Пример #1
0
        public void AuthenticateDoesNotSucceedWithInvalidSecret()
        {
            var config = new SharedSecretAuthenticationConfiguration
            {
                PrimaryKey    = "its-a-key!",
                PrimarySecret = "zomg!"
            };

            var headerTokens = new Dictionary <string, string>
            {
                { "Authentication", "SharedSecret" }
            };

            var handler = new SharedSecretAuthenticationHandler(config);
            var mockActionDescriptor = new Mock <HttpActionDescriptor>();
            var httpConfiguration    = new HttpConfiguration();
            var routeData            = new HttpRouteData(new HttpRoute());
            var request = new HttpRequestMessage();
            var controllerDescriptor = new HttpControllerDescriptor {
                Configuration = httpConfiguration, ControllerName = "generic"
            };
            var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
            {
                ControllerDescriptor = controllerDescriptor
            };
            var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
            var authcontext   = new HttpAuthenticationContext(actionContext, null);

            request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationKey, config.PrimaryKey);
            request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationSecret, "wrong!");

            var result = handler.Authenticate(headerTokens, authcontext);

            result.Should().BeNull("because an invalid key was specified in the header");
        }
Пример #2
0
        public void AuthenticateDoesNotSucceedWithMissingSecretHeader()
        {
            var config = new SharedSecretAuthenticationConfiguration
            {
                PrimaryKey    = "its-a-key!",
                PrimarySecret = "zomg!"
            };

            var handler = new SharedSecretAuthenticationHandler(config);
            var mockActionDescriptor = new Mock <HttpActionDescriptor>();
            var httpConfiguration    = new HttpConfiguration();
            var routeData            = new HttpRouteData(new HttpRoute());
            var request = new HttpRequestMessage();
            var controllerDescriptor = new HttpControllerDescriptor {
                Configuration = httpConfiguration, ControllerName = "generic"
            };
            var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
            {
                ControllerDescriptor = controllerDescriptor
            };
            var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
            var authcontext   = new HttpAuthenticationContext(actionContext, null);

            request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationKey, "something");

            var result = handler.Authenticate(null, authcontext);

            result.Should().BeNull("because the header token collection was null");
        }
Пример #3
0
        public void GenerateChallengeProducesTheChallenge()
        {
            var config = new SharedSecretAuthenticationConfiguration
            {
                PrimaryKey      = "its-a-key!",
                PrimarySecret   = "zomg!",
                SecondaryKey    = "another-key",
                SecondarySecret = "another-secret"
            };

            var headerTokens = new Dictionary <string, string>
            {
                { "Authentication", "SharedSecret" }
            };

            var handler = new SharedSecretAuthenticationHandler(config);
            var mockActionDescriptor = new Mock <HttpActionDescriptor>();
            var httpConfiguration    = new HttpConfiguration();
            var routeData            = new HttpRouteData(new HttpRoute());
            var request = new HttpRequestMessage();
            var controllerDescriptor = new HttpControllerDescriptor {
                Configuration = httpConfiguration, ControllerName = "generic"
            };
            var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
            {
                ControllerDescriptor = controllerDescriptor
            };
            var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
            var authcontext   = new HttpAuthenticationChallengeContext(actionContext, new UnauthorizedResult(new [] { new AuthenticationHeaderValue("TEST", "") }, request));

            request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationKey, "bad-key");
            request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationSecret, "bad secret");

            var result = handler.GenerateChallenge(headerTokens, authcontext);

            result.Should().NotBeNull("because a challenge should always be generated");
            result.Scheme.Should().Be(handler.HandlerType.ToString(), "because the scheme should match the authentication type");
        }
Пример #4
0
        public void AuthenticateSuceedsWithSecondaryKeyAndSecret()
        {
            var config = new SharedSecretAuthenticationConfiguration
            {
                PrimaryKey      = "its-a-key!",
                PrimarySecret   = "zomg!",
                SecondaryKey    = "another-key",
                SecondarySecret = "another-secret"
            };

            var headerTokens = new Dictionary <string, string>
            {
                { "Authentication", "SharedSecret" }
            };

            var handler = new SharedSecretAuthenticationHandler(config);
            var mockActionDescriptor = new Mock <HttpActionDescriptor>();
            var httpConfiguration    = new HttpConfiguration();
            var routeData            = new HttpRouteData(new HttpRoute());
            var request = new HttpRequestMessage();
            var controllerDescriptor = new HttpControllerDescriptor {
                Configuration = httpConfiguration, ControllerName = "generic"
            };
            var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
            {
                ControllerDescriptor = controllerDescriptor
            };
            var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
            var authcontext   = new HttpAuthenticationContext(actionContext, null);

            request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationKey, config.SecondaryKey);
            request.Headers.Add(Core.Infrastructure.HttpHeaders.ApplicationSecret, config.SecondarySecret);

            var result = handler.Authenticate(headerTokens, authcontext);

            result.Should().NotBeNull("because the primary secret was used in the header");
            result.Should().BeOfType <ClaimsPrincipal>("because authentication should return a claims principal");
        }