File: Negotiate\NegotiateStream_Http_Tests.4.1.0.cs
Web Access
Project: src\src\System.Private.ServiceModel\tests\Scenarios\Security\TransportSecurity\Security.TransportSecurity.IntegrationTests.csproj (Security.TransportSecurity.IntegrationTests)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
 
 
using Infrastructure.Common;
using System;
using System.Security.Cryptography.X509Certificates;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.ServiceModel.Security;
using Xunit;
 
public class NegotiateStream_Http_Tests : ConditionalWcfTest
{
    // The tests are as follows:
    //
    // NegotiateStream_*_AmbientCredentials
    //     Windows: This should pass by default without any code changes
    //       Linux: This should not pass by default 
    //              Run 'kinit user@DC.DOMAIN.COM' before running this test to use ambient credentials
    //              ('DC.DOMAIN.COM' must be in capital letters) 
    //              If previous tests were run, it may be necessary to run 'kdestroy -A' to remove all
    //              prior Kerberos tickets
    // 
    // NegotiateStream_*_With_ExplicitUserNameAndPassword
    //     Windows: Set the ExplicitUserName, ExplicitPassword, and NegotiateTestDomain TestProperties to a user valid on your Kerberos realm
    //       Linux: Set the ExplicitUserName, ExplicitPassword, and NegotiateTestDomain TestProperties to a user valid on your Kerberos realm
    //              If previous tests were run, it may be necessary to run 'kdestroy -A' to remove all
    //              prior Kerberos tickets
    // 
    // NegotiateStream_*_With_ExplicitSpn
    //     Windows: Set the NegotiateTestSPN TestProperties to match a valid SPN for the server 
    //       Linux: Set the NegotiateTestSPN TestProperties to match a valid SPN for the server 
    //   
    //     By default, the SPN is the same as the host's fully qualified domain name, for example, 
    //     'host.domain.com'
    //     On a Windows host, one has to register the SPN using 'setspn', or run the process as LOCAL SYSTEM.
    //     This can be done by setting the PSEXEC_PATH environment variable to point to the folder containing
    //     psexec.exe prior to starting the WCF self-host service. 
    // 
    // NegotiateStream_*_With_Upn
    //     Windows: Set the NegotiateTestUPN TestProperties to match a valid UPN for the server in the form of 
    //              'user@DOMAIN.COM'
    //       Linux: This scenario is not yet supported - dotnet/corefx#6606
    //
    // NegotiateStream_*_With_ExplicitUserNameAndPassword_With_Spn
    //     Windows: Set the NegotiateTestUPN TestProperties to match a valid UPN for the server
    //              Set the ExplicitUserName, ExplicitPassword, and NegotiateTestDomain TestProperties to a user valid on your Kerberos realm
    //       Linux: Set the NegotiateTestUPN TestProperties to match a valid UPN for the server
    //              Set the ExplicitUserName, ExplicitPassword, and NegotiateTestDomain TestProperties to a user valid on your Kerberos realm
    // 
    // NegotiateStream_*_With_ExplicitUserNameAndPassword_With_Upn
    //     Windows: Set the NegotiateTestUPN TestProperties to match a valid UPN for the server
    //              Set the ExplicitUserName, ExplicitPassword, and NegotiateTestDomain TestProperties to a user valid on your Kerberos realm
    //       Linux: This scenario is not yet supported - dotnet/corefx#6606
 
    // These tests are used for testing NegotiateStream (SecurityMode.Transport) 
 
    [WcfFact]
    [Condition(nameof(Windows_Authentication_Available),
               nameof(Root_Certificate_Installed),
               nameof(Ambient_Credentials_Available))]
    [OuterLoop]
    public static void NegotiateStream_Http_AmbientCredentials()
    {
        string testString = "Hello";
        string result = "";
        ChannelFactory<IWcfService> factory = null;
        IWcfService serviceProxy = null;
 
        try
        {
            // *** SETUP *** \\
            BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
 
            factory = new ChannelFactory<IWcfService>(
                binding,
                new EndpointAddress(Endpoints.Https_WindowsAuth_Address));
            serviceProxy = factory.CreateChannel();
 
            if (Environment.Version.Major == 5 && !OSID.AnyWindows.MatchesCurrent() && !TestProperties.GetProperty(TestProperties.ServiceUri_PropertyName).Contains("/"))
            {
                Assert.Throws<System.ServiceModel.ProtocolException>(() => { result = serviceProxy.Echo(testString); });
            }
            else
            {
                // *** EXECUTE *** \\
                result = serviceProxy.Echo(testString);
 
                // *** VALIDATE *** \\
                Assert.Equal(testString, result);
            }
 
