ServerTests => Auth 2.0

This commit is contained in:
Hao Kung 2017-05-17 13:42:11 -07:00
parent 6cbc736f68
commit c4414c362f
2 changed files with 12 additions and 79 deletions

View File

@ -24,7 +24,8 @@ namespace ServerComparison.FunctionalTests
[OSSkipCondition(OperatingSystems.Linux)] [OSSkipCondition(OperatingSystems.Linux)]
[OSSkipCondition(OperatingSystems.MacOSX)] [OSSkipCondition(OperatingSystems.MacOSX)]
[InlineData(ServerType.IISExpress, RuntimeArchitecture.x86, ApplicationType.Portable, Skip = "https://github.com/aspnet/Hosting/issues/601")] [InlineData(ServerType.IISExpress, RuntimeArchitecture.x86, ApplicationType.Portable, Skip = "https://github.com/aspnet/Hosting/issues/601")]
[InlineData(ServerType.IISExpress, RuntimeArchitecture.x64, ApplicationType.Portable, Skip = "https://github.com/aspnet/IISIntegration/issues/1")] [InlineData(ServerType.IISExpress, RuntimeArchitecture.x64, ApplicationType.Portable)]
[InlineData(ServerType.WebListener, RuntimeArchitecture.x86, ApplicationType.Portable, Skip = "https://github.com/aspnet/Hosting/issues/601")]
[InlineData(ServerType.WebListener, RuntimeArchitecture.x64, ApplicationType.Portable)] [InlineData(ServerType.WebListener, RuntimeArchitecture.x64, ApplicationType.Portable)]
[InlineData(ServerType.WebListener, RuntimeArchitecture.x64, ApplicationType.Standalone)] [InlineData(ServerType.WebListener, RuntimeArchitecture.x64, ApplicationType.Standalone)]
public async Task NtlmAuthentication(ServerType serverType, RuntimeArchitecture architecture, ApplicationType applicationType) public async Task NtlmAuthentication(ServerType serverType, RuntimeArchitecture architecture, ApplicationType applicationType)
@ -70,66 +71,26 @@ namespace ServerComparison.FunctionalTests
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
Assert.Contains("NTLM", response.Headers.WwwAuthenticate.ToString()); Assert.Contains("NTLM", response.Headers.WwwAuthenticate.ToString());
Assert.Contains("Negotiate", response.Headers.WwwAuthenticate.ToString()); Assert.Contains("Negotiate", response.Headers.WwwAuthenticate.ToString());
*/
logger.LogInformation("Testing /RestrictedNTLM");
response = await httpClient.GetAsync("/RestrictedNTLM");
responseText = await response.Content.ReadAsStringAsync();
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
Assert.Contains("NTLM", response.Headers.WwwAuthenticate.ToString());
// Note IIS can't restrict a challenge to a specific auth type, the native auth modules always add themselves.
// However WebListener can.
if (serverType == ServerType.WebListener)
{
Assert.DoesNotContain("Negotiate", response.Headers.WwwAuthenticate.ToString());
}
else if (serverType == ServerType.IISExpress)
{
Assert.Contains("Negotiate", response.Headers.WwwAuthenticate.ToString());
}
logger.LogInformation("Testing /Forbidden"); logger.LogInformation("Testing /Forbidden");
response = await httpClient.GetAsync("/Forbidden"); response = await httpClient.GetAsync("/Forbidden");
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode); Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
*/
logger.LogInformation("Enabling Default Credentials"); logger.LogInformation("Enabling Default Credentials");
// Change the http client to one that uses default credentials // Change the http client to one that uses default credentials
httpClient = deploymentResult.CreateHttpClient(new HttpClientHandler() { UseDefaultCredentials = true }); httpClient = deploymentResult.CreateHttpClient(new HttpClientHandler() { UseDefaultCredentials = true });
logger.LogInformation("Testing /AutoForbid");
response = await httpClient.GetAsync("/AutoForbid");
responseText = await response.Content.ReadAsStringAsync();
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
logger.LogInformation("Testing /Restricted"); logger.LogInformation("Testing /Restricted");
response = await httpClient.GetAsync("/Restricted"); response = await httpClient.GetAsync("/Restricted");
responseText = await response.Content.ReadAsStringAsync(); responseText = await response.Content.ReadAsStringAsync();
Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal("Negotiate", responseText); Assert.Equal("Authenticated", responseText);
logger.LogInformation("Testing /RestrictedNegotiate"); logger.LogInformation("Testing /Forbidden");
response = await httpClient.GetAsync("/RestrictedNegotiate"); response = await httpClient.GetAsync("/Forbidden");
responseText = await response.Content.ReadAsStringAsync(); Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal("Negotiate", responseText);
logger.LogInformation("Testing /RestrictedNTLM");
if (serverType == ServerType.WebListener)
{
response = await httpClient.GetAsync("/RestrictedNTLM");
responseText = await response.Content.ReadAsStringAsync();
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal("NTLM", responseText);
}
else if (serverType == ServerType.IISExpress)
{
response = await httpClient.GetAsync("/RestrictedNTLM");
responseText = await response.Content.ReadAsStringAsync();
// This isn't a Forbidden because we authenticate with Negotiate and challenge for NTLM.
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
// Note IIS can't restrict a challenge to a specific auth type, the native auth modules always add themselves,
// so both Negotiate and NTLM get sent again.
}
} }
catch (XunitException) catch (XunitException)
{ {

View File

@ -2,6 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System; using System;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
@ -41,46 +42,17 @@ namespace ServerComparison.TestSites
{ {
if (context.User.Identity.IsAuthenticated) if (context.User.Identity.IsAuthenticated)
{ {
return context.Response.WriteAsync(context.User.Identity.AuthenticationType); return context.Response.WriteAsync("Authenticated");
} }
else else
{ {
return context.Authentication.ChallengeAsync(); return context.ChallengeAsync();
} }
} }
if (context.Request.Path.Equals("/Forbidden")) if (context.Request.Path.Equals("/Forbidden"))
{ {
return context.Authentication.ForbidAsync(Microsoft.AspNetCore.Http.Authentication.AuthenticationManager.AutomaticScheme); return context.ForbidAsync();
}
if (context.Request.Path.Equals("/AutoForbid"))
{
return context.Authentication.ChallengeAsync();
}
if (context.Request.Path.Equals("/RestrictedNegotiate"))
{
if (string.Equals("Negotiate", context.User.Identity.AuthenticationType, System.StringComparison.Ordinal))
{
return context.Response.WriteAsync("Negotiate");
}
else
{
return context.Authentication.ChallengeAsync("Negotiate");
}
}
if (context.Request.Path.Equals("/RestrictedNTLM"))
{
if (string.Equals("NTLM", context.User.Identity.AuthenticationType, System.StringComparison.Ordinal))
{
return context.Response.WriteAsync("NTLM");
}
else
{
return context.Authentication.ChallengeAsync("NTLM");
}
} }
return context.Response.WriteAsync("Hello World"); return context.Response.WriteAsync("Hello World");