huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ServerTests => Auth 2.0

This commit is contained in:
Hao Kung 2017-05-17 13:42:11 -07:00
parent 6cbc736f68
commit c4414c362f
2 changed files with 12 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
test/ServerComparison.FunctionalTests/NtlmAuthenticationTest.cs
View File

@ -24,7 +24,8 @@ namespace ServerComparison.FunctionalTests
[OSSkipCondition(OperatingSystems.Linux)]
[OSSkipCondition(OperatingSystems.MacOSX)]
[InlineData(ServerType.IISExpress, RuntimeArchitecture.x86, ApplicationType.Portable, Skip = "https://github.com/aspnet/Hosting/issues/601")]
[InlineData(ServerType.IISExpress, RuntimeArchitecture.x64, ApplicationType.Portable, Skip = "https://github.com/aspnet/IISIntegration/issues/1")]
[InlineData(ServerType.IISExpress, RuntimeArchitecture.x64, ApplicationType.Portable)]
[InlineData(ServerType.WebListener, RuntimeArchitecture.x86, ApplicationType.Portable, Skip = "https://github.com/aspnet/Hosting/issues/601")]
[InlineData(ServerType.WebListener, RuntimeArchitecture.x64, ApplicationType.Portable)]
[InlineData(ServerType.WebListener, RuntimeArchitecture.x64, ApplicationType.Standalone)]
public async Task NtlmAuthentication(ServerType serverType, RuntimeArchitecture architecture, ApplicationType applicationType)
@ -70,66 +71,26 @@ namespace ServerComparison.FunctionalTests
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
Assert.Contains("NTLM", response.Headers.WwwAuthenticate.ToString());
Assert.Contains("Negotiate", response.Headers.WwwAuthenticate.ToString());
logger.LogInformation("Testing /RestrictedNTLM");
response = await httpClient.GetAsync("/RestrictedNTLM");
responseText = await response.Content.ReadAsStringAsync();
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
Assert.Contains("NTLM", response.Headers.WwwAuthenticate.ToString());
// Note IIS can't restrict a challenge to a specific auth type, the native auth modules always add themselves.
// However WebListener can.
if (serverType == ServerType.WebListener)
{
Assert.DoesNotContain("Negotiate", response.Headers.WwwAuthenticate.ToString());
}
else if (serverType == ServerType.IISExpress)
{
Assert.Contains("Negotiate", response.Headers.WwwAuthenticate.ToString());
}
*/
logger.LogInformation("Testing /Forbidden");
response = await httpClient.GetAsync("/Forbidden");
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
*/
logger.LogInformation("Enabling Default Credentials");
// Change the http client to one that uses default credentials
httpClient = deploymentResult.CreateHttpClient(new HttpClientHandler() { UseDefaultCredentials = true });
logger.LogInformation("Testing /AutoForbid");
response = await httpClient.GetAsync("/AutoForbid");
responseText = await response.Content.ReadAsStringAsync();
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
logger.LogInformation("Testing /Restricted");
response = await httpClient.GetAsync("/Restricted");
responseText = await response.Content.ReadAsStringAsync();
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal("Negotiate", responseText);
Assert.Equal("Authenticated", responseText);
logger.LogInformation("Testing /RestrictedNegotiate");
response = await httpClient.GetAsync("/RestrictedNegotiate");
responseText = await response.Content.ReadAsStringAsync();
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal("Negotiate", responseText);
logger.LogInformation("Testing /RestrictedNTLM");
if (serverType == ServerType.WebListener)
{
response = await httpClient.GetAsync("/RestrictedNTLM");
responseText = await response.Content.ReadAsStringAsync();
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal("NTLM", responseText);
}
else if (serverType == ServerType.IISExpress)
{
response = await httpClient.GetAsync("/RestrictedNTLM");
responseText = await response.Content.ReadAsStringAsync();
// This isn't a Forbidden because we authenticate with Negotiate and challenge for NTLM.
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
// Note IIS can't restrict a challenge to a specific auth type, the native auth modules always add themselves,
// so both Negotiate and NTLM get sent again.
}
logger.LogInformation("Testing /Forbidden");
response = await httpClient.GetAsync("/Forbidden");
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
}
catch (XunitException)
{

36
test/ServerComparison.TestSites/StartupNtlmAuthentication.cs
View File

@ -2,6 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
@ -41,46 +42,17 @@ namespace ServerComparison.TestSites
{
if (context.User.Identity.IsAuthenticated)
{
return context.Response.WriteAsync(context.User.Identity.AuthenticationType);
return context.Response.WriteAsync("Authenticated");
}
else
{
return context.Authentication.ChallengeAsync();
return context.ChallengeAsync();
}
}
if (context.Request.Path.Equals("/Forbidden"))
{
return context.Authentication.ForbidAsync(Microsoft.AspNetCore.Http.Authentication.AuthenticationManager.AutomaticScheme);
}
if (context.Request.Path.Equals("/AutoForbid"))
{
return context.Authentication.ChallengeAsync();
}
if (context.Request.Path.Equals("/RestrictedNegotiate"))
{
if (string.Equals("Negotiate", context.User.Identity.AuthenticationType, System.StringComparison.Ordinal))
{
return context.Response.WriteAsync("Negotiate");
}
else
{
return context.Authentication.ChallengeAsync("Negotiate");
}
}
if (context.Request.Path.Equals("/RestrictedNTLM"))
{
if (string.Equals("NTLM", context.User.Identity.AuthenticationType, System.StringComparison.Ordinal))
{
return context.Response.WriteAsync("NTLM");
}
else
{
return context.Authentication.ChallengeAsync("NTLM");
}
return context.ForbidAsync();
}
return context.Response.WriteAsync("Hello World");