Пример #1
0
        public void StopImpersonating_EmptyUser()
        {
            var initialUser = new FakeUserInfo("InitialUser");               // User than started the impersonation.
            var currentlyAuthenticatedUser = new FakeUserInfo("", "", true); // Unexpected authentication context, similar to anonymous user. Testing for robust impersonation management.
            var impersonateUserName        = "******";
            var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);

            // Stopping impersonation should expire the impersonation cookie, even if the authentication context is invalid:

            var removeResponse = ImpersonationServiceHelper.RemoveImpersonation(currentlyAuthenticatedUser, initialCookie);

            AssertIsBefore(removeResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
            Assert.AreEqual(ImpersonationService.CookieKey, removeResponse.ResponseCookie.Key);
            Assert.AreEqual(" as ",
                            ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(removeResponse.ResponseCookie.Value))); // No need for impersonation data in the cookie.
            TestUtility.AssertContains(
                string.Join(Environment.NewLine, removeResponse.Log),
                "Removing impersonation, the original user is no longer authenticated.");

            // Next request with expired cookie should be without impersonation, even if the expired cookie is sent again.

            var authResponseAfterRemove = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, removeResponse.ResponseCookie);

            Assert.AreEqual(
                "No impersonation, original not recognized",
                ReportImpersonationStatus(authResponseAfterRemove.AuthenticationInfo));
        }
Пример #2
0
        public void StopImpersonating()
        {
            var initialUser         = new FakeUserInfo("TestUser");
            var impersonateUserName = "******";
            var initialCookie       = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);

            // Review test setup:

            Assert.AreEqual(
                "TestUser as TestImpersonatedUser, original TestUser",
                ReportImpersonationStatus(ImpersonationServiceHelper.GetAuthenticationInfo(initialUser, initialCookie).AuthenticationInfo));

            // Stopping impersonation should expire the impersonation cookie:

            (var responseCookie, var log) = ImpersonationServiceHelper.RemoveImpersonation(initialUser, initialCookie);

            AssertIsBefore(responseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
            Assert.AreEqual(ImpersonationService.CookieKey, responseCookie.Key);
            Assert.AreEqual(" as ",
                            ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(responseCookie.Value))); // No need for impersonation data in the cookie.

            TestUtility.AssertContains(
                string.Join(Environment.NewLine, log),
                "StopImpersonating: TestUser as TestImpersonatedUser");

            // Next request with expired cookie should be without impersonation, even if the expired cookie is sent again.

            Assert.AreEqual(
                "No impersonation, original TestUser",
                ReportImpersonationStatus(ImpersonationServiceHelper.GetAuthenticationInfo(initialUser, responseCookie).AuthenticationInfo));
        }
Пример #3
0
        public void StopImpersonating_DifferentUser()
        {
            var initialUser = new FakeUserInfo("InitialUser");                // User than started the impersonation.
            var currentlyAuthenticatedUser = new FakeUserInfo("CurrentUser"); // Currently authenticated user does not match the initial user, so the impersonation cookie is invalid.
            var impersonateUserName        = "******";
            var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);

            // Stopping impersonation should expire the impersonation cookie, even if the authentication context is invalid:

            var removeResponse = ImpersonationServiceHelper.RemoveImpersonation(currentlyAuthenticatedUser, initialCookie);

            AssertIsBefore(removeResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
            Assert.AreEqual(ImpersonationService.CookieKey, removeResponse.ResponseCookie.Key);
            Assert.AreEqual(" as ",
                            ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(removeResponse.ResponseCookie.Value))); // No need for impersonation data in the cookie.
            TestUtility.AssertContains(
                string.Join(Environment.NewLine, removeResponse.Log),
                "Removing impersonation, the current authentication context (CurrentUser) does not match the initial one (InitialUser).");

            // Next request with expired cookie should be without impersonation, even if the expired cookie is sent again.

            var authResponseAfterRemove = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, removeResponse.ResponseCookie);

