React to Auth + switch to Policy Evaluator

This commit is contained in:
Hao Kung 2017-05-25 18:23:41 -07:00
parent bb5eb96625
commit 4c2d727e38
6 changed files with 52 additions and 193 deletions

View File

@ -9,6 +9,7 @@ using System.Security.Claims;
using System.Threading.Tasks; using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Authorization.Policy;
using Microsoft.AspNetCore.Mvc.Core; using Microsoft.AspNetCore.Mvc.Core;
using Microsoft.AspNetCore.Mvc.Filters; using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.AspNetCore.Mvc.Internal; using Microsoft.AspNetCore.Mvc.Internal;
@ -125,26 +126,9 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
return; return;
} }
// Build a ClaimsPrincipal with the Policy's required authentication types var policyEvaluator = context.HttpContext.RequestServices.GetRequiredService<IPolicyEvaluator>();
if (effectivePolicy.AuthenticationSchemes != null && effectivePolicy.AuthenticationSchemes.Count > 0)
{ var authenticateResult = await policyEvaluator.AuthenticateAsync(effectivePolicy, context.HttpContext);
ClaimsPrincipal newPrincipal = null;
for (var i = 0; i < effectivePolicy.AuthenticationSchemes.Count; i++)
{
var scheme = effectivePolicy.AuthenticationSchemes[i];
var result = await context.HttpContext.AuthenticateAsync(scheme);
if (result.Succeeded)
{
newPrincipal = SecurityHelper.MergeUserPrincipal(newPrincipal, result.Principal);
}
}
// If all schemes failed authentication, provide a default identity anyways
if (newPrincipal == null)
{
newPrincipal = new ClaimsPrincipal(new ClaimsIdentity());
}
context.HttpContext.User = newPrincipal;
}
// Allow Anonymous skips all authorization // Allow Anonymous skips all authorization
if (context.Filters.Any(item => item is IAllowAnonymousFilter)) if (context.Filters.Any(item => item is IAllowAnonymousFilter))
@ -152,14 +136,16 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
return; return;
} }
var httpContext = context.HttpContext; var authorizeResult = await policyEvaluator.AuthorizeAsync(effectivePolicy, authenticateResult, context.HttpContext);
var authService = httpContext.RequestServices.GetRequiredService<IAuthorizationService>();
// Note: Default Anonymous User is new ClaimsPrincipal(new ClaimsIdentity()) if (authorizeResult.Challenged)
if (!await authService.AuthorizeAsync(httpContext.User, context, effectivePolicy))
{ {
context.Result = new ChallengeResult(effectivePolicy.AuthenticationSchemes.ToArray()); context.Result = new ChallengeResult(effectivePolicy.AuthenticationSchemes.ToArray());
} }
else if (authorizeResult.Forbidden)
{
context.Result = new ForbidResult(effectivePolicy.AuthenticationSchemes.ToArray());
}
} }
IFilterMetadata IFilterFactory.CreateInstance(IServiceProvider serviceProvider) IFilterMetadata IFilterFactory.CreateInstance(IServiceProvider serviceProvider)

View File

@ -92,6 +92,7 @@ namespace Microsoft.Extensions.DependencyInjection
{ {
services.AddAuthenticationCore(); services.AddAuthenticationCore();
services.AddAuthorization(); services.AddAuthorization();
services.AddAuthorizationPolicyEvaluator();
services.TryAddEnumerable( services.TryAddEnumerable(
ServiceDescriptor.Transient<IApplicationModelProvider, AuthorizationApplicationModelProvider>()); ServiceDescriptor.Transient<IApplicationModelProvider, AuthorizationApplicationModelProvider>());

