HighTechTalks DotNet Forums  

Unit tests, need good advice ?

Go Back HighTechTalks DotNet Forums Dotnet Dotnet Security Unit tests, need good advice ?

Dotnet Security microsoft.public.dotnet.security


Discuss Unit tests, need good advice ? in the Dotnet Security forum.



Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old   
Claude Vernier
 
Posts: n/a

Default Unit tests, need good advice ? - 06-28-2004 , 05:08 AM





Hi all,

First, please excuse my english... don't hesitate to ask for more details...

I have a web service that need to be authenticated
to allow users to connect.

I'm building a Web Application to access this WS.
I want every one to be able to acces the application.

I tought, using this code to map outside user to a guest account:

if( System.Threading.Thread.CurrentPrincipal.Identity. IsAuthenticated )
{
_WS.Credentials = System.Net.CredentialCache.DefaultCredentials;
}
else
{
System.Net.NetworkCredential oCreds = new System.Net.NetworkCredential();
oCreds.Domain = "domain";
oCreds.UserName = "user";
oCreds.Password = "password";
_WS.Credentials = oCreds;
}


I have three problems/questions...

a) What do experienced people think of this solution.
b) I need to do Unit Test for this, can I simulate a not logged user ???
c) How should I make the password secure ??

Thanks you very much for any comments.
Claude Vernier


Reply With Quote
  #2  
Old   
Telmo Sampaio
 
Posts: n/a

Default Re: Unit tests, need good advice ? - 06-28-2004 , 10:35 PM





inline

Telmo Sampaio
tsampaio (AT) gmail (DOT) com

"Claude Vernier" <ClaudeVernier (AT) discussions (DOT) microsoft.com> wrote

Quote:
I have a web service that need to be authenticated
to allow users to connect.

I'm building a Web Application to access this WS.
I want every one to be able to acces the application.

if( System.Threading.Thread.CurrentPrincipal.Identity. IsAuthenticated )
{
_WS.Credentials = System.Net.CredentialCache.DefaultCredentials;
}
else
{
System.Net.NetworkCredential oCreds = new System.Net.NetworkCredential();
oCreds.Domain = "domain";
oCreds.UserName = "user";
oCreds.Password = "password";
_WS.Credentials = oCreds;
}


I have three problems/questions...

a) What do experienced people think of this solution.
Instead of IsAuthenticated I would simply pass the Default Credetials. This
way, if you have a non-authenticated user the Guest (IUSR_CN or whatever is
setup in IIS). This is more secure since it will not send your users'
password over the wire.
Quote:
b) I need to do Unit Test for this, can I simulate a not logged user ???
Yeah, use a computer or virtual computer not logged on the the domain and
access you web app.
Quote:
c) How should I make the password secure ??
Check (a) or use SSL.

Telmo Sampaio
tsampaio (AT) gmail (DOT) com




Reply With Quote
Reply

« Previous Thread | Next Thread »



Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.


Contact Us - HighTechTalks DotNet Forums - Archive - Top