public static void Register(HttpConfiguration config) { // Web API configuration and services // Web API routes config.MapHttpAttributeRoutes(); config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); // return JSON instead of XML as default var appXmlType = config.Formatters.XmlFormatter.SupportedMediaTypes .FirstOrDefault(t => t.MediaType == "application/xml"); config.Formatters.XmlFormatter.SupportedMediaTypes.Remove(appXmlType); // use camelCase in JSON var jsonFormatter = config.Formatters.OfType <JsonMediaTypeFormatter>().First(); jsonFormatter.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver(); // ReSharper disable once UnusedVariable var requireHttpsAttribute = new RequireHttpsAttribute(); config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType)); #if !DEBUG config.Filters.Add(requireHttpsAttribute); #endif }
public void OnAuthorization_RedirectsToHttpsEndpoint_ForCustomSslPort( string url, int?sslPort, string expectedUrl) { // Arrange var options = Options.Create(new MvcOptions()); var uri = new Uri(url); var requestContext = new DefaultHttpContext(); requestContext.RequestServices = CreateServices(sslPort); requestContext.Request.Scheme = "http"; requestContext.Request.Method = "GET"; requestContext.Request.Host = HostString.FromUriComponent(uri); requestContext.Request.Path = PathString.FromUriComponent(uri); requestContext.Request.QueryString = QueryString.FromUriComponent(uri); var authContext = CreateAuthorizationContext(requestContext); var attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.NotNull(authContext.Result); var result = Assert.IsType <RedirectResult>(authContext.Result); Assert.Equal(expectedUrl, result.Url); }
public void OnAuthorization_RedirectsToHttpsEndpoint_WithSpecifiedStatusCodeAndRequireHttpsPermanentOption(bool?permanent, bool requireHttpsPermanent) { var requestContext = new DefaultHttpContext(); requestContext.RequestServices = CreateServices(null, requireHttpsPermanent); requestContext.Request.Scheme = "http"; requestContext.Request.Method = "GET"; var authContext = CreateAuthorizationContext(requestContext); var attr = new RequireHttpsAttribute(); if (permanent.HasValue) { attr.Permanent = permanent.Value; } ; // Act attr.OnAuthorization(authContext); // Assert var result = Assert.IsType <RedirectResult>(authContext.Result); Assert.Equal(permanent ?? requireHttpsPermanent, result.Permanent); }
public void OnAuthorizationRedirectsIfPermanentConstructorParameterIsAndRequestIsNotSecureAndMethodIsGet( bool permanent ) { // Arrange Mock <AuthorizationContext> mockAuthContext = new Mock <AuthorizationContext>(); mockAuthContext.Setup(c => c.HttpContext.Request.HttpMethod).Returns("get"); mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(false); mockAuthContext .Setup(c => c.HttpContext.Request.RawUrl) .Returns("/alpha/bravo/charlie?q=quux"); mockAuthContext .Setup(c => c.HttpContext.Request.Url) .Returns(new Uri("http://www.example.com:8080/foo/bar/baz")); AuthorizationContext authContext = mockAuthContext.Object; RequireHttpsAttribute attr = new RequireHttpsAttribute(permanent); // Act attr.OnAuthorization(authContext); RedirectResult result = authContext.Result as RedirectResult; // Assert Assert.Equal(permanent, attr.Permanent); Assert.NotNull(result); Assert.Equal("https://www.example.com/alpha/bravo/charlie?q=quux", result.Url); Assert.Equal(permanent, result.Permanent); }
private static void ConfigureMvc(IServiceCollection services) { services.AddMvc(options => { var requireHttpsFilter = new RequireHttpsAttribute(); options.Filters.Add(requireHttpsFilter); }); }
private void ConfigureMvc(IServiceCollection services) { services.AddMvc(options => { var requireHttpsFilter = new RequireHttpsAttribute(); options.Filters.Add(requireHttpsFilter); options.EnableEndpointRouting = false; }); }
public void OnAuthorizationThrowsIfFilterContextIsNull() { // Arrange RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act & assert Assert.ThrowsArgumentNull( delegate { attr.OnAuthorization(null); }, "filterContext"); }
public void OnAuthorizationThrowsIfFilterContextIsNull() { // Arrange RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act & assert Assert.ThrowsArgumentNull( delegate { attr.OnAuthorization(null); }, "filterContext"); }
