tags:

views:

387

answers:

2
+5  Q: 

MSTEST PrincipalPermission

How do you unit test code decorated with the PrincipalPermission attribute?

For example, this works:

class Program
{
    static void Main(string[] args)
    {
        AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
        var c = new MyClass();
    }
}

[PrincipalPermission(SecurityAction.Demand, Role = @"BUILTIN\Users")]
class MyClass
{
    public MyClass()
    {
        Console.WriteLine("This works.");
    }
}

This throws a SecurityException:

[TestClass]
public class UnitTest1
{
    [TestInitialize]
    public void TestInitialize()
    {
        AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
    }

    [TestMethod]
    public void TestMethod1() 
    { 
        var c = new MyClass();
    }
}

Any ideas?

+1  A: 

You could try impersonating different users within the test method, if you run the code as an admin you could create a local user account inside the test (or test class) and delete it at the end.

Edit: Sorry, I imagined using impersonate to test a failure case - I should have read your question properly :) I have similar unit tests, and they are able to create local accounts within mstest. Whether this is good practice is another matter.

I see you already did as this page suggests: set the app domain's principal policy to "WindowsPrincipal". For me, Thread.CurrentPrincipal.Identity.Name gives my user name and the test passes using VS 2005 and VS 2008 targetting .NET 2.0, 3.0 & 3.5.

Are you running on Vista/Win7 with UAC and non elevated VS? Otherwise are you able to repro either on another machine, using a different group or by creating another local admin account on your machine and running the tests as this user?

Alex Peck  2009-07-09 20:17:17
When I run the test, the CurrentPrincipal has an unauthenticated GenericIdentity so I don't believe the test code would be able to create or delete a local account.
Mark Good  2009-07-09 20:50:32
I am running VS on XP as admin. Ray's suggestion worked, but left me with other security concerns. See the comments that I left Ray.
Mark Good  2009-07-10 13:52:54
+3  A: 

How about creating a GenericIdentity and attaching that to the Thread.CurrentPrincipal in your test like so:

[TestMethod]
public void TestMethod1() 
{ 
    var identity = new GenericIdentity("tester");
    var roles = new[] { @"BUILTIN\Users" };
    var principal = new GenericPrincipal(identity, roles);
    Thread.CurrentPrincipal = principal;

    var c = new MyClass();
}

For a fail test, you could:

[TestMethod]
[ExpectedException(typeof(SecurityException))] // Or whatever it's called in MsTest
public void TestMethod1() 
{ 
    var identity = new GenericIdentity("tester");
    var roles = new[] { @"BUILTIN\NotUsers" };
    var principal = new GenericPrincipal(identity, roles);
    Thread.CurrentPrincipal = principal;

    var c = new MyClass();
}
Ray Vernagus  2009-07-10 12:21:24
This worked, Ray, Thanks! But it seemed too easy to fake. Couldn't anyone claim to have the require role?
Mark Good  2009-07-10 12:51:39
Cool! Glad to help! It is just that easy in a full trust setting. Setting Thread.CurrentPrincipal requres special privleges, specifically, you need SecurityPermission of SecurityPermissionFlag.ControlPrincipal. See Keith Brown's book online: http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsThreadDotCurrentPrincipal.html
Ray Vernagus  2009-07-10 13:14:58
Very interesting article! But I have no way of knowing or controlling whether or not my users have the security permission to change CurrentPrincipal. Luckily, my application is a WCF service which I am guessing (and hoping), like the timer and thead pool, won't propagate the CurrentPrincipal.
Mark Good  2009-07-10 13:44:23

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?