| public GetPasswordChallenge ( string requestId ) : string | ||
| requestId | string | |
| Результат | string | |
public string GetPasswordChallenge(string requestId)
{
if (requestId == null)
return null;
using (var generator = new RNGCryptoServiceProvider())
{
var challengeBytes = new byte[16];
generator.GetBytes(challengeBytes);
if (ChallengeCache.Contains(requestId))
{
ChallengeCache[requestId] = challengeBytes;
}
else
{
CacheItemPolicy policy = new CacheItemPolicy
{
AbsoluteExpiration = DateTimeOffset.Now.AddMinutes(10)
};
ChallengeCache.Add(requestId, challengeBytes, policy);
}
return EncodeToHexString(challengeBytes);
}
}
public void ValidateUserNameInvalidPassword()
{
var sawException = false;
var controller = new IdentityController();
// 1- Get a random password challenge string from the web service.
const string requestId = "ec609a4f";
var challengeString = controller.GetPasswordChallenge(requestId);
Assert.IsFalse(string.IsNullOrEmpty(challengeString));
try
{
// 2 - Hash the challenge string with an invalid password and ask the web service to validate the hash.
var result = controller.GetIsValid("JohnDoe", requestId, CreatePasswordHash("InvalidPassword", challengeString));
}
catch (HttpResponseException ex)
{
// 3- Verify that a 401 Status code was returned through the exception (handled by ASP.NET)
Assert.AreEqual(HttpStatusCode.Unauthorized, ex.Response.StatusCode);
sawException = true;
}
// Verify that authentication failed for invalid password
Assert.IsTrue(sawException);
}
