Exemplo n.º 1
0
        public void StopImpersonating()
        {
            var initialUser         = new FakeUserInfo("TestUser");
            var impersonateUserName = "******";
            var initialCookie       = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);

            // Review test setup:

            Assert.AreEqual(
                "TestUser as TestImpersonatedUser, original TestUser",
                ReportImpersonationStatus(ImpersonationServiceHelper.GetAuthenticationInfo(initialUser, initialCookie).AuthenticationInfo));

            // Stopping impersonation should expire the impersonation cookie:

            (var responseCookie, var log) = ImpersonationServiceHelper.RemoveImpersonation(initialUser, initialCookie);

            AssertIsBefore(responseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
            Assert.AreEqual(ImpersonationService.CookieKey, responseCookie.Key);
            Assert.AreEqual(" as ",
                            ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(responseCookie.Value))); // No need for impersonation data in the cookie.

            TestUtility.AssertContains(
                string.Join(Environment.NewLine, log),
                "StopImpersonating: TestUser as TestImpersonatedUser");

            // Next request with expired cookie should be without impersonation, even if the expired cookie is sent again.

            Assert.AreEqual(
                "No impersonation, original TestUser",
                ReportImpersonationStatus(ImpersonationServiceHelper.GetAuthenticationInfo(initialUser, responseCookie).AuthenticationInfo));
        }
Exemplo n.º 2
0
        public void StopImpersonating_EmptyUser()
        {
            var initialUser = new FakeUserInfo("InitialUser");               // User than started the impersonation.
            var currentlyAuthenticatedUser = new FakeUserInfo("", "", true); // Unexpected authentication context, similar to anonymous user. Testing for robust impersonation management.
            var impersonateUserName        = "******";
            var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);

            // Stopping impersonation should expire the impersonation cookie, even if the authentication context is invalid:

            var removeResponse = ImpersonationServiceHelper.RemoveImpersonation(currentlyAuthenticatedUser, initialCookie);

            AssertIsBefore(removeResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
            Assert.AreEqual(ImpersonationService.CookieKey, removeResponse.ResponseCookie.Key);
            Assert.AreEqual(" as ",
                            ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(removeResponse.ResponseCookie.Value))); // No need for impersonation data in the cookie.
            TestUtility.AssertContains(
                string.Join(Environment.NewLine, removeResponse.Log),
                "Removing impersonation, the original user is no longer authenticated.");

            // Next request with expired cookie should be without impersonation, even if the expired cookie is sent again.

            var authResponseAfterRemove = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, removeResponse.ResponseCookie);

            Assert.AreEqual(
                "No impersonation, original not recognized",
                ReportImpersonationStatus(authResponseAfterRemove.AuthenticationInfo));
        }
Exemplo n.º 3
0
        public void RenewCookieAfterHalfExpirationTime_HalfTimeHasNotPassed()
        {
            var testUser            = new FakeUserInfo("TestUser");
            var impersonateUserName = "******";

            var options = new ImpersonationOptions {
                CookieDurationMinutes = 3
            };

            var cookie            = ImpersonationServiceHelper.SetImpersonation(testUser, impersonateUserName, options);
            var impersonationInfo = ImpersonationServiceHelper.DecryptCookieValue(cookie.Value);

            AssertIsWithinOneSecond(DateTime.Now.AddMinutes(options.CookieDurationMinutes), impersonationInfo.Expires); // Reviewing the test setup.

            // Half-time has not passed:

            impersonationInfo.Expires = DateTime.Now.AddMinutes(options.CookieDurationMinutes / 2.0).AddSeconds(1);
            cookie.Value = ImpersonationServiceHelper.EncryptCookieValue(impersonationInfo);

            (var impersonationService, var httpContext, _) = ImpersonationServiceHelper.CreateImpersonationService(testUser, options);
            httpContext.RequestCookies.Add(cookie);

            var user = impersonationService.GetAuthenticationInfo();

            // Impersonation should still be valid, the cookie should not be modified.

            Assert.AreEqual(
                "TestUser as TestImpersonatedUser, original TestUser",
                ReportImpersonationStatus(user));

            Assert.AreEqual(0, httpContext.ResponseCookies.Count);
        }
Exemplo n.º 4
0
        public void StopImpersonating_DifferentUser()
        {
            var initialUser = new FakeUserInfo("InitialUser");                // User than started the impersonation.
            var currentlyAuthenticatedUser = new FakeUserInfo("CurrentUser"); // Currently authenticated user does not match the initial user, so the impersonation cookie is invalid.
            var impersonateUserName        = "******";
            var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);

            // Stopping impersonation should expire the impersonation cookie, even if the authentication context is invalid:

            var removeResponse = ImpersonationServiceHelper.RemoveImpersonation(currentlyAuthenticatedUser, initialCookie);

            AssertIsBefore(removeResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
            Assert.AreEqual(ImpersonationService.CookieKey, removeResponse.ResponseCookie.Key);
            Assert.AreEqual(" as ",
                            ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(removeResponse.ResponseCookie.Value))); // No need for impersonation data in the cookie.
            TestUtility.AssertContains(
                string.Join(Environment.NewLine, removeResponse.Log),
                "Removing impersonation, the current authentication context (CurrentUser) does not match the initial one (InitialUser).");

            // Next request with expired cookie should be without impersonation, even if the expired cookie is sent again.

            var authResponseAfterRemove = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, removeResponse.ResponseCookie);

            Assert.AreEqual(
                "No impersonation, original CurrentUser",
                ReportImpersonationStatus(authResponseAfterRemove.AuthenticationInfo));
            Assert.IsNull(authResponseAfterRemove.ResponseCookie, "There is no need to send the expired cookie again, client already has the expired one.");
        }