From 87faa10e6478be2932ba41e8de09af8b5b9f9077 Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Wed, 24 May 2017 12:21:08 -0700 Subject: [PATCH] React to forbid changes --- .../AuthenticationHandler.cs | 34 ++++---------- ...Microsoft.AspNetCore.Server.HttpSys.csproj | 1 + .../AuthenticationTests.cs | 46 +------------------ 3 files changed, 11 insertions(+), 70 deletions(-) diff --git a/src/Microsoft.AspNetCore.Server.HttpSys/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Server.HttpSys/AuthenticationHandler.cs index 0f5e6702d2..77656d1d96 100644 --- a/src/Microsoft.AspNetCore.Server.HttpSys/AuthenticationHandler.cs +++ b/src/Microsoft.AspNetCore.Server.HttpSys/AuthenticationHandler.cs @@ -26,31 +26,15 @@ namespace Microsoft.AspNetCore.Server.HttpSys return Task.FromResult(AuthenticateResult.None()); } - public Task ChallengeAsync(ChallengeContext context) + public Task ChallengeAsync(AuthenticationProperties properties) { - switch (context.Behavior) - { - case ChallengeBehavior.Forbidden: - _requestContext.Response.StatusCode = 403; - break; - case ChallengeBehavior.Unauthorized: - _requestContext.Response.StatusCode = 401; - break; - case ChallengeBehavior.Automatic: - var identity = (ClaimsIdentity)_requestContext.User?.Identity; - if (identity != null && identity.IsAuthenticated) - { - _requestContext.Response.StatusCode = 403; - } - else - { - _requestContext.Response.StatusCode = 401; - } - break; - default: - throw new NotSupportedException(context.Behavior.ToString()); - } + _requestContext.Response.StatusCode = 401; + return TaskCache.CompletedTask; + } + public Task ForbidAsync(AuthenticationProperties properties) + { + _requestContext.Response.StatusCode = 403; return TaskCache.CompletedTask; } @@ -67,12 +51,12 @@ namespace Microsoft.AspNetCore.Server.HttpSys return TaskCache.CompletedTask; } - public Task SignInAsync(SignInContext context) + public Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties) { throw new NotSupportedException(); } - public Task SignOutAsync(SignOutContext context) + public Task SignOutAsync(AuthenticationProperties properties) { return TaskCache.CompletedTask; } diff --git a/src/Microsoft.AspNetCore.Server.HttpSys/Microsoft.AspNetCore.Server.HttpSys.csproj b/src/Microsoft.AspNetCore.Server.HttpSys/Microsoft.AspNetCore.Server.HttpSys.csproj index 4bbc01835d..139af2f47b 100644 --- a/src/Microsoft.AspNetCore.Server.HttpSys/Microsoft.AspNetCore.Server.HttpSys.csproj +++ b/src/Microsoft.AspNetCore.Server.HttpSys/Microsoft.AspNetCore.Server.HttpSys.csproj @@ -12,6 +12,7 @@ + diff --git a/test/Microsoft.AspNetCore.Server.HttpSys.FunctionalTests/AuthenticationTests.cs b/test/Microsoft.AspNetCore.Server.HttpSys.FunctionalTests/AuthenticationTests.cs index 59d5f49438..bda1048f9c 100644 --- a/test/Microsoft.AspNetCore.Server.HttpSys.FunctionalTests/AuthenticationTests.cs +++ b/test/Microsoft.AspNetCore.Server.HttpSys.FunctionalTests/AuthenticationTests.cs @@ -328,50 +328,6 @@ namespace Microsoft.AspNetCore.Server.HttpSys } } - [ConditionalTheory] - [InlineData(AuthenticationSchemes.Negotiate)] - [InlineData(AuthenticationSchemes.NTLM)] - // [InlineData(AuthenticationSchemes.Digest)] // Not implemented - // [InlineData(AuthenticationSchemes.Basic)] // Can't log in with UseDefaultCredentials - public async Task AuthTypes_ChallengeAuthenticatedAuthType_Forbidden(AuthenticationSchemes authType) - { - using (var server = Utilities.CreateDynamicHost(authType, DenyAnoymous, out var address, httpContext => - { - Assert.NotNull(httpContext.User); - Assert.NotNull(httpContext.User.Identity); - Assert.True(httpContext.User.Identity.IsAuthenticated); - return httpContext.ChallengeAsync(HttpSysDefaults.AuthenticationScheme); - })) - { - var response = await SendRequestAsync(address, useDefaultCredentials: true); - Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode); - // for some reason Kerberos and Negotiate include a 2nd stage challenge. - // Assert.Equal(0, response.Headers.WwwAuthenticate.Count); - } - } - - [ConditionalTheory] - [InlineData(AuthenticationSchemes.Negotiate)] - [InlineData(AuthenticationSchemes.NTLM)] - // [InlineData(AuthenticationSchemes.Digest)] // Not implemented - // [InlineData(AuthenticationSchemes.Basic)] // Can't log in with UseDefaultCredentials - public async Task AuthTypes_ChallengeAuthenticatedAuthTypeWithEmptyChallenge_Forbidden(AuthenticationSchemes authType) - { - using (var server = Utilities.CreateDynamicHost(authType, DenyAnoymous, out var address, httpContext => - { - Assert.NotNull(httpContext.User); - Assert.NotNull(httpContext.User.Identity); - Assert.True(httpContext.User.Identity.IsAuthenticated); - return httpContext.ChallengeAsync(HttpSysDefaults.AuthenticationScheme); - })) - { - var response = await SendRequestAsync(address, useDefaultCredentials: true); - Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode); - // for some reason Kerberos and Negotiate include a 2nd stage challenge. - // Assert.Equal(0, response.Headers.WwwAuthenticate.Count); - } - } - [ConditionalTheory] [InlineData(AuthenticationSchemes.Negotiate)] [InlineData(AuthenticationSchemes.NTLM)] @@ -384,7 +340,7 @@ namespace Microsoft.AspNetCore.Server.HttpSys Assert.NotNull(httpContext.User); Assert.NotNull(httpContext.User.Identity); Assert.True(httpContext.User.Identity.IsAuthenticated); - return httpContext.ChallengeAsync(HttpSysDefaults.AuthenticationScheme, null, ChallengeBehavior.Unauthorized); + return httpContext.ChallengeAsync(HttpSysDefaults.AuthenticationScheme, null); })) { var response = await SendRequestAsync(address, useDefaultCredentials: true);