View File

@ -22,7 +22,7 @@ Microsoft.AspNetCore.Mvc.RouteAttribute</Description>
<ProjectReference Include="..\Microsoft.AspNetCore.Mvc.Abstractions\Microsoft.AspNetCore.Mvc.Abstractions.csproj" /> <ProjectReference Include="..\Microsoft.AspNetCore.Mvc.Abstractions\Microsoft.AspNetCore.Mvc.Abstractions.csproj" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.Core" Version="$(AspNetCoreVersion)" /> <PackageReference Include="Microsoft.AspNetCore.Authentication.Core" Version="$(AspNetCoreVersion)" />
<PackageReference Include="Microsoft.AspNetCore.Authorization" Version="$(AspNetCoreVersion)" /> <PackageReference Include="Microsoft.AspNetCore.Authorization.Policy" Version="$(AspNetCoreVersion)" />
<PackageReference Include="Microsoft.AspNetCore.Hosting.Abstractions" Version="$(AspNetCoreVersion)" /> <PackageReference Include="Microsoft.AspNetCore.Hosting.Abstractions" Version="$(AspNetCoreVersion)" />
<PackageReference Include="Microsoft.AspNetCore.Http" Version="$(AspNetCoreVersion)" /> <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(AspNetCoreVersion)" />
<PackageReference Include="Microsoft.AspNetCore.Http.Extensions" Version="$(AspNetCoreVersion)" /> <PackageReference Include="Microsoft.AspNetCore.Http.Extensions" Version="$(AspNetCoreVersion)" />

