React to forbid changes
This commit is contained in:
Hao Kung
parent
bad3f62c8d
commit
87faa10e64
|
|
@ -26,31 +26,15 @@ namespace Microsoft.AspNetCore.Server.HttpSys
|
|||
return Task.FromResult(AuthenticateResult.None());
|
||||
}
|
||||
|
||||
public Task ChallengeAsync(ChallengeContext context)
|
||||
public Task ChallengeAsync(AuthenticationProperties properties)
|
||||
{
|
||||
switch (context.Behavior)
|
||||
{
|
||||
case ChallengeBehavior.Forbidden:
|
||||
_requestContext.Response.StatusCode = 403;
|
||||
break;
|
||||
case ChallengeBehavior.Unauthorized:
|
||||
_requestContext.Response.StatusCode = 401;
|
||||
break;
|
||||
case ChallengeBehavior.Automatic:
|
||||
var identity = (ClaimsIdentity)_requestContext.User?.Identity;
|
||||
if (identity != null && identity.IsAuthenticated)
|
||||
{
|
||||
_requestContext.Response.StatusCode = 403;
|
||||
}
|
||||
else
|
||||
{
|
||||
_requestContext.Response.StatusCode = 401;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
throw new NotSupportedException(context.Behavior.ToString());
|
||||
}
|
||||
_requestContext.Response.StatusCode = 401;
|
||||
return TaskCache.CompletedTask;
|
||||
}
|
||||
|
||||
public Task ForbidAsync(AuthenticationProperties properties)
|
||||
{
|
||||
_requestContext.Response.StatusCode = 403;
|
||||
return TaskCache.CompletedTask;
|
||||
}
|
||||
|
||||
|
|
@ -67,12 +51,12 @@ namespace Microsoft.AspNetCore.Server.HttpSys
|
|||
return TaskCache.CompletedTask;
|
||||
}
|
||||
|
||||
public Task SignInAsync(SignInContext context)
|
||||
public Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
|
||||
{
|
||||
throw new NotSupportedException();
|
||||
}
|
||||
|
||||
public Task SignOutAsync(SignOutContext context)
|
||||
public Task SignOutAsync(AuthenticationProperties properties)
|
||||
{
|
||||
return TaskCache.CompletedTask;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@
|
|||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\..\..\HttpAbstractions\src\Microsoft.AspNetCore.Authentication.Core\Microsoft.AspNetCore.Authentication.Core.csproj" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.Core" Version="$(AspNetCoreVersion)" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Hosting" Version="$(AspNetCoreVersion)" />
|
||||
<PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
|
||||
|
|
|
|||
|
|
@ -328,50 +328,6 @@ namespace Microsoft.AspNetCore.Server.HttpSys
|
|||
}
|
||||
}
|
||||
|
||||
[ConditionalTheory]
|
||||
[InlineData(AuthenticationSchemes.Negotiate)]
|
||||
[InlineData(AuthenticationSchemes.NTLM)]
|
||||
// [InlineData(AuthenticationSchemes.Digest)] // Not implemented
|
||||
// [InlineData(AuthenticationSchemes.Basic)] // Can't log in with UseDefaultCredentials
|
||||
public async Task AuthTypes_ChallengeAuthenticatedAuthType_Forbidden(AuthenticationSchemes authType)
|
||||
{
|
||||
using (var server = Utilities.CreateDynamicHost(authType, DenyAnoymous, out var address, httpContext =>
|
||||
{
|
||||
Assert.NotNull(httpContext.User);
|
||||
Assert.NotNull(httpContext.User.Identity);
|
||||
Assert.True(httpContext.User.Identity.IsAuthenticated);
|
||||
return httpContext.ChallengeAsync(HttpSysDefaults.AuthenticationScheme);
|
||||
}))
|
||||
{
|
||||
var response = await SendRequestAsync(address, useDefaultCredentials: true);
|
||||
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
|
||||
// for some reason Kerberos and Negotiate include a 2nd stage challenge.
|
||||
// Assert.Equal(0, response.Headers.WwwAuthenticate.Count);
|
||||
}
|
||||
}
|
||||
|
||||
[ConditionalTheory]
|
||||
[InlineData(AuthenticationSchemes.Negotiate)]
|
||||
[InlineData(AuthenticationSchemes.NTLM)]
|
||||
// [InlineData(AuthenticationSchemes.Digest)] // Not implemented
|
||||
// [InlineData(AuthenticationSchemes.Basic)] // Can't log in with UseDefaultCredentials
|
||||
public async Task AuthTypes_ChallengeAuthenticatedAuthTypeWithEmptyChallenge_Forbidden(AuthenticationSchemes authType)
|
||||
{
|
||||
using (var server = Utilities.CreateDynamicHost(authType, DenyAnoymous, out var address, httpContext =>
|
||||
{
|
||||
Assert.NotNull(httpContext.User);
|
||||
Assert.NotNull(httpContext.User.Identity);
|
||||
Assert.True(httpContext.User.Identity.IsAuthenticated);
|
||||
return httpContext.ChallengeAsync(HttpSysDefaults.AuthenticationScheme);
|
||||
}))
|
||||
{
|
||||
var response = await SendRequestAsync(address, useDefaultCredentials: true);
|
||||
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
|
||||
// for some reason Kerberos and Negotiate include a 2nd stage challenge.
|
||||
// Assert.Equal(0, response.Headers.WwwAuthenticate.Count);
|
||||
}
|
||||
}
|
||||
|
||||
[ConditionalTheory]
|
||||
[InlineData(AuthenticationSchemes.Negotiate)]
|
||||
[InlineData(AuthenticationSchemes.NTLM)]
|
||||
|
|
@ -384,7 +340,7 @@ namespace Microsoft.AspNetCore.Server.HttpSys
|
|||
Assert.NotNull(httpContext.User);
|
||||
Assert.NotNull(httpContext.User.Identity);
|
||||
Assert.True(httpContext.User.Identity.IsAuthenticated);
|
||||
return httpContext.ChallengeAsync(HttpSysDefaults.AuthenticationScheme, null, ChallengeBehavior.Unauthorized);
|
||||
return httpContext.ChallengeAsync(HttpSysDefaults.AuthenticationScheme, null);
|
||||
}))
|
||||
{
|
||||
var response = await SendRequestAsync(address, useDefaultCredentials: true);
|
||||
|
|
|
|||
Loading…
Reference in New Issue