Skip to content

Instantly share code, notes, and snippets.

@logicbomb

logicbomb/gist:4236277

Created December 7, 2012 20:31
Show Gist options
  • Save logicbomb/4236277 to your computer and use it in GitHub Desktop.
Save logicbomb/4236277 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.cs
//set up fake it easy
var authService = A.Fake<IAuthenticationService>();
var connFactory = A.Fake<IDbConnectionFactory>();
var publisher = A.Fake<IPublisher>();
var identity = A.Fake<IUserIdentity>();
A.CallTo(() => identity.Claims).Returns(new List<string> {"Admin"});
A.CallTo(() => identity.UserName).Returns("[email protected]");
A.CallTo(()=>authService("[email protected]", "password")).Returns(new User{Id=1, Claims=new List<string> {"admin"});
A.CallTo(() => _authenticationService.GetUserFromIdentifier(Guid.Empty, null))
.WithAnyArguments()
.Returns(identity);
// set up forms auth
var cryptographyConfiguration = new CryptographyConfiguration(new RijndaelEncryptionProvider(new PassphraseKeyGenerator("SuperSecretPass", new byte[] {1, 2, 3, 4, 5, 6, 7, 8}, 1000)), DefaultHmacProvider(new PassphraseKeyGenerator("UberSuperSecure", new byte[] {1, 2, 3, 4, 5, 6, 7, 8}, 1000));
var config = new FormsAuthenticationConfiguration()
{
CryptographyConfiguration = cryptographyConfiguration,
RedirectUrl = "/login",
UserMapper = _authenticationService,
};
FormsAuthentication.Enable(A.Fake<IPipelines>(), config);
//bootstrap and browse
var bootstrapper = new ConfigurableBootstrapper(c => {
// I'm not sure what DisableAutoRegistration is all about, nothing is changes whether or not it's called
//c.DisableAutoRegistration();
c.Dependency<ICommandPublisher>(publisher);
c.Dependency<IDbConnectionFactory>(connFactory);
c.Dependency<IAuthenticationService>(authService);
c.Modules(new Type[] { typeof(LoginModule) });
});
bootstrapper.Initialise();
var browser = new Browser(bootstrapper);
var response = browser.Post("/login", with => {
with.HttpRequest();
with.FormValue("Email", "[email protected]");
with.FormValue("Password", "password");
}).Then.Get("/some-page-that-requires-admin-claims");
@logicbomb
Copy link
Author

This is all v0.11, so it's probably fixed but the above code is now generating an Object Reference Not Found exception:

at Nancy.Authentication.Forms.FormsAuthentication.EncryptAndSignCookie(String cookieValue, FormsAuthenticationConfiguration configuration)

at Nancy.Authentication.Forms.FormsAuthentication.BuildCookie(Guid userIdentifier, Nullable`1 cookieExpiry, FormsAuthenticationConfiguration configuration)

at Nancy.Authentication.Forms.FormsAuthentication.UserLoggedInRedirectResponse(NancyContext context, Guid userIdentifier, Nullable`1 cookieExpiry, String fallbackRedirectUrl)

at Nancy.Authentication.Forms.ModuleExtensions.LoginAndRedirect(NancyModule module, Guid userIdentifier, Nullable`1 cookieExpiry, String fallbackRedirectUrl)

@logicbomb
Copy link
Author

And here is the EncryptAndSignCookie method

private static string EncryptAndSignCookie(string cookieValue, FormsAuthenticationConfiguration configuration)
{
    var encryptedCookie = configuration.CryptographyConfiguration.EncryptionProvider.Encrypt(cookieValue);
    var hmacBytes = GenerateHmac(encryptedCookie, configuration);
    var hmacString = Convert.ToBase64String(hmacBytes);

    return String.Format("{1}{0}", encryptedCookie, hmacString);
 }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment