diff --git a/test/ServerComparison.FunctionalTests/NtlmAuthenticationTest.cs b/test/ServerComparison.FunctionalTests/NtlmAuthenticationTest.cs index 1ce34d5a9a..fb6a1f2707 100644 --- a/test/ServerComparison.FunctionalTests/NtlmAuthenticationTest.cs +++ b/test/ServerComparison.FunctionalTests/NtlmAuthenticationTest.cs @@ -24,7 +24,8 @@ namespace ServerComparison.FunctionalTests [OSSkipCondition(OperatingSystems.Linux)] [OSSkipCondition(OperatingSystems.MacOSX)] [InlineData(ServerType.IISExpress, RuntimeArchitecture.x86, ApplicationType.Portable, Skip = "https://github.com/aspnet/Hosting/issues/601")] - [InlineData(ServerType.IISExpress, RuntimeArchitecture.x64, ApplicationType.Portable, Skip = "https://github.com/aspnet/IISIntegration/issues/1")] + [InlineData(ServerType.IISExpress, RuntimeArchitecture.x64, ApplicationType.Portable)] + [InlineData(ServerType.WebListener, RuntimeArchitecture.x86, ApplicationType.Portable, Skip = "https://github.com/aspnet/Hosting/issues/601")] [InlineData(ServerType.WebListener, RuntimeArchitecture.x64, ApplicationType.Portable)] [InlineData(ServerType.WebListener, RuntimeArchitecture.x64, ApplicationType.Standalone)] public async Task NtlmAuthentication(ServerType serverType, RuntimeArchitecture architecture, ApplicationType applicationType) @@ -70,66 +71,26 @@ namespace ServerComparison.FunctionalTests Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); Assert.Contains("NTLM", response.Headers.WwwAuthenticate.ToString()); Assert.Contains("Negotiate", response.Headers.WwwAuthenticate.ToString()); - - logger.LogInformation("Testing /RestrictedNTLM"); - response = await httpClient.GetAsync("/RestrictedNTLM"); - responseText = await response.Content.ReadAsStringAsync(); - Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); - Assert.Contains("NTLM", response.Headers.WwwAuthenticate.ToString()); - // Note IIS can't restrict a challenge to a specific auth type, the native auth modules always add themselves. - // However WebListener can. - if (serverType == ServerType.WebListener) - { - Assert.DoesNotContain("Negotiate", response.Headers.WwwAuthenticate.ToString()); - } - else if (serverType == ServerType.IISExpress) - { - Assert.Contains("Negotiate", response.Headers.WwwAuthenticate.ToString()); - } + */ logger.LogInformation("Testing /Forbidden"); response = await httpClient.GetAsync("/Forbidden"); Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode); - */ + logger.LogInformation("Enabling Default Credentials"); // Change the http client to one that uses default credentials httpClient = deploymentResult.CreateHttpClient(new HttpClientHandler() { UseDefaultCredentials = true }); - logger.LogInformation("Testing /AutoForbid"); - response = await httpClient.GetAsync("/AutoForbid"); - responseText = await response.Content.ReadAsStringAsync(); - Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode); - logger.LogInformation("Testing /Restricted"); response = await httpClient.GetAsync("/Restricted"); responseText = await response.Content.ReadAsStringAsync(); Assert.Equal(HttpStatusCode.OK, response.StatusCode); - Assert.Equal("Negotiate", responseText); + Assert.Equal("Authenticated", responseText); - logger.LogInformation("Testing /RestrictedNegotiate"); - response = await httpClient.GetAsync("/RestrictedNegotiate"); - responseText = await response.Content.ReadAsStringAsync(); - Assert.Equal(HttpStatusCode.OK, response.StatusCode); - Assert.Equal("Negotiate", responseText); - - logger.LogInformation("Testing /RestrictedNTLM"); - if (serverType == ServerType.WebListener) - { - response = await httpClient.GetAsync("/RestrictedNTLM"); - responseText = await response.Content.ReadAsStringAsync(); - Assert.Equal(HttpStatusCode.OK, response.StatusCode); - Assert.Equal("NTLM", responseText); - } - else if (serverType == ServerType.IISExpress) - { - response = await httpClient.GetAsync("/RestrictedNTLM"); - responseText = await response.Content.ReadAsStringAsync(); - // This isn't a Forbidden because we authenticate with Negotiate and challenge for NTLM. - Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); - // Note IIS can't restrict a challenge to a specific auth type, the native auth modules always add themselves, - // so both Negotiate and NTLM get sent again. - } + logger.LogInformation("Testing /Forbidden"); + response = await httpClient.GetAsync("/Forbidden"); + Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode); } catch (XunitException) { diff --git a/test/ServerComparison.TestSites/StartupNtlmAuthentication.cs b/test/ServerComparison.TestSites/StartupNtlmAuthentication.cs index d35a434c50..3b28151aac 100644 --- a/test/ServerComparison.TestSites/StartupNtlmAuthentication.cs +++ b/test/ServerComparison.TestSites/StartupNtlmAuthentication.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; +using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Logging; @@ -41,46 +42,17 @@ namespace ServerComparison.TestSites { if (context.User.Identity.IsAuthenticated) { - return context.Response.WriteAsync(context.User.Identity.AuthenticationType); + return context.Response.WriteAsync("Authenticated"); } else { - return context.Authentication.ChallengeAsync(); + return context.ChallengeAsync(); } } if (context.Request.Path.Equals("/Forbidden")) { - return context.Authentication.ForbidAsync(Microsoft.AspNetCore.Http.Authentication.AuthenticationManager.AutomaticScheme); - } - - if (context.Request.Path.Equals("/AutoForbid")) - { - return context.Authentication.ChallengeAsync(); - } - - if (context.Request.Path.Equals("/RestrictedNegotiate")) - { - if (string.Equals("Negotiate", context.User.Identity.AuthenticationType, System.StringComparison.Ordinal)) - { - return context.Response.WriteAsync("Negotiate"); - } - else - { - return context.Authentication.ChallengeAsync("Negotiate"); - } - } - - if (context.Request.Path.Equals("/RestrictedNTLM")) - { - if (string.Equals("NTLM", context.User.Identity.AuthenticationType, System.StringComparison.Ordinal)) - { - return context.Response.WriteAsync("NTLM"); - } - else - { - return context.Authentication.ChallengeAsync("NTLM"); - } + return context.ForbidAsync(); } return context.Response.WriteAsync("Hello World");