            // *** CLEANUP *** \\
            ((ICommunicationObject)serviceProxy).Close();
            factory.Close();
        }
        finally
        {
            // *** ENSURE CLEANUP *** \\
            ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory);
        }
    }
 
    [WcfFact]
    [Condition(nameof(Windows_Authentication_Available),
               nameof(Root_Certificate_Installed),
               nameof(Explicit_Credentials_Available),
               nameof(Domain_Available))]
    [OuterLoop]
    // Test Requirements \\
    // The following environment variables must be set...
    //          "NegotiateTestRealm"
    //          "NegotiateTestDomain"
    //          "ExplicitUserName"
    //          "ExplicitPassword"
    //          "ServiceUri" (server running as machine context)
    public static void NegotiateStream_Http_With_ExplicitUserNameAndPassword()
    {
        string testString = "Hello";
        ChannelFactory<IWcfService> factory = null;
        IWcfService serviceProxy = null;
 
        try
        {
            // *** SETUP *** \\
            BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
            factory = new ChannelFactory<IWcfService>(
                binding,
                new EndpointAddress(Endpoints.Https_WindowsAuth_Address));
 
            factory.Credentials.Windows.ClientCredential.Domain = GetDomain();
            factory.Credentials.Windows.ClientCredential.UserName = GetExplicitUserName();
            factory.Credentials.Windows.ClientCredential.Password = GetExplicitPassword();
 
            serviceProxy = factory.CreateChannel();
 
            // *** EXECUTE *** \\
            string result = serviceProxy.Echo(testString);
 
            // *** VALIDATE *** \\
            Assert.Equal(testString, result);
 
            // *** CLEANUP *** \\
            ((ICommunicationObject)serviceProxy).Close();
            factory.Close();
        }
        finally
        {
            // *** ENSURE CLEANUP *** \\
            ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory);
        }
    }
 
    [WcfFact]
    [Condition(nameof(Windows_Authentication_Available),
              nameof(Root_Certificate_Installed),
              nameof(Explicit_Credentials_Available),
              nameof(Domain_Available))]
    [OuterLoop]
    // Test Requirements \\
    // The following environment variables must be set...
    //          "NegotiateTestRealm"
    //          "NegotiateTestDomain"
    //          "ExplicitUserName"
    //          "ExplicitPassword"
    //          "ServiceUri" (server running as machine context)
    public static void NegotiateStream_Http_With_ExplicitUserNameAndPasswordForNet50()
    {
        string testString = "Hello";
        ChannelFactory<IWcfService> factory = null;
        IWcfService serviceProxy = null;
 
        try
        {
            // *** SETUP *** \\
            BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
            string spn = GetSPN().ToLowerInvariant().Replace("host", "HTTP");
            factory = new ChannelFactory<IWcfService>(
                binding,
                new EndpointAddress(new Uri(Endpoints.Https_WindowsAuth_Address), new SpnEndpointIdentity(spn)));
 
            factory.Credentials.Windows.ClientCredential.Domain = GetDomain();
            factory.Credentials.Windows.ClientCredential.UserName = GetExplicitUserName();
            factory.Credentials.Windows.ClientCredential.Password = GetExplicitPassword();
 
            serviceProxy = factory.CreateChannel();
 
            // *** EXECUTE *** \\
            string result = serviceProxy.Echo(testString);
 
            // *** VALIDATE *** \\
            Assert.Equal(testString, result);
 
            // *** CLEANUP *** \\
            ((ICommunicationObject)serviceProxy).Close();
            factory.Close();
        }
        finally
        {
            // *** ENSURE CLEANUP *** \\
            ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory);
        }
    }
 
    [WcfFact]
    [Condition(nameof(Windows_Authentication_Available),
               nameof(Root_Certificate_Installed),
               nameof(SPN_Available))]
    [OuterLoop]
    // Test Requirements \\
    // The following environment variables must be set...
    //          "NegotiateTestRealm"
    //          "NegotiateTestDomain"
    //          "NegotiateTestSpn" (host/<servername>)
    //          "ServiceUri" (server running as machine context)
    public static void NegotiateStream_Http_With_ExplicitSpn()
    {
        string testString = "Hello";
        ChannelFactory<IWcfService> factory = null;
        IWcfService serviceProxy = null;
 
        try
        {
            // *** SETUP *** \\
            BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
            factory = new ChannelFactory<IWcfService>(
                binding,
                new EndpointAddress(
                    new Uri(Endpoints.Https_WindowsAuth_Address),
                    new SpnEndpointIdentity(GetSPN())
            ));
 
            serviceProxy = factory.CreateChannel();
 
            // *** EXECUTE *** \\
            string result = serviceProxy.Echo(testString);
 
            // *** VALIDATE *** \\
            Assert.Equal(testString, result);
 
