React to forbid changes
This commit is contained in:
parent
bad3f62c8d
commit
87faa10e64
|
|
@ -26,31 +26,15 @@ namespace Microsoft.AspNetCore.Server.HttpSys
|
||||||
return Task.FromResult(AuthenticateResult.None());
|
return Task.FromResult(AuthenticateResult.None());
|
||||||
}
|
}
|
||||||
|
|
||||||
public Task ChallengeAsync(ChallengeContext context)
|
public Task ChallengeAsync(AuthenticationProperties properties)
|
||||||
{
|
{
|
||||||
switch (context.Behavior)
|
_requestContext.Response.StatusCode = 401;
|
||||||
{
|
return TaskCache.CompletedTask;
|
||||||
case ChallengeBehavior.Forbidden:
|
}
|
||||||
_requestContext.Response.StatusCode = 403;
|
|
||||||
break;
|
|
||||||
case ChallengeBehavior.Unauthorized:
|
|
||||||
_requestContext.Response.StatusCode = 401;
|
|
||||||
break;
|
|
||||||
case ChallengeBehavior.Automatic:
|
|
||||||
var identity = (ClaimsIdentity)_requestContext.User?.Identity;
|
|
||||||
if (identity != null && identity.IsAuthenticated)
|
|
||||||
{
|
|
||||||
_requestContext.Response.StatusCode = 403;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
_requestContext.Response.StatusCode = 401;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
throw new NotSupportedException(context.Behavior.ToString());
|
|
||||||
}
|
|
||||||
|
|
||||||
|
public Task ForbidAsync(AuthenticationProperties properties)
|
||||||
|
{
|
||||||
|
_requestContext.Response.StatusCode = 403;
|
||||||
return TaskCache.CompletedTask;
|
return TaskCache.CompletedTask;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -67,12 +51,12 @@ namespace Microsoft.AspNetCore.Server.HttpSys
|
||||||
return TaskCache.CompletedTask;
|
return TaskCache.CompletedTask;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Task SignInAsync(SignInContext context)
|
public Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
|
||||||
{
|
{
|
||||||
throw new NotSupportedException();
|
throw new NotSupportedException();
|
||||||
}
|
}
|
||||||
|
|
||||||
public Task SignOutAsync(SignOutContext context)
|
public Task SignOutAsync(AuthenticationProperties properties)
|
||||||
{
|
{
|
||||||
return TaskCache.CompletedTask;
|
return TaskCache.CompletedTask;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -12,6 +12,7 @@
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
|
<ProjectReference Include="..\..\..\HttpAbstractions\src\Microsoft.AspNetCore.Authentication.Core\Microsoft.AspNetCore.Authentication.Core.csproj" />
|
||||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.Core" Version="$(AspNetCoreVersion)" />
|
<PackageReference Include="Microsoft.AspNetCore.Authentication.Core" Version="$(AspNetCoreVersion)" />
|
||||||
<PackageReference Include="Microsoft.AspNetCore.Hosting" Version="$(AspNetCoreVersion)" />
|
<PackageReference Include="Microsoft.AspNetCore.Hosting" Version="$(AspNetCoreVersion)" />
|
||||||
<PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
|
<PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
|
||||||
|
|
|
||||||
|
|
@ -328,50 +328,6 @@ namespace Microsoft.AspNetCore.Server.HttpSys
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
[ConditionalTheory]
|
|
||||||
[InlineData(AuthenticationSchemes.Negotiate)]
|
|
||||||
[InlineData(AuthenticationSchemes.NTLM)]
|
|
||||||
// [InlineData(AuthenticationSchemes.Digest)] // Not implemented
|
|
||||||
// [InlineData(AuthenticationSchemes.Basic)] // Can't log in with UseDefaultCredentials
|
|
||||||
public async Task AuthTypes_ChallengeAuthenticatedAuthType_Forbidden(AuthenticationSchemes authType)
|
|
||||||
{
|
|
||||||
using (var server = Utilities.CreateDynamicHost(authType, DenyAnoymous, out var address, httpContext =>
|
|
||||||
{
|
|
||||||
Assert.NotNull(httpContext.User);
|
|
||||||
Assert.NotNull(httpContext.User.Identity);
|
|
||||||
Assert.True(httpContext.User.Identity.IsAuthenticated);
|
|
||||||
return httpContext.ChallengeAsync(HttpSysDefaults.AuthenticationScheme);
|
|
||||||
}))
|
|
||||||
{
|
|
||||||
var response = await SendRequestAsync(address, useDefaultCredentials: true);
|
|
||||||
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
|
|
||||||
// for some reason Kerberos and Negotiate include a 2nd stage challenge.
|
|
||||||
// Assert.Equal(0, response.Headers.WwwAuthenticate.Count);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[ConditionalTheory]
|
|
||||||
[InlineData(AuthenticationSchemes.Negotiate)]
|
|
||||||
[InlineData(AuthenticationSchemes.NTLM)]
|
|
||||||
// [InlineData(AuthenticationSchemes.Digest)] // Not implemented
|
|
||||||
// [InlineData(AuthenticationSchemes.Basic)] // Can't log in with UseDefaultCredentials
|
|
||||||
public async Task AuthTypes_ChallengeAuthenticatedAuthTypeWithEmptyChallenge_Forbidden(AuthenticationSchemes authType)
|
|
||||||
{
|
|
||||||
using (var server = Utilities.CreateDynamicHost(authType, DenyAnoymous, out var address, httpContext =>
|
|
||||||
{
|
|
||||||
Assert.NotNull(httpContext.User);
|
|
||||||
Assert.NotNull(httpContext.User.Identity);
|
|
||||||
Assert.True(httpContext.User.Identity.IsAuthenticated);
|
|
||||||
return httpContext.ChallengeAsync(HttpSysDefaults.AuthenticationScheme);
|
|
||||||
}))
|
|
||||||
{
|
|
||||||
var response = await SendRequestAsync(address, useDefaultCredentials: true);
|
|
||||||
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
|
|
||||||
// for some reason Kerberos and Negotiate include a 2nd stage challenge.
|
|
||||||
// Assert.Equal(0, response.Headers.WwwAuthenticate.Count);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[ConditionalTheory]
|
[ConditionalTheory]
|
||||||
[InlineData(AuthenticationSchemes.Negotiate)]
|
[InlineData(AuthenticationSchemes.Negotiate)]
|
||||||
[InlineData(AuthenticationSchemes.NTLM)]
|
[InlineData(AuthenticationSchemes.NTLM)]
|
||||||
|
|
@ -384,7 +340,7 @@ namespace Microsoft.AspNetCore.Server.HttpSys
|
||||||
Assert.NotNull(httpContext.User);
|
Assert.NotNull(httpContext.User);
|
||||||
Assert.NotNull(httpContext.User.Identity);
|
Assert.NotNull(httpContext.User.Identity);
|
||||||
Assert.True(httpContext.User.Identity.IsAuthenticated);
|
Assert.True(httpContext.User.Identity.IsAuthenticated);
|
||||||
return httpContext.ChallengeAsync(HttpSysDefaults.AuthenticationScheme, null, ChallengeBehavior.Unauthorized);
|
return httpContext.ChallengeAsync(HttpSysDefaults.AuthenticationScheme, null);
|
||||||
}))
|
}))
|
||||||
{
|
{
|
||||||
var response = await SendRequestAsync(address, useDefaultCredentials: true);
|
var response = await SendRequestAsync(address, useDefaultCredentials: true);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue