Fix issue with 401->403 not working with AutomaticAuthentication

2015-05-22 14:48:24 -07:00 · 2015-05-22 14:48:24 -07:00 · e54d088c46
parent 76bd1a2f17
commit e54d088c46
3 changed files with 19 additions and 4 deletions
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@ -99,6 +99,7 @@ namespace Microsoft.AspNet.Authentication.Cookies

                await Options.Notifications.ValidatePrincipal(context);

+                AuthenticateCalled = true;
                return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
            }
            catch (Exception exception)
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@ -59,7 +59,8 @@ namespace Microsoft.AspNet.Authentication
            get { return _baseOptions; }
        }

-        internal bool AuthenticateCalled { get; set; }
+        // REVIEW: Overriding Authenticate and not calling base requires manually calling this for 401-403 to work
+        protected bool AuthenticateCalled { get; set; }

        public IAuthenticationHandler PriorHandler { get; set; }

--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@ -443,19 +443,27 @@ namespace Microsoft.AspNet.Authentication.Cookies
            Assert.True(transaction1.SetCookie.Contains("path=/base"));
        }

-        [Fact]
-        public async Task CookieTurns401To403IfAuthenticated()
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public async Task CookieTurns401To403IfAuthenticated(bool automatic)
        {
            var clock = new TestClock();
            var server = CreateServer(options =>
            {
+                options.AutomaticAuthentication = automatic;
                options.SystemClock = clock;
            }, 
            SignInAsAlice);

            var transaction1 = await SendAsync(server, "http://example.com/testpath");

-            var transaction2 = await SendAsync(server, "http://example.com/unauthorized", transaction1.CookieNameValue);
+            var url = "http://example.com/unauthorized";
+            if (automatic)
+            {
+                url += "auto";
+            }
+            var transaction2 = await SendAsync(server, url, transaction1.CookieNameValue);

            transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
        }
@ -547,6 +555,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
                        var result = await context.Authentication.AuthenticateAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                        context.Authentication.Challenge(CookieAuthenticationDefaults.AuthenticationScheme);
                    }
+                    else if (req.Path == new PathString("/unauthorizedauto"))
+                    {
+                        // Simulate Authorization failure 
+                        context.Authentication.Challenge(CookieAuthenticationDefaults.AuthenticationScheme);
+                    }
                    else if (req.Path == new PathString("/protected/CustomRedirect"))
                    {
                        context.Authentication.Challenge(new AuthenticationProperties() { RedirectUri = "/CustomRedirect" });