public void ValidateMasterKeyAuthProvider() { string masterKeyCredential = CosmosClientTests.NewRamdonMasterKey(); using (CosmosClient client = new CosmosClient( CosmosClientTests.AccountEndpoint, masterKeyCredential, new CosmosClientOptions() { EnableClientTelemetry = false, })) { Assert.AreEqual(typeof(AuthorizationTokenProviderMasterKey), client.AuthorizationTokenProvider.GetType()); } }
public async Task ValidateAzureKeyCredentialGatewayModeUpdateAsync() { const int defaultStatusCode = 401; const int defaultSubStatusCode = 50000; const int authMisMatchStatusCode = 70000; string originalKey = CosmosClientTests.NewRamdonMasterKey(); string newKey = CosmosClientTests.NewRamdonResourceToken(); string currentKey = originalKey; Mock <IHttpHandler> mockHttpHandler = new Mock <IHttpHandler>(); mockHttpHandler.Setup(x => x.SendAsync( It.IsAny <HttpRequestMessage>(), It.IsAny <CancellationToken>())) .Returns((HttpRequestMessage request, CancellationToken cancellationToken) => { HttpResponseMessage responseMessage = new HttpResponseMessage((HttpStatusCode)defaultStatusCode); if (request.RequestUri != VmMetadataApiHandler.vmMetadataEndpointUrl) { bool authHeaderPresent = request.Headers.TryGetValues(Documents.HttpConstants.HttpHeaders.Authorization, out IEnumerable <string> authValues); Assert.IsTrue(authHeaderPresent); Assert.AreNotEqual(0, authValues.Count()); AuthorizationHelper.GetResourceTypeAndIdOrFullName(request.RequestUri, out _, out string resourceType, out string resourceIdValue); AuthorizationHelper.ParseAuthorizationToken(authValues.First(), out ReadOnlyMemory <char> authType, out ReadOnlyMemory <char> _, out ReadOnlyMemory <char> tokenFromAuthHeader); bool authValidated = false; if (MemoryExtensions.Equals(authType.Span, Documents.Constants.Properties.ResourceToken.AsSpan(), StringComparison.OrdinalIgnoreCase)) { authValidated = HttpUtility.UrlDecode(authValues.First()) == currentKey; } else { authValidated = AuthorizationHelper.CheckPayloadUsingKey( tokenFromAuthHeader, request.Method.Method, resourceIdValue, resourceType, request.Headers.Aggregate(new NameValueCollectionWrapper(), (c, kvp) => { c.Add(kvp.Key, kvp.Value); return(c); }), currentKey); } int subStatusCode = authValidated ? defaultSubStatusCode : authMisMatchStatusCode; responseMessage.Headers.Add(Documents.WFConstants.BackendHeaders.SubStatus, subStatusCode.ToString()); } return(Task.FromResult(responseMessage)); }); AzureKeyCredential masterKeyCredential = new AzureKeyCredential(originalKey); using (CosmosClient client = new CosmosClient( CosmosClientTests.AccountEndpoint, masterKeyCredential, new CosmosClientOptions() { HttpClientFactory = () => new HttpClient(new HttpHandlerHelper(mockHttpHandler.Object)), EnableClientTelemetry = false, })) { Container container = client.GetContainer(Guid.NewGuid().ToString(), Guid.NewGuid().ToString()); Func <int, int, Task> authValidation = async(int statusCode, int subStatusCode) => { try { await container.ReadItemAsync <ToDoActivity>(Guid.NewGuid().ToString(), new Cosmos.PartitionKey(Guid.NewGuid().ToString())); Assert.Fail("Expected client to throw a authentication exception"); } catch (CosmosException ex) { Assert.AreEqual(statusCode, (int)ex.StatusCode, ex.ToString()); Assert.AreEqual(subStatusCode, ex.SubStatusCode, ex.ToString()); } }; // Key(V1) await authValidation(defaultStatusCode, defaultSubStatusCode); // Update key(V2) and let the auth validation fail masterKeyCredential.Update(newKey); await authValidation(defaultStatusCode, authMisMatchStatusCode); // Updated Key(V2) and now lets succeed auth validation Interlocked.Exchange(ref currentKey, newKey); await authValidation(defaultStatusCode, defaultSubStatusCode); } }