View File

@ -22,7 +22,7 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
[Fact] [Fact]
public void InvalidUser() public void InvalidUser()
{ {
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); var authorizationContext = GetAuthorizationContext();
Assert.True(authorizationContext.HttpContext.User.Identities.Any(i => i.IsAuthenticated)); Assert.True(authorizationContext.HttpContext.User.Identities.Any(i => i.IsAuthenticated));
} }
@ -31,7 +31,7 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
{ {
// Arrange // Arrange
var authorizeFilter = new AuthorizeFilter(new[] { new AuthorizeAttribute() }); var authorizeFilter = new AuthorizeFilter(new[] { new AuthorizeAttribute() });
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); var authorizationContext = GetAuthorizationContext();
var expected = "An AuthorizationPolicy cannot be created without a valid instance of " + var expected = "An AuthorizationPolicy cannot be created without a valid instance of " +
"IAuthorizationPolicyProvider."; "IAuthorizationPolicyProvider.";
@ -46,7 +46,7 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
{ {
// Arrange // Arrange
var authorizeFilter = new AuthorizeFilter(new[] { new AuthorizeAttribute() }); var authorizeFilter = new AuthorizeFilter(new[] { new AuthorizeAttribute() });
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); var authorizationContext = GetAuthorizationContext();
var expected = "An AuthorizationPolicy cannot be created without a valid instance of " + var expected = "An AuthorizationPolicy cannot be created without a valid instance of " +
"IAuthorizationPolicyProvider."; "IAuthorizationPolicyProvider.";
@ -61,7 +61,7 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
{ {
// Arrange // Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build()); var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build());
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization(), anonymous: true); var authorizationContext = GetAuthorizationContext(anonymous: true);
authorizationContext.HttpContext.User = new ClaimsPrincipal(); authorizationContext.HttpContext.User = new ClaimsPrincipal();
// Act // Act
@ -80,7 +80,7 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
policyProvider.Setup(p => p.GetPolicyAsync(It.IsAny<string>())).ReturnsAsync(new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build()) policyProvider.Setup(p => p.GetPolicyAsync(It.IsAny<string>())).ReturnsAsync(new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build())
.Callback(() => getPolicyCount++); .Callback(() => getPolicyCount++);
var authorizeFilter = new AuthorizeFilter(policyProvider.Object, new AuthorizeAttribute[] { new AuthorizeAttribute("whatever") }); var authorizeFilter = new AuthorizeFilter(policyProvider.Object, new AuthorizeAttribute[] { new AuthorizeAttribute("whatever") });
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); var authorizationContext = GetAuthorizationContext();
// Act & Assert // Act & Assert
await authorizeFilter.OnAuthorizationAsync(authorizationContext); await authorizeFilter.OnAuthorizationAsync(authorizationContext);
@ -104,7 +104,7 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
{ {
// Arrange // Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build()); var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build());
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization(), anonymous: true); var authorizationContext = GetAuthorizationContext(anonymous: true);
// Act // Act
await authorizeFilter.OnAuthorizationAsync(authorizationContext); await authorizeFilter.OnAuthorizationAsync(authorizationContext);
@ -118,7 +118,7 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
{ {
// Arrange // Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireClaim("Permission", "CanViewPage").Build()); var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireClaim("Permission", "CanViewPage").Build());
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); var authorizationContext = GetAuthorizationContext();
// Act // Act
await authorizeFilter.OnAuthorizationAsync(authorizationContext); await authorizeFilter.OnAuthorizationAsync(authorizationContext);
@ -128,19 +128,17 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
} }
[Fact] [Fact]
public async Task Invoke_EmptyClaimsShouldRejectAnonymousUser() public async Task Invoke_EmptyClaimsShouldChallengeAnonymousUser()
{ {
// Arrange // Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()); var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build());
var authorizationContext = GetAuthorizationContext(services => var authorizationContext = GetAuthorizationContext(anonymous: true);
services.AddAuthorization(),
anonymous: true);
// Act // Act
await authorizeFilter.OnAuthorizationAsync(authorizationContext); await authorizeFilter.OnAuthorizationAsync(authorizationContext);
