From a7a1ea59bfd1be60cb1b92dd64319272f0885e2c Mon Sep 17 00:00:00 2001 From: Chris R Date: Fri, 10 Jul 2015 14:36:39 -0700 Subject: [PATCH] #8 re-enable and expand NTLM tests. --- .../NtlmAuthentationTest.cs | 47 +++++++++++++++++-- .../StartupNtlmAuthentication.cs | 43 +++++++++++++++-- 2 files changed, 81 insertions(+), 9 deletions(-) diff --git a/test/ServerComparison.FunctionalTests/NtlmAuthentationTest.cs b/test/ServerComparison.FunctionalTests/NtlmAuthentationTest.cs index 42ca2ca52a..71ac3ae5a9 100644 --- a/test/ServerComparison.FunctionalTests/NtlmAuthentationTest.cs +++ b/test/ServerComparison.FunctionalTests/NtlmAuthentationTest.cs @@ -19,9 +19,8 @@ namespace ServerComparison.FunctionalTests { [ConditionalTheory, Trait("ServerComparison.FunctionalTests", "ServerComparison.FunctionalTests")] [OSSkipCondition(OperatingSystems.Linux | OperatingSystems.MacOSX)] - // TODO: Figure out why IISExpress failing - //[InlineData(ServerType.IISExpress, RuntimeFlavor.CoreClr, RuntimeArchitecture.x86, "http://localhost:5050/")] - //[InlineData(ServerType.IISExpress, RuntimeFlavor.Clr, RuntimeArchitecture.x64, "http://localhost:5051/")] + [InlineData(ServerType.IISExpress, RuntimeFlavor.CoreClr, RuntimeArchitecture.x86, "http://localhost:5050/")] + [InlineData(ServerType.IISExpress, RuntimeFlavor.Clr, RuntimeArchitecture.x64, "http://localhost:5051/")] [InlineData(ServerType.WebListener, RuntimeFlavor.Clr, RuntimeArchitecture.x86, "http://localhost:5052/")] [InlineData(ServerType.WebListener, RuntimeFlavor.CoreClr, RuntimeArchitecture.x64, "http://localhost:5052/")] public async Task NtlmAuthentication(ServerType serverType, RuntimeFlavor runtimeFlavor, RuntimeArchitecture architecture, string applicationBaseUrl) @@ -61,14 +60,52 @@ namespace ServerComparison.FunctionalTests Assert.Equal("Anonymous?True", responseText); response = await httpClient.GetAsync("/Restricted"); - Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); Assert.Contains("NTLM", response.Headers.WwwAuthenticate.ToString()); + Assert.Contains("Negotiate", response.Headers.WwwAuthenticate.ToString()); + + response = await httpClient.GetAsync("/RestrictedNTLM"); + Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); + Assert.Contains("NTLM", response.Headers.WwwAuthenticate.ToString()); + // Note IIS can't restrict a challenge to a specific auth type, the native auth modules always add themselves. + // However WebListener can. + if (serverType == ServerType.WebListener) + { + Assert.DoesNotContain("Negotiate", response.Headers.WwwAuthenticate.ToString()); + } + else if (serverType == ServerType.IISExpress) + { + Assert.Contains("Negotiate", response.Headers.WwwAuthenticate.ToString()); + } + + response = await httpClient.GetAsync("/Forbidden"); + Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode); httpClientHandler = new HttpClientHandler() { UseDefaultCredentials = true }; httpClient = new HttpClient(httpClientHandler) { BaseAddress = new Uri(deploymentResult.ApplicationBaseUri) }; + + response = await httpClient.GetAsync("/AutoForbid"); + Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode); + responseText = await httpClient.GetStringAsync("/Restricted"); - Assert.Equal("NotAnonymous", responseText); + Assert.Equal("Negotiate", responseText); + + responseText = await httpClient.GetStringAsync("/RestrictedNegotiate"); + Assert.Equal("Negotiate", responseText); + + if (serverType == ServerType.WebListener) + { + responseText = await httpClient.GetStringAsync("/RestrictedNTLM"); + Assert.Equal("NTLM", responseText); + } + else if (serverType == ServerType.IISExpress) + { + response = await httpClient.GetAsync("/RestrictedNTLM"); + // This isn't a Forbidden because we authenticate with Negotiate and challenge for NTLM. + Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); + // Note IIS can't restrict a challenge to a specific auth type, the native auth modules always add themselves, + // so both Negotiate and NTLM get sent again. + } } catch (XunitException) { diff --git a/test/ServerComparison.TestSites/StartupNtlmAuthentication.cs b/test/ServerComparison.TestSites/StartupNtlmAuthentication.cs index fbccb64f7a..a03b4c30c7 100644 --- a/test/ServerComparison.TestSites/StartupNtlmAuthentication.cs +++ b/test/ServerComparison.TestSites/StartupNtlmAuthentication.cs @@ -53,21 +53,22 @@ namespace ServerComparison.TestSites if ((app.Server as ServerInformation) != null) { var serverInformation = (ServerInformation)app.Server; - serverInformation.Listener.AuthenticationManager.AuthenticationSchemes = AuthenticationSchemes.NTLM | AuthenticationSchemes.AllowAnonymous; + serverInformation.Listener.AuthenticationManager.AuthenticationSchemes = + AuthenticationSchemes.Negotiate | AuthenticationSchemes.NTLM | AuthenticationSchemes.AllowAnonymous; } app.Use((context, next) => { - if (context.Request.Path.Equals(new PathString("/Anonymous"))) + if (context.Request.Path.Equals("/Anonymous")) { return context.Response.WriteAsync("Anonymous?" + !context.User.Identity.IsAuthenticated); } - if (context.Request.Path.Equals(new PathString("/Restricted"))) + if (context.Request.Path.Equals("/Restricted")) { if (context.User.Identity.IsAuthenticated) { - return context.Response.WriteAsync("NotAnonymous"); + return context.Response.WriteAsync(context.User.Identity.AuthenticationType); } else { @@ -75,6 +76,40 @@ namespace ServerComparison.TestSites } } + if (context.Request.Path.Equals("/Forbidden")) + { + return context.Authentication.ForbidAsync(string.Empty); + } + + if (context.Request.Path.Equals("/AutoForbid")) + { + return context.Authentication.ChallengeAsync(); + } + + if (context.Request.Path.Equals("/RestrictedNegotiate")) + { + if (string.Equals("Negotiate", context.User.Identity.AuthenticationType, System.StringComparison.Ordinal)) + { + return context.Response.WriteAsync("Negotiate"); + } + else + { + return context.Authentication.ChallengeAsync("Negotiate"); + } + } + + if (context.Request.Path.Equals("/RestrictedNTLM")) + { + if (string.Equals("NTLM", context.User.Identity.AuthenticationType, System.StringComparison.Ordinal)) + { + return context.Response.WriteAsync("NTLM"); + } + else + { + return context.Authentication.ChallengeAsync("NTLM"); + } + } + return context.Response.WriteAsync("Hello World"); }); }