            Assert.AreEqual(
                "No impersonation, original CurrentUser",
                ReportImpersonationStatus(authResponseAfterRemove.AuthenticationInfo));
            Assert.IsNull(authResponseAfterRemove.ResponseCookie, "There is no need to send the expired cookie again, client already has the expired one.");
        }
Пример #4
0
        public void InvalidImpersonationCookie()
        {
            var testUser      = new FakeUserInfo("TestUser");
            var invalidCookie = new FakeCookie(ImpersonationService.CookieKey, "abc", null);

            var response = ImpersonationServiceHelper.GetAuthenticationInfo(testUser, invalidCookie);

            Assert.AreEqual(
                "No impersonation, original TestUser",
                ReportImpersonationStatus(response.AuthenticationInfo));
            TestUtility.AssertContains(
                string.Join(Environment.NewLine, response.Log),
                new[] {
                "Error decrypting 'rhetos_impersonation' cookie value.",
                "CryptographicException: An error occurred during a cryptographic operation."
            });
            AssertIsBefore(response.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
            Assert.AreEqual(ImpersonationService.CookieKey, response.ResponseCookie.Key);
        }
Пример #5
0
        public void AuthenticationContextChanged_EmptyUser()
        {
            var initialUser = new FakeUserInfo("InitialUser");               // User than started the impersonation.
            var currentlyAuthenticatedUser = new FakeUserInfo("", "", true); // Unexpected authentication context, similar to anonymous user. Testing for robust impersonation management.
            var impersonateUserName        = "******";
            var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);

            // Authentication process should invalidate the impersonation, because the user in no longer authenticated.

            var authResponse = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, initialCookie);

            Assert.AreEqual(
                "No impersonation, original not recognized",
                ReportImpersonationStatus(authResponse.AuthenticationInfo));
            TestUtility.AssertContains(
                string.Join(Environment.NewLine, authResponse.Log),
                "Removing impersonation, the original user is no longer authenticated.");
            AssertIsBefore(authResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
            Assert.AreEqual(ImpersonationService.CookieKey, authResponse.ResponseCookie.Key);
        }
Пример #6
0
        public void AuthenticationContextChanged_NullUser()
        {
            var initialUser = new FakeUserInfo("InitialUser");                    // User than started the impersonation.
            var currentlyAuthenticatedUser = new FakeUserInfo(null, null, false); // For example, if the user logged out.
            var impersonateUserName        = "******";
            var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);

            // Authentication process should invalidate the impersonation, because the user in no longer authenticated.

            var authResponse = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, initialCookie);

            Assert.AreEqual(
                "No impersonation, original not recognized", // Impersonation is not valid, since the current user does not match the initial user that started the impersonation.
                ReportImpersonationStatus(authResponse.AuthenticationInfo));
            TestUtility.AssertContains(
                string.Join(Environment.NewLine, authResponse.Log),
                "Removing impersonation, the original user is no longer authenticated.");
            AssertIsBefore(authResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
            Assert.AreEqual(ImpersonationService.CookieKey, authResponse.ResponseCookie.Key);
        }
Пример #7
0
        public void AuthenticationContextChanged_DifferentUser()
        {
            var initialUser = new FakeUserInfo("InitialUser");                // User than started the impersonation.
            var currentlyAuthenticatedUser = new FakeUserInfo("CurrentUser"); // Currently authenticated user does not match the initial user, so the impersonation cookie is invalid.
            var impersonateUserName        = "******";
            var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);

            // Authentication process should invalidate the impersonation, because the user context has changed.

            var authResponse = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, initialCookie);

            Assert.AreEqual(
                "No impersonation, original CurrentUser", // Impersonation is not valid, since the current user does not match the initial user that started the impersonation.
                ReportImpersonationStatus(authResponse.AuthenticationInfo));
            TestUtility.AssertContains(
                string.Join(Environment.NewLine, authResponse.Log),
                "Removing impersonation, the current authentication context (CurrentUser) does not match the initial one (InitialUser).");
            AssertIsBefore(authResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
            Assert.AreEqual(ImpersonationService.CookieKey, authResponse.ResponseCookie.Key);
        }