#8 re-enable and expand NTLM tests.

This commit is contained in:
Chris R 2015-07-10 14:36:39 -07:00
parent 67bd48fab2
commit a7a1ea59bf
2 changed files with 81 additions and 9 deletions

View File

@ -19,9 +19,8 @@ namespace ServerComparison.FunctionalTests
{ {
[ConditionalTheory, Trait("ServerComparison.FunctionalTests", "ServerComparison.FunctionalTests")] [ConditionalTheory, Trait("ServerComparison.FunctionalTests", "ServerComparison.FunctionalTests")]
[OSSkipCondition(OperatingSystems.Linux | OperatingSystems.MacOSX)] [OSSkipCondition(OperatingSystems.Linux | OperatingSystems.MacOSX)]
// TODO: Figure out why IISExpress failing [InlineData(ServerType.IISExpress, RuntimeFlavor.CoreClr, RuntimeArchitecture.x86, "http://localhost:5050/")]
//[InlineData(ServerType.IISExpress, RuntimeFlavor.CoreClr, RuntimeArchitecture.x86, "http://localhost:5050/")] [InlineData(ServerType.IISExpress, RuntimeFlavor.Clr, RuntimeArchitecture.x64, "http://localhost:5051/")]
//[InlineData(ServerType.IISExpress, RuntimeFlavor.Clr, RuntimeArchitecture.x64, "http://localhost:5051/")]
[InlineData(ServerType.WebListener, RuntimeFlavor.Clr, RuntimeArchitecture.x86, "http://localhost:5052/")] [InlineData(ServerType.WebListener, RuntimeFlavor.Clr, RuntimeArchitecture.x86, "http://localhost:5052/")]
[InlineData(ServerType.WebListener, RuntimeFlavor.CoreClr, RuntimeArchitecture.x64, "http://localhost:5052/")] [InlineData(ServerType.WebListener, RuntimeFlavor.CoreClr, RuntimeArchitecture.x64, "http://localhost:5052/")]
public async Task NtlmAuthentication(ServerType serverType, RuntimeFlavor runtimeFlavor, RuntimeArchitecture architecture, string applicationBaseUrl) public async Task NtlmAuthentication(ServerType serverType, RuntimeFlavor runtimeFlavor, RuntimeArchitecture architecture, string applicationBaseUrl)
@ -61,14 +60,52 @@ namespace ServerComparison.FunctionalTests
Assert.Equal("Anonymous?True", responseText); Assert.Equal("Anonymous?True", responseText);
response = await httpClient.GetAsync("/Restricted"); response = await httpClient.GetAsync("/Restricted");
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
Assert.Contains("NTLM", response.Headers.WwwAuthenticate.ToString()); Assert.Contains("NTLM", response.Headers.WwwAuthenticate.ToString());
Assert.Contains("Negotiate", response.Headers.WwwAuthenticate.ToString());
response = await httpClient.GetAsync("/RestrictedNTLM");
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
Assert.Contains("NTLM", response.Headers.WwwAuthenticate.ToString());
// Note IIS can't restrict a challenge to a specific auth type, the native auth modules always add themselves.
// However WebListener can.
if (serverType == ServerType.WebListener)
{
Assert.DoesNotContain("Negotiate", response.Headers.WwwAuthenticate.ToString());
}
else if (serverType == ServerType.IISExpress)
{
Assert.Contains("Negotiate", response.Headers.WwwAuthenticate.ToString());
}
response = await httpClient.GetAsync("/Forbidden");
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
httpClientHandler = new HttpClientHandler() { UseDefaultCredentials = true }; httpClientHandler = new HttpClientHandler() { UseDefaultCredentials = true };
httpClient = new HttpClient(httpClientHandler) { BaseAddress = new Uri(deploymentResult.ApplicationBaseUri) }; httpClient = new HttpClient(httpClientHandler) { BaseAddress = new Uri(deploymentResult.ApplicationBaseUri) };
response = await httpClient.GetAsync("/AutoForbid");
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
responseText = await httpClient.GetStringAsync("/Restricted"); responseText = await httpClient.GetStringAsync("/Restricted");
Assert.Equal("NotAnonymous", responseText); Assert.Equal("Negotiate", responseText);
responseText = await httpClient.GetStringAsync("/RestrictedNegotiate");
Assert.Equal("Negotiate", responseText);
if (serverType == ServerType.WebListener)
{
responseText = await httpClient.GetStringAsync("/RestrictedNTLM");
Assert.Equal("NTLM", responseText);
}
else if (serverType == ServerType.IISExpress)
{
response = await httpClient.GetAsync("/RestrictedNTLM");
// This isn't a Forbidden because we authenticate with Negotiate and challenge for NTLM.
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
// Note IIS can't restrict a challenge to a specific auth type, the native auth modules always add themselves,
// so both Negotiate and NTLM get sent again.
}
} }
catch (XunitException) catch (XunitException)
{ {

View File

@ -53,21 +53,22 @@ namespace ServerComparison.TestSites
if ((app.Server as ServerInformation) != null) if ((app.Server as ServerInformation) != null)
{ {
var serverInformation = (ServerInformation)app.Server; var serverInformation = (ServerInformation)app.Server;
serverInformation.Listener.AuthenticationManager.AuthenticationSchemes = AuthenticationSchemes.NTLM | AuthenticationSchemes.AllowAnonymous; serverInformation.Listener.AuthenticationManager.AuthenticationSchemes =
AuthenticationSchemes.Negotiate | AuthenticationSchemes.NTLM | AuthenticationSchemes.AllowAnonymous;
} }
app.Use((context, next) => app.Use((context, next) =>
{ {
if (context.Request.Path.Equals(new PathString("/Anonymous"))) if (context.Request.Path.Equals("/Anonymous"))
{ {
return context.Response.WriteAsync("Anonymous?" + !context.User.Identity.IsAuthenticated); return context.Response.WriteAsync("Anonymous?" + !context.User.Identity.IsAuthenticated);
} }
if (context.Request.Path.Equals(new PathString("/Restricted"))) if (context.Request.Path.Equals("/Restricted"))
{ {
if (context.User.Identity.IsAuthenticated) if (context.User.Identity.IsAuthenticated)
{ {
return context.Response.WriteAsync("NotAnonymous"); return context.Response.WriteAsync(context.User.Identity.AuthenticationType);
} }
else else
{ {
@ -75,6 +76,40 @@ namespace ServerComparison.TestSites
} }
} }
if (context.Request.Path.Equals("/Forbidden"))
{
return context.Authentication.ForbidAsync(string.Empty);
}
if (context.Request.Path.Equals("/AutoForbid"))
{
return context.Authentication.ChallengeAsync();
}
if (context.Request.Path.Equals("/RestrictedNegotiate"))
{
if (string.Equals("Negotiate", context.User.Identity.AuthenticationType, System.StringComparison.Ordinal))
{
return context.Response.WriteAsync("Negotiate");
}
else
{
return context.Authentication.ChallengeAsync("Negotiate");
}
}
if (context.Request.Path.Equals("/RestrictedNTLM"))
{
if (string.Equals("NTLM", context.User.Identity.AuthenticationType, System.StringComparison.Ordinal))
{
return context.Response.WriteAsync("NTLM");
}
else
{
return context.Authentication.ChallengeAsync("NTLM");
}
}
return context.Response.WriteAsync("Hello World"); return context.Response.WriteAsync("Hello World");
}); });
} }