookupChallenge("Alpha", AuthenticationMode.Active);
var passiveNoChallenge = helper.LookupChallenge("Alpha", AuthenticationMode.Passive);
response.StatusCode = 401;
var activeEmptyChallenge = helper.LookupChallenge("Alpha", AuthenticationMode.Active);
var passiveEmptyChallenge = helper.LookupChallenge("Alpha", AuthenticationMode.Passive);
activeNoChallenge.ShouldNotBe(null);
passiveNoChallenge.ShouldBe(null);
activeEmptyChallenge.ShouldNotBe(null);
passiveEmptyChallenge.ShouldBe(null);
}
public void WithExtraDataMeansChallengesAreDeterminedOnlyByMatchingAuthenticationType()
{
var request = OwinRequest.Create();
var response = new OwinResponse(request);
var helper = new SecurityHelper(request);
response.Challenge(new[] { "Beta", "Gamma" });
var activeNoMatch = helper.LookupChallenge("Alpha", AuthenticationMode.Active);
var passiveNoMatch = helper.LookupChallenge("Alpha", AuthenticationMode.Passive);
response.Challenge(new[] { "Beta", "Alpha" });
var activeWithMatch = helper.LookupChallenge("Alpha", AuthenticationMode.Active);
var passiveWithMatch = helper.LookupChallenge("Alpha", AuthenticationMode.Passive);
activeNoMatch.ShouldBe(null);
passiveNoMatch.ShouldBe(null);
activeWithMatch.ShouldNotBe(null);
passiveWithMatch.ShouldNotBe(null);
}