// Assert // Assert
Assert.NotNull(authorizationContext.Result); Assert.IsType<ChallengeResult>(authorizationContext.Result);
} }
[Fact] [Fact]
@ -148,8 +146,7 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
{ {
// Arrange // Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()); var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build());
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization(), var authorizationContext = GetAuthorizationContext(anonymous: true);
anonymous: true);
authorizationContext.Filters.Add(new AllowAnonymousFilter()); authorizationContext.Filters.Add(new AllowAnonymousFilter());
@ -165,7 +162,7 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
{ {
// Arrange // Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()); var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build());
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); var authorizationContext = GetAuthorizationContext();
// Act // Act
await authorizeFilter.OnAuthorizationAsync(authorizationContext); await authorizeFilter.OnAuthorizationAsync(authorizationContext);
@ -181,7 +178,7 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder("Fails") var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder("Fails")
.RequireAuthenticatedUser() .RequireAuthenticatedUser()
.Build()); .Build());
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); var authorizationContext = GetAuthorizationContext();
// Act // Act
await authorizeFilter.OnAuthorizationAsync(authorizationContext); await authorizeFilter.OnAuthorizationAsync(authorizationContext);
@ -195,7 +192,7 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
{ {
// Arrange // Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireClaim("Permission", "CanViewComment", "CanViewPage").Build()); var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireClaim("Permission", "CanViewComment", "CanViewPage").Build());
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); var authorizationContext = GetAuthorizationContext();
// Act // Act
await authorizeFilter.OnAuthorizationAsync(authorizationContext); await authorizeFilter.OnAuthorizationAsync(authorizationContext);
@ -205,162 +202,33 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
} }
[Fact] [Fact]
public async Task Invoke_RequireAdminRoleShouldFailWithNoHandlers() public async Task Invoke_RequireUnknownRoleShouldForbid()
{
// Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireRole("Administrator").Build());
var authorizationContext = GetAuthorizationContext(services =>
{
services.AddOptions();
services.AddAuthorization();
services.Remove(services.Where(sd => sd.ServiceType == typeof(IAuthorizationHandler)).Single());
});
// Act
await authorizeFilter.OnAuthorizationAsync(authorizationContext);
// Assert
Assert.NotNull(authorizationContext.Result);
}
[Fact]
public async Task Invoke_RequireAdminAndUserRoleWithNoPolicyShouldSucceed()
{
// Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireRole("Administrator").Build());
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization());
// Act
await authorizeFilter.OnAuthorizationAsync(authorizationContext);
// Assert
Assert.Null(authorizationContext.Result);
}
[Fact]
public async Task Invoke_RequireUnknownRoleShouldFail()
{ {
// Arrange // Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireRole("Wut").Build()); var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireRole("Wut").Build());
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); var authorizationContext = GetAuthorizationContext();
// Act // Act
await authorizeFilter.OnAuthorizationAsync(authorizationContext); await authorizeFilter.OnAuthorizationAsync(authorizationContext);
// Assert // Assert
Assert.NotNull(authorizationContext.Result); Assert.IsType<ForbidResult>(authorizationContext.Result);
} }
[Fact] [Fact]
public async Task Invoke_RequireAdminRoleButFailPolicyShouldFail() public async Task Invoke_InvalidClaimShouldForbid()
{
// Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder()
.RequireRole("Administrator")
.RequireClaim("Permission", "CanViewComment")
.Build());
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization());
// Act
await authorizeFilter.OnAuthorizationAsync(authorizationContext);
// Assert
Assert.NotNull(authorizationContext.Result);
}
[Fact]
public async Task Invoke_InvalidClaimShouldFail()
{ {
// Arrange // Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder() var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder()
.RequireClaim("Permission", "CanViewComment") .RequireClaim("Permission", "CanViewComment")
.Build()); .Build());
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); var authorizationContext = GetAuthorizationContext();
// Act // Act
await authorizeFilter.OnAuthorizationAsync(authorizationContext); await authorizeFilter.OnAuthorizationAsync(authorizationContext);
// Assert // Assert