public static MvcOptions RequireSsl([NotNull] this MvcOptions thisValue) { RequireHttpsAttribute requireHttps = thisValue.Filters.OfType <RequireHttpsAttribute>().FirstOrDefault(); if (requireHttps == null) { thisValue.Filters.Add <RequireHttpsAttribute>(); } return(thisValue); }
private static void ConfigureMvc(IServiceCollection services) { services.AddMvc(options => { var requireHttpsFilter = new RequireHttpsAttribute(); options.Filters.Add(requireHttpsFilter); var authorizationPolicy = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .Build(); var authorizeFilter = new AuthorizeFilter(authorizationPolicy); options.Filters.Add(authorizeFilter); }); }
public void OnAuthorizationThrowsIfRequestIsNotSecureAndMethodIsNotGet() { // Arrange Mock <AuthorizationContext> mockAuthContext = new Mock <AuthorizationContext>(); mockAuthContext.Setup(c => c.HttpContext.Request.HttpMethod).Returns("post"); mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(false); AuthorizationContext authContext = mockAuthContext.Object; RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act & assert Assert.Throws <InvalidOperationException>( delegate { attr.OnAuthorization(authContext); }, @"The requested resource can only be accessed via SSL."); }
public void OnAuthorization_AllowsTheRequestIfItIsHttps() { // Arrange var requestContext = new DefaultHttpContext(); requestContext.Request.Scheme = "https"; var authContext = CreateAuthorizationContext(requestContext); var attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.Null(authContext.Result); }
public static void Configure(IAppBuilder appBuilder, ILifetimeScope container) { var config = new HttpConfiguration(); config.DependencyResolver = new AutofacWebApiDependencyResolver(container); config.MapHttpAttributeRoutes(); config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); var requireHttpsAttribute = new RequireHttpsAttribute(); #if !DEBUG config.Filters.Add(requireHttpsAttribute); #endif // return JSON instead of XML by default var appXmlType = config.Formatters.XmlFormatter.SupportedMediaTypes .FirstOrDefault(t => t.MediaType == "application/xml"); config.Formatters.XmlFormatter.SupportedMediaTypes.Remove(appXmlType); // use camelCase in JSON var jsonFormatter = config.Formatters.OfType <JsonMediaTypeFormatter>().First(); jsonFormatter.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver(); // standardize datetime format jsonFormatter.SerializerSettings.DateFormatHandling = DateFormatHandling.IsoDateFormat; IsoDateTimeConverter dateConverter = new IsoDateTimeConverter { DateTimeFormat = "yyyy'-'MM'-'dd'T'HH':'mm':'ss.fff'Z'" }; jsonFormatter.SerializerSettings.Converters.Add(dateConverter); appBuilder.UseAutofacWebApi(config); appBuilder.UseWebApi(config); appBuilder.UseFileServer(new FileServerOptions { EnableDefaultFiles = false, RequestPath = new PathString("/images") }); }
public void OnAuthorizationDoesNothingIfRequestIsSecure() { // Arrange Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(); mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(true); AuthorizationContext authContext = mockAuthContext.Object; ViewResult result = new ViewResult(); authContext.Result = result; RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.Same(result, authContext.Result); }
public void OnAuthorization_RedirectsToHttpsEndpoint_ForNonHttpsGetRequests( string host, string pathBase, string path, string queryString, string expectedUrl) { // Arrange var requestContext = new DefaultHttpContext(); requestContext.RequestServices = CreateServices(); requestContext.Request.Scheme = "http"; requestContext.Request.Method = "GET"; requestContext.Request.Host = HostString.FromUriComponent(host); if (pathBase != null) { requestContext.Request.PathBase = new PathString(pathBase); } if (path != null) { requestContext.Request.Path = new PathString(path); } if (queryString != null) { requestContext.Request.QueryString = new QueryString(queryString); } var authContext = CreateAuthorizationContext(requestContext); var attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.NotNull(authContext.Result); var result = Assert.IsType <RedirectResult>(authContext.Result); Assert.False(result.Permanent); Assert.Equal(expectedUrl, result.Url); }
