public static AssertHasName ( IIdentity identity, string expectedName ) : void | ||
identity | IIdentity | |
expectedName | string | |
Результат | void |
private void AssertClientPropertiesForTarget(NegotiateStream client, string target) { Assert.True(client.IsAuthenticated, "client.IsAuthenticated"); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.True(client.IsEncrypted, "client.IsEncrypted"); Assert.True(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated"); Assert.False(client.IsServer, "client.IsServer"); Assert.True(client.IsSigned, "client.IsSigned"); Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStreamOpen"); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("Kerberos", serverIdentity.AuthenticationType); Assert.True(serverIdentity.IsAuthenticated, "serverIdentity.IsAuthenticated"); IdentityValidator.AssertHasName(serverIdentity, target); }
public void NegotiateStream_StreamToStream_KerberosAuthDefaultCredentials_Success() { if (!_isKrbAvailable) { _output.WriteLine("skipping NegotiateStream_StreamToStream_KerberosAuthDefaultCredentials_Success"); return; } VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new UnixGssFakeNegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated, "client is not authenticated before AuthenticateAsClient call"); Task[] auth = new Task[2]; string user = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm); string target = string.Format("{0}@{1}", TestConfiguration.HostTarget, TestConfiguration.Realm); // Seed the default Kerberos cache with the TGT UnixGssFakeNegotiateStream.GetDefaultKerberosCredentials(user, _fixture.password); auth[0] = client.AuthenticateAsClientAsync(CredentialCache.DefaultNetworkCredentials, target); auth[1] = server.AuthenticateAsServerAsync(); bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds); Assert.True(finished, "Handshake completed in the allotted time"); // Expected Client property values: Assert.True(client.IsAuthenticated, "client.IsAuthenticated"); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.True(client.IsEncrypted, "client.IsEncrypted"); Assert.True(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated"); Assert.False(client.IsServer, "client.IsServer"); Assert.True(client.IsSigned, "client.IsSigned"); Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStreamOpen"); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("Kerberos", serverIdentity.AuthenticationType); Assert.True(serverIdentity.IsAuthenticated, "serverIdentity.IsAuthenticated"); IdentityValidator.AssertHasName(serverIdentity, target); } }
public void NegotiateStream_StreamToStream_NtlmAuthentication_KerberosCreds_Success() { if (!_isNtlmAvailable) { _output.WriteLine("skipping NegotiateStream_StreamToStream_NtlmAuthentication_KerberosCreds_Success"); return; } VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new UnixGssFakeNegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated, "client.IsAuthenticated"); Assert.False(server.IsAuthenticated, "server.IsAuthenticated"); string user = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm); NetworkCredential credential = new NetworkCredential(user, _fixture.password); Task[] auth = new Task[] { client.AuthenticateAsClientAsync(credential, TestConfiguration.HttpTarget, ProtectionLevel.None, TokenImpersonationLevel.Identification), server.AuthenticateAsServerAsync() }; bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds); Assert.True(finished, "Handshake completed in the allotted time"); // Expected Client property values: Assert.True(client.IsAuthenticated, "client.IsAuthenticated"); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.False(client.IsEncrypted, "client.IsEncrypted"); Assert.False(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated"); Assert.False(client.IsServer, "client.IsServer"); Assert.False(client.IsSigned, "client.IsSigned"); Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStreamOpen"); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("NTLM", serverIdentity.AuthenticationType); Assert.True(serverIdentity.IsAuthenticated, "server identity is authenticated"); IdentityValidator.AssertHasName(serverIdentity, TestConfiguration.HttpTarget); } }
public async Task NegotiateStream_StreamToStream_NtlmAuthentication_ValidCredentials_Success(NetworkCredential credential) { if (!_isNtlmAvailable) { _output.WriteLine("skipping NegotiateStream_StreamToStream_NtlmAuthentication_ValidCredentials_Success"); return; } VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new UnixGssFakeNegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated, "client.IsAuthenticated"); Assert.False(server.IsAuthenticated, "server.IsAuthenticated"); Task[] auth = new Task[] { client.AuthenticateAsClientAsync(credential, _testTarget, ProtectionLevel.None, TokenImpersonationLevel.Identification), server.AuthenticateAsServerAsync() }; await TestConfiguration.WhenAllOrAnyFailedWithTimeout(auth); // Expected Client property values: Assert.True(client.IsAuthenticated, "client.IsAuthenticated"); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.False(client.IsEncrypted, "client.IsEncrypted"); Assert.False(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated"); Assert.False(client.IsServer, "client.IsServer"); Assert.False(client.IsSigned, "client.IsSigned"); Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStreamOpen"); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("NTLM", serverIdentity.AuthenticationType); Assert.True(serverIdentity.IsAuthenticated, "serverIdentity.IsAuthenticated"); IdentityValidator.AssertHasName(serverIdentity, _testTarget); } }
