public void RequiresRoleAttribute_Authorize_MultipleAttributes_Denied()
{
// Create user in only role1, which should be denied because we require (1 or 2) AND (3 or 4)
IPrincipal user = this.CreateIPrincipal("user1", "role1");
// Instantiate a new DomainService to use for an Invoke
using (RequiresRoleTestService testDomainService = new RequiresRoleTestService())
{
testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Invoke));
// Get a DomainServiceDescription for that same domain service
DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(RequiresRoleTestService));
// Locate the invoke method
DomainOperationEntry invokeEntry = description.DomainOperationEntries.Single(p => p.Name == "Method1");
// Ask the domain service to perform authorization.
// The principal will be located via the mock data service created above.
// Invokes do not expect an entity instance.
AuthorizationResult result = testDomainService.IsAuthorized(invokeEntry, entity: null);
Assert.AreNotSame(AuthorizationResult.Allowed, result, "Expected user in role1 to be denied against invoke requiring roles (1 or 2) && (3 or 4) in multiple attributes");
// Validate the formatted denial message includes the invoke we attempted
string expectedMessage = String.Format(CultureInfo.CurrentCulture, Resource.AuthorizationAttribute_Default_Message, "Method1");
Assert.AreEqual(expectedMessage, result.ErrorMessage, "Expected default denial message plus name of the invoke method");
}
}
public void RequiresRoleAttribute_Authorize_MultipleAttributes_Denied()
{
// Create user in only role1, which should be denied because we require (1 or 2) AND (3 or 4)
IPrincipal user = this.CreateIPrincipal("user1", "role1");
// Instantiate a new DomainService to use for an Invoke
using (RequiresRoleTestService testDomainService = new RequiresRoleTestService())
{
testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Invoke));
// Get a DomainServiceDescription for that same domain service
DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(RequiresRoleTestService));
// Locate the invoke method
DomainOperationEntry invokeEntry = description.DomainOperationEntries.Single(p => p.Name == "Method1");
// Ask the domain service to perform authorization.
// The principal will be located via the mock data service created above.
// Invokes do not expect an entity instance.
AuthorizationResult result = testDomainService.IsAuthorized(invokeEntry, entity: null);
Assert.AreNotSame(AuthorizationResult.Allowed, result, "Expected user in role1 to be denied against invoke requiring roles (1 or 2) && (3 or 4) in multiple attributes");
// Validate the formatted denial message includes the invoke we attempted
string expectedMessage = String.Format(CultureInfo.CurrentCulture, Resource.AuthorizationAttribute_Default_Message, "Method1");
Assert.AreEqual(expectedMessage, result.ErrorMessage, "Expected default denial message plus name of the invoke method");
}
}
public void RequiresRoleAttribute_Authorize_MultipleAttributes_Allowed()
{
IPrincipal user = this.CreateIPrincipal("user1", "role1", "role4");
// Instantiate a new DomainService to use for an Invoke
using (RequiresRoleTestService testDomainService = new RequiresRoleTestService())
{
testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Invoke));
// Get a DomainServiceDescription for that same domain service
DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(RequiresRoleTestService));
// Locate the invoke method
DomainOperationEntry invokeEntry = description.DomainOperationEntries.Single(p => p.Name == "Method1");
AuthorizationResult result = testDomainService.IsAuthorized(invokeEntry, entity: null);
Assert.AreSame(AuthorizationResult.Allowed, result, "Expected user in role1 and role4 to be allowed against invoke requiring roles (1 or 2) && (3 or 4) in multiple attributes");
}
}
public void RequiresRoleAttribute_Authorize_MultipleAttributes_Allowed()
{
IPrincipal user = this.CreateIPrincipal("user1", "role1", "role4");
// Instantiate a new DomainService to use for an Invoke
using (RequiresRoleTestService testDomainService = new RequiresRoleTestService())
{
testDomainService.Initialize(new DomainServiceContext(new MockDataService(user), DomainOperationType.Invoke));
// Get a DomainServiceDescription for that same domain service
DomainServiceDescription description = DomainServiceDescription.GetDescription(typeof(RequiresRoleTestService));
// Locate the invoke method
DomainOperationEntry invokeEntry = description.DomainOperationEntries.Single(p => p.Name == "Method1");
AuthorizationResult result = testDomainService.IsAuthorized(invokeEntry, entity: null);
Assert.AreSame(AuthorizationResult.Allowed, result, "Expected user in role1 and role4 to be allowed against invoke requiring roles (1 or 2) && (3 or 4) in multiple attributes");
}
}