views:

688

answers:

1

I am trying to write Watin tests for an intranet application that uses Integrated Authentication. The web page that I am trying to test prints Page.User.Identity.Name.

Here is some of the code from my test:

if (Win32.LogonUser(u.UserName, u.Domain, u.Password, 2 /*LOGON32_LOGON_INTERACTIVE*/, 0 /*LOGON32_PROVIDER_DEFAULT*/, out hToken))
            {
                if (Win32.DuplicateToken(hToken, 2, out hTokenDuplicate))
                {
                    WindowsIdentity windowsIdentity = new WindowsIdentity(hTokenDuplicate);
                    WindowsImpersonationContext impersonationContext = windowsIdentity.Impersonate();  

                    Console.WriteLine(WindowsIdentity.GetCurrent().Name);

                    using (IE ie = new IE(url))
                    {
                        Console.WriteLine(ie.ContainsText(u.UserName));
                        ie.AutoClose = false;
                    }

                    impersonationContext.Undo();
                }
            }

When I run this, it prints the user name that I am trying to impersonate to the console, but the web page displays the user that I am currently logged in as, not the user that I should be impersonating.

Similar issue found at:
http://stackoverflow.com/questions/922501/automated-testing-of-authorization-scenarios-implemented-with-azman

+2  A: 

Impersonation is tricky and I have never been able to get IE to run as another user context with WatiN. In the past I have deployed another version of the site being tested with basic authentication enabled and then logged in via the dialog.

Have a look at the following blogs for more info and sample code:

http://blogs.msdn.com/jimmytr/archive/2007/04/14/writing-test-code-with-impersonation.aspx

http://blogs.msdn.com/shawnfa/archive/2005/03/21/400088.aspx

Edit: I got this working today. the trick is that you need to separate the launching of IE and the automation of IE as you can't just do them both in one hit.

First launch ie using System.Diagnostics.Process. Once you have launched IE you can then use the code from here to attach and talk to IE using impersionation

Here is the code

    [TestMethod]
    public void TestMethod()
    {
        SecureString password = new SecureString();
        password.AppendChar('p');
        password.AppendChar('a');
        password.AppendChar('s');
        password.AppendChar('s');
        password.AppendChar('w');
        password.AppendChar('o');
        password.AppendChar('r');
        password.AppendChar('d');

        ProcessStartInfo psi = new ProcessStartInfo();
        psi.UserName = "localtest";
        psi.Password = password;
        psi.UseShellExecute = false;
        psi.LoadUserProfile = true;
        psi.FileName = "c:\\Program Files\\Internet Explorer\\iexplore.exe";
        psi.Arguments = "about:blank";

        Process proc = new Process();
        proc.StartInfo = psi;
        proc.Start();

        t.Join();

        proc.Kill(); 
    }

    private static void DoWorkAs(object o)
    {
        User u = o as User;


        IntPtr hToken = IntPtr.Zero;
        IntPtr hTokenDuplicate = IntPtr.Zero;

        if (Win32.LogonUser(u.UserName, u.Domain, u.Password, 2 /*LOGON32_LOGON_INTERACTIVE*/, 0 /*LOGON32_PROVIDER_DEFAULT*/, out hToken))
        {
            if (Win32.DuplicateToken(hToken, 2, out hTokenDuplicate))
            {
                WindowsIdentity windowsIdentity = new WindowsIdentity(hTokenDuplicate);
                WindowsImpersonationContext impersonationContext = windowsIdentity.Impersonate();

                // domain\username
                Console.WriteLine(" Thread 2 : " + WindowsIdentity.GetCurrent().Name);

                IE ie = IE.AttachToIE(Find.ByUrl("about:blank"));

                ie.GoTo(@"http://www.google.com/");
                ie.TextField(Find.ByName("q")).TypeText("WatiN");
                ie.Button(Find.ByName("btnG")).Click();

                Assert.IsTrue(ie.ContainsText("WatiN"));
                ie.GoTo("about:blank");

                //revert
                impersonationContext.Undo();
                Console.WriteLine(WindowsIdentity.GetCurrent().Name);
            }
        }
        if (hToken != IntPtr.Zero) Win32.CloseHandle(hToken);
        if (hTokenDuplicate != IntPtr.Zero) Win32.CloseHandle(hTokenDuplicate);
    }

    public class User
    {
        public User(string u, string d, string p)
        {
            Domain = d;
            UserName = u;
            Password = p;
        }
        public string UserName;
        public string Domain;
        public string Password;
    }
    public class Win32
    {
        // P/Invoke snask
        [DllImport("advapi32.dll", SetLastError = true)]
        public static extern bool LogonUser(
            string lpszUsername,
            string lpszDomain,
            string lpszPassword,
            int dwLogonType,
            int dwLogonProvider,
            out IntPtr phToken);

        [DllImport("advapi32.dll", SetLastError = true)]
        public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int
           SECURITY_IMPERSONATION_LEVEL, out IntPtr DuplicateTokenHandle);

        [DllImport("kernel32.dll", SetLastError = true)]
        public static extern bool CloseHandle(IntPtr hHandle);

    }

Thus code need a refactor, and won'work on Vista with IE7, because of an IE bug that was fixed in IE8.

Bruce McLeod
Thanks Bruce. This gave us a solution that allowed us to move forward. I would like to see WatiN add some sort of impersonation support in the future.
Bradley Landis