            // *** CLEANUP *** \\
            ((ICommunicationObject)serviceProxy).Close();
            factory.Close();
        }
        finally
        {
            // *** ENSURE CLEANUP *** \\
            ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory);
        }
    }
 
    [WcfFact]
    [Issue(2805)]
    [Issue(25320, Repository = "dotnet/runtime")]
    [Condition(nameof(Windows_Authentication_Available),
               nameof(Root_Certificate_Installed),
               nameof(UPN_Available))]
    [OuterLoop]
    public static void NegotiateStream_Http_With_Upn()
    {
        string testString = "Hello";
        ChannelFactory<IWcfService> factory = null;
        IWcfService serviceProxy = null;
 
        try
        {
            // *** SETUP *** \\
            BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
            factory = new ChannelFactory<IWcfService>(
                binding,
                new EndpointAddress(
                    new Uri(Endpoints.Https_WindowsAuth_Address),
                    new UpnEndpointIdentity(GetUPN())
            ));
 
            serviceProxy = factory.CreateChannel();
 
            // *** EXECUTE *** \\
            string result = serviceProxy.Echo(testString);
 
            // *** VALIDATE *** \\
            Assert.Equal(testString, result);
 
            // *** CLEANUP *** \\
            ((ICommunicationObject)serviceProxy).Close();
            factory.Close();
        }
        finally
        {
            // *** ENSURE CLEANUP *** \\
            ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory);
        }
    }
 
    [WcfFact]
    [Condition(nameof(Windows_Authentication_Available),
               nameof(Root_Certificate_Installed),
               nameof(Explicit_Credentials_Available),
               nameof(Domain_Available),
               nameof(SPN_Available))]
    [OuterLoop]
    // Test Requirements \\
    // The following environment variables must be set...
    //          "NegotiateTestRealm"
    //          "NegotiateTestDomain"
    //          "ExplicitUserName"
    //          "ExplicitPassword"
    //          "NegotiateTestSpn" (host/<servername>)
    //          "ServiceUri" (server running as machine context)
    public static void NegotiateStream_Http_With_ExplicitUserNameAndPassword_With_Spn()
    {
        string testString = "Hello";
        ChannelFactory<IWcfService> factory = null;
        IWcfService serviceProxy = null;
 
        try
        {
            // *** SETUP *** \\
            BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
            factory = new ChannelFactory<IWcfService>(
                binding,
                new EndpointAddress(
                    new Uri(Endpoints.Https_WindowsAuth_Address),
                    new SpnEndpointIdentity(GetSPN())
            ));
 
            factory.Credentials.Windows.ClientCredential.Domain = GetDomain();
            factory.Credentials.Windows.ClientCredential.UserName = GetExplicitUserName();
            factory.Credentials.Windows.ClientCredential.Password = GetExplicitPassword();
 
            serviceProxy = factory.CreateChannel();
 
            // *** EXECUTE *** \\
            string result = serviceProxy.Echo(testString);
 
            // *** VALIDATE *** \\
            Assert.Equal(testString, result);
 
            // *** CLEANUP *** \\
            ((ICommunicationObject)serviceProxy).Close();
            factory.Close();
        }
        finally
        {
            // *** ENSURE CLEANUP *** \\
            ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory);
        }
    }
 
    [WcfFact]
    [Issue(2805)]
    [Issue(25320, Repository = "dotnet/runtime")]
    [Condition(nameof(Windows_Authentication_Available),
               nameof(Root_Certificate_Installed),
               nameof(Explicit_Credentials_Available),
               nameof(Domain_Available),
               nameof(UPN_Available))]
    [OuterLoop]
    public static void NegotiateStream_Http_With_ExplicitUserNameAndPassword_With_Upn()
    {
        string testString = "Hello";
        ChannelFactory<IWcfService> factory = null;
        IWcfService serviceProxy = null;
 
        try
        {
            // *** SETUP *** \\
            BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
            factory = new ChannelFactory<IWcfService>(
                binding,
                new EndpointAddress(
                    new Uri(Endpoints.Https_WindowsAuth_Address),
                    new UpnEndpointIdentity(GetUPN())
            ));
 
            factory.Credentials.Windows.ClientCredential.Domain = GetDomain();
            factory.Credentials.Windows.ClientCredential.UserName = GetExplicitUserName();
            factory.Credentials.Windows.ClientCredential.Password = GetExplicitPassword();
 
            serviceProxy = factory.CreateChannel();
 
            // *** EXECUTE *** \\
            string result = serviceProxy.Echo(testString);
 
            // *** VALIDATE *** \\
            Assert.Equal(testString, result);
 
            // *** CLEANUP *** \\
            ((ICommunicationObject)serviceProxy).Close();
            factory.Close();
        }
        finally
        {
            // *** ENSURE CLEANUP *** \\
            ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory);
        }
    }
}