Assert.NotNull(authorizationContext.Result); Assert.IsType<ForbidResult>(authorizationContext.Result);
}
[Fact]
public async Task Invoke_FailedContextShouldNotCheckPermission()
{
// Arrange
bool authorizationServiceIsCalled = false;
var authorizationService = new Mock<IAuthorizationService>();
authorizationService
.Setup(x => x.AuthorizeAsync(null, null, "CanViewComment"))
.Returns(() =>
{
authorizationServiceIsCalled = true;
return Task.FromResult(true);
});
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder()
.RequireClaim("Permission", "CanViewComment")
.Build());
var authorizationContext = GetAuthorizationContext(services =>
services.AddSingleton(authorizationService.Object));
authorizationContext.Result = new UnauthorizedResult();
// Act
await authorizeFilter.OnAuthorizationAsync(authorizationContext);
// Assert
Assert.False(authorizationServiceIsCalled);
}
[Fact]
public async Task Invoke_FailWhenLookingForClaimInOtherIdentity()
{
// Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder()
.RequireClaim("Permission", "CanViewComment")
.Build());
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization());
// Act
await authorizeFilter.OnAuthorizationAsync(authorizationContext);
// Assert
Assert.NotNull(authorizationContext.Result);
}
[Fact]
public async Task Invoke_CanLookingForClaimsInMultipleIdentities()
{
// Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder("Basic", "Bearer")
.RequireClaim("Permission", "CanViewComment")
.RequireClaim("Permission", "CupBearer")
.Build());
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization());
// Act
await authorizeFilter.OnAuthorizationAsync(authorizationContext);
// Assert
Assert.NotNull(authorizationContext.Result);
}
[Fact]
public async Task Invoke_CanFilterToOnlyBearerScheme()
{
// Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder("Bearer")
.RequireClaim("Permission", "CanViewPage")
.Build());
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization());
// Act
await authorizeFilter.OnAuthorizationAsync(authorizationContext);
// Assert
Assert.NotNull(authorizationContext.Result);
} }
[Fact] [Fact]
@ -455,8 +323,8 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
} }
private AuthorizationFilterContext GetAuthorizationContext( private AuthorizationFilterContext GetAuthorizationContext(
Action<ServiceCollection> registerServices, bool anonymous = false,
bool anonymous = false) Action<IServiceCollection> registerServices = null)
{ {
var basicPrincipal = new ClaimsPrincipal( var basicPrincipal = new ClaimsPrincipal(
new ClaimsIdentity( new ClaimsIdentity(
@ -482,12 +350,16 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
// ServiceProvider // ServiceProvider
var serviceCollection = new ServiceCollection(); var serviceCollection = new ServiceCollection();
var auth = new Mock<IAuthenticationService>(); var auth = new Mock<IAuthenticationService>();
serviceCollection.AddOptions();
serviceCollection.AddLogging();
serviceCollection.AddSingleton(auth.Object);
serviceCollection.AddAuthorization();
serviceCollection.AddAuthorizationPolicyEvaluator();
if (registerServices != null) if (registerServices != null)
{ {
serviceCollection.AddOptions();
serviceCollection.AddLogging();
serviceCollection.AddSingleton(auth.Object);
registerServices(serviceCollection); registerServices(serviceCollection);
} }
@ -495,15 +367,15 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
// HttpContext // HttpContext
var httpContext = new Mock<HttpContext>(); var httpContext = new Mock<HttpContext>();
auth.Setup(c => c.AuthenticateAsync(httpContext.Object, "Bearer")).ReturnsAsync(AuthenticateResult.Success(new AuthenticationTicket(bearerPrincipal, "Bearer")));
auth.Setup(c => c.AuthenticateAsync(httpContext.Object, "Basic")).ReturnsAsync(AuthenticateResult.Success(new AuthenticationTicket(basicPrincipal, "Basic")));
auth.Setup(c => c.AuthenticateAsync(httpContext.Object, "Fails")).ReturnsAsync(AuthenticateResult.Fail("Fails"));
httpContext.SetupProperty(c => c.User); httpContext.SetupProperty(c => c.User);
if (!anonymous) if (!anonymous)
{ {
httpContext.Object.User = validUser; httpContext.Object.User = validUser;
} }
httpContext.SetupGet(c => c.RequestServices).Returns(serviceProvider); httpContext.SetupGet(c => c.RequestServices).Returns(serviceProvider);
auth.Setup(c => c.AuthenticateAsync(httpContext.Object, "Bearer")).ReturnsAsync(AuthenticateResult.Success(new AuthenticationTicket(bearerPrincipal, "Bearer")));
auth.Setup(c => c.AuthenticateAsync(httpContext.Object, "Basic")).ReturnsAsync(AuthenticateResult.Success(new AuthenticationTicket(basicPrincipal, "Basic")));
auth.Setup(c => c.AuthenticateAsync(httpContext.Object, "Fails")).ReturnsAsync(AuthenticateResult.Fail("Fails"));
// AuthorizationFilterContext // AuthorizationFilterContext
var actionContext = new ActionContext( var actionContext = new ActionContext(