public void OnAuthorization_SignalsBadRequestStatusCode_ForNonHttpsAndNonGetRequests(string method) { // Arrange var requestContext = new DefaultHttpContext(); requestContext.RequestServices = CreateServices(); requestContext.Request.Scheme = "http"; requestContext.Request.Method = method; var authContext = CreateAuthorizationContext(requestContext); var attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.NotNull(authContext.Result); var result = Assert.IsType <StatusCodeResult>(authContext.Result); Assert.Equal(StatusCodes.Status403Forbidden, result.StatusCode); }
public void OnAuthorizationRedirectsIfRequestIsNotSecureAndMethodIsGet() { // Arrange Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(); mockAuthContext.Setup(c => c.HttpContext.Request.HttpMethod).Returns("get"); mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(false); mockAuthContext.Setup(c => c.HttpContext.Request.RawUrl).Returns("/alpha/bravo/charlie?q=quux"); mockAuthContext.Setup(c => c.HttpContext.Request.Url).Returns(new Uri("http://www.example.com:8080/foo/bar/baz")); AuthorizationContext authContext = mockAuthContext.Object; RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); RedirectResult result = authContext.Result as RedirectResult; // Assert Assert.NotNull(result); Assert.Equal("https://www.example.com/alpha/bravo/charlie?q=quux", result.Url); }
public void OnAuthorizationDoesNothingIfRequestIsSecure() { // Arrange Mock <AuthorizationContext> mockAuthContext = new Mock <AuthorizationContext>(); mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(true); AuthorizationContext authContext = mockAuthContext.Object; ViewResult result = new ViewResult(); authContext.Result = result; RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.Same(result, authContext.Result); }
public void OnAuthorizationRedirectsIfRequestIsNotSecureAndMethodIsGet() { // Arrange Mock <AuthorizationContext> mockAuthContext = new Mock <AuthorizationContext>(); mockAuthContext.Expect(c => c.HttpContext.Request.HttpMethod).Returns("get"); mockAuthContext.Expect(c => c.HttpContext.Request.IsSecureConnection).Returns(false); mockAuthContext.Expect(c => c.HttpContext.Request.RawUrl).Returns("/alpha/bravo/charlie?q=quux"); mockAuthContext.Expect(c => c.HttpContext.Request.Url).Returns(new Uri("http://www.example.com:8080/foo/bar/baz")); AuthorizationContext authContext = mockAuthContext.Object; RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); RedirectResult result = authContext.Result as RedirectResult; // Assert Assert.IsNotNull(result, "Result should have been a RedirectResult."); Assert.AreEqual("https://www.example.com/alpha/bravo/charlie?q=quux", result.Url); }
public void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (filterContext.HttpContext.Request.IsLocal) { return; } if (!AppContext.Configuration.RequireRootHost) { return; } if (!filterContext.HttpContext.Request.Url.Host.StartsWith("www.")) { return; } if (filterContext.HttpContext.Request.HttpMethod != "GET") { throw new InvalidOperationException("RequireRootHost_MustRemoveWwW"); } var httpsPort = RequireHttpsAttribute.GetHttpsPort(); if (httpsPort == null) { return; } filterContext.Result = new RedirectResult($"https://{filterContext.HttpContext.Request.Url.Host.Remove(0, 4)}:{httpsPort}{filterContext.HttpContext.Request.RawUrl}"); }
public void Setup() { context = new HttpActionContext(new HttpControllerContext(new HttpRequestContext(), new HttpRequestMessage(HttpMethod.Get, new Uri("https://www.server.domain")), new HttpControllerDescriptor(), Substitute.For<IHttpController>()), new ReflectedHttpActionDescriptor()); sut = new RequireHttpsAttribute(); }
public void OnAuthorizationThrowsIfRequestIsNotSecureAndMethodIsNotGet() { // Arrange Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(); mockAuthContext.Setup(c => c.HttpContext.Request.HttpMethod).Returns("post"); mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(false); AuthorizationContext authContext = mockAuthContext.Object; RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act & assert Assert.Throws<InvalidOperationException>( delegate { attr.OnAuthorization(authContext); }, @"The requested resource can only be accessed via SSL."); }
public void Setup() { context = new HttpActionContext(new HttpControllerContext(new HttpRequestContext(), new HttpRequestMessage(HttpMethod.Get, new Uri("https://www.server.domain")), new HttpControllerDescriptor(), Substitute.For <IHttpController>()), new ReflectedHttpActionDescriptor()); sut = new RequireHttpsAttribute(); }