public void NegotiateStream_StreamToStream_Authentication_EmptyCredentials_Fails() { string targetName = "testTargetName"; // Ensure there is no confusion between DefaultCredentials / DefaultNetworkCredentials and a // NetworkCredential object with empty user, password and domain. NetworkCredential emptyNetworkCredential = new NetworkCredential("", "", ""); Assert.NotEqual(emptyNetworkCredential, CredentialCache.DefaultCredentials); Assert.NotEqual(emptyNetworkCredential, CredentialCache.DefaultNetworkCredentials); VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated); Assert.False(server.IsAuthenticated); Task[] auth = new Task[2]; auth[0] = client.AuthenticateAsClientAsync(emptyNetworkCredential, targetName); auth[1] = server.AuthenticateAsServerAsync(); bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds); Assert.True(finished, "Handshake completed in the allotted time"); // Expected Client property values: Assert.True(client.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.Equal(true, client.IsEncrypted); Assert.Equal(false, client.IsMutuallyAuthenticated); Assert.Equal(false, client.IsServer); Assert.Equal(true, client.IsSigned); Assert.Equal(false, client.LeaveInnerStreamOpen); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("NTLM", serverIdentity.AuthenticationType); Assert.Equal(true, serverIdentity.IsAuthenticated); Assert.Equal(targetName, serverIdentity.Name); // Expected Server property values: Assert.True(server.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, server.ImpersonationLevel); Assert.Equal(true, server.IsEncrypted); Assert.Equal(false, server.IsMutuallyAuthenticated); Assert.Equal(true, server.IsServer); Assert.Equal(true, server.IsSigned); Assert.Equal(false, server.LeaveInnerStreamOpen); IIdentity clientIdentity = server.RemoteIdentity; Assert.Equal("NTLM", clientIdentity.AuthenticationType); // TODO #5241: Behavior difference: Assert.Equal(false, clientIdentity.IsAuthenticated); // On .Net Desktop: Assert.Equal(true, clientIdentity.IsAuthenticated); IdentityValidator.AssertHasName(clientIdentity, @"NT AUTHORITY\ANONYMOUS LOGON"); } }
public async Task NegotiateStream_StreamToStream_Authentication_EmptyCredentials_Fails() { string targetName = "testTargetName"; // Ensure there is no confusion between DefaultCredentials / DefaultNetworkCredentials and a // NetworkCredential object with empty user, password and domain. NetworkCredential emptyNetworkCredential = new NetworkCredential("", "", ""); Assert.NotEqual(emptyNetworkCredential, CredentialCache.DefaultCredentials); Assert.NotEqual(emptyNetworkCredential, CredentialCache.DefaultNetworkCredentials); VirtualNetwork network = new VirtualNetwork(); using (var clientStream = new VirtualNetworkStream(network, isServer: false)) using (var serverStream = new VirtualNetworkStream(network, isServer: true)) using (var client = new NegotiateStream(clientStream)) using (var server = new NegotiateStream(serverStream)) { Assert.False(client.IsAuthenticated); Assert.False(server.IsAuthenticated); Task[] auth = new Task[2]; auth[0] = AuthenticateAsClientAsync(client, emptyNetworkCredential, targetName); auth[1] = AuthenticateAsServerAsync(server); await TestConfiguration.WhenAllOrAnyFailedWithTimeout(auth); // Expected Client property values: Assert.True(client.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel); Assert.Equal(true, client.IsEncrypted); Assert.Equal(false, client.IsMutuallyAuthenticated); Assert.Equal(false, client.IsServer); Assert.Equal(true, client.IsSigned); Assert.Equal(false, client.LeaveInnerStreamOpen); IIdentity serverIdentity = client.RemoteIdentity; Assert.Equal("NTLM", serverIdentity.AuthenticationType); Assert.Equal(true, serverIdentity.IsAuthenticated); Assert.Equal(targetName, serverIdentity.Name); // Expected Server property values: Assert.True(server.IsAuthenticated); Assert.Equal(TokenImpersonationLevel.Identification, server.ImpersonationLevel); Assert.Equal(true, server.IsEncrypted); Assert.Equal(false, server.IsMutuallyAuthenticated); Assert.Equal(true, server.IsServer); Assert.Equal(true, server.IsSigned); Assert.Equal(false, server.LeaveInnerStreamOpen); IIdentity clientIdentity = server.RemoteIdentity; Assert.Equal("NTLM", clientIdentity.AuthenticationType); // TODO #5241: Behavior difference: Assert.Equal(false, clientIdentity.IsAuthenticated); // On .NET Desktop: Assert.Equal(true, clientIdentity.IsAuthenticated); IdentityValidator.AssertHasName(clientIdentity, new SecurityIdentifier(WellKnownSidType.AnonymousSid, null).Translate(typeof(NTAccount)).Value); } }