View File

@ -39,7 +39,7 @@ namespace Microsoft.AspNetCore.Mvc
await result.ExecuteResultAsync(actionContext); await result.ExecuteResultAsync(actionContext);
// Assert // Assert
auth.Verify(c => c.ChallengeAsync(httpContext.Object, "", null, ChallengeBehavior.Automatic), Times.Exactly(1)); auth.Verify(c => c.ChallengeAsync(httpContext.Object, "", null), Times.Exactly(1));
} }
[Fact] [Fact]
@ -64,7 +64,7 @@ namespace Microsoft.AspNetCore.Mvc
await result.ExecuteResultAsync(actionContext); await result.ExecuteResultAsync(actionContext);
// Assert // Assert
auth.Verify(c => c.ChallengeAsync(httpContext.Object, null, null, ChallengeBehavior.Automatic), Times.Exactly(1)); auth.Verify(c => c.ChallengeAsync(httpContext.Object, null, null), Times.Exactly(1));
} }
private static IServiceCollection CreateServices() private static IServiceCollection CreateServices()

View File

@ -19,13 +19,13 @@ namespace Microsoft.AspNetCore.Mvc
public class ForbidResultTest public class ForbidResultTest
{ {
[Fact] [Fact]
public async Task ExecuteResultAsync_InvokesForbidAsyncOnAuthenticationManager() public async Task ExecuteResultAsync_InvokesForbidAsyncOnAuthenticationService()
{ {
// Arrange // Arrange
var httpContext = new Mock<HttpContext>(); var httpContext = new Mock<HttpContext>();
var auth = new Mock<IAuthenticationService>(); var auth = new Mock<IAuthenticationService>();
auth auth
.Setup(c => c.ChallengeAsync(httpContext.Object, "", null, ChallengeBehavior.Forbidden)) .Setup(c => c.ForbidAsync(httpContext.Object, "", null))
.Returns(TaskCache.CompletedTask) .Returns(TaskCache.CompletedTask)
.Verifiable(); .Verifiable();
httpContext.Setup(c => c.RequestServices).Returns(CreateServices(auth.Object)); httpContext.Setup(c => c.RequestServices).Returns(CreateServices(auth.Object));
@ -52,11 +52,11 @@ namespace Microsoft.AspNetCore.Mvc
var authProperties = new AuthenticationProperties(); var authProperties = new AuthenticationProperties();
var auth = new Mock<IAuthenticationService>(); var auth = new Mock<IAuthenticationService>();
auth auth
.Setup(c => c.ChallengeAsync(httpContext.Object, "Scheme1", authProperties, ChallengeBehavior.Forbidden)) .Setup(c => c.ForbidAsync(httpContext.Object, "Scheme1", authProperties))
.Returns(TaskCache.CompletedTask) .Returns(TaskCache.CompletedTask)
.Verifiable(); .Verifiable();
auth auth
.Setup(c => c.ChallengeAsync(httpContext.Object, "Scheme2", authProperties, ChallengeBehavior.Forbidden)) .Setup(c => c.ForbidAsync(httpContext.Object, "Scheme2", authProperties))
.Returns(TaskCache.CompletedTask) .Returns(TaskCache.CompletedTask)
.Verifiable(); .Verifiable();
httpContext.Setup(c => c.RequestServices).Returns(CreateServices(auth.Object)); httpContext.Setup(c => c.RequestServices).Returns(CreateServices(auth.Object));
@ -90,7 +90,7 @@ namespace Microsoft.AspNetCore.Mvc
var httpContext = new Mock<HttpContext>(); var httpContext = new Mock<HttpContext>();
var auth = new Mock<IAuthenticationService>(); var auth = new Mock<IAuthenticationService>();
auth auth
.Setup(c => c.ChallengeAsync(httpContext.Object, null, expected, ChallengeBehavior.Forbidden)) .Setup(c => c.ForbidAsync(httpContext.Object, null, expected))
.Returns(TaskCache.CompletedTask) .Returns(TaskCache.CompletedTask)
.Verifiable(); .Verifiable();
httpContext.Setup(c => c.RequestServices).Returns(CreateServices(auth.Object)); httpContext.Setup(c => c.RequestServices).Returns(CreateServices(auth.Object));
@ -118,7 +118,7 @@ namespace Microsoft.AspNetCore.Mvc
var httpContext = new Mock<HttpContext>(); var httpContext = new Mock<HttpContext>();
var auth = new Mock<IAuthenticationService>(); var auth = new Mock<IAuthenticationService>();
auth auth
.Setup(c => c.ChallengeAsync(httpContext.Object, null, expected, ChallengeBehavior.Forbidden)) .Setup(c => c.ForbidAsync(httpContext.Object, null, expected))
.Returns(TaskCache.CompletedTask) .Returns(TaskCache.CompletedTask)
.Verifiable(); .Verifiable();
httpContext.Setup(c => c.RequestServices).Returns(CreateServices(auth.Object)); httpContext.Setup(c => c.RequestServices).Returns(CreateServices(auth.Object));