单元测试的安全模型的ClickOnce模型、单元测试、安全、ClickOnce
我摆弄周围要安装通过的ClickOnce应用程序 - 具有一定的最小权限。我想单元测试断言,我的应用程序不使用被通缉的安全策略不允许任何附加功能。
I am fiddling around trying to install an application via ClickOnce - with certain minimum permissions. I'd like to unit test to assert that my application does not use any additional functionality disallowed by the wanted security policy.
我在单元测试中可以指定我想用指定的清单来调节权限,打电话给我的库中,然后断言,没有安全抛出异常?
Can I in my unit test specify that I want to use the specified manifest to regulate permissions, make calls to my library and then assert that no security exceptions are thrown?
如果是这样,如何?
If so, how?
谢谢!
推荐答案
如果你想进行单元测试(单独测试),你必须
If you want to unit test (test in isolation) you have to
测试permissionLogic,你必须 在测试你的contrologic(即MVVM)使用权限的逻辑。测试安全管理器的permissionLogic
您可以提取permissionLogic一类自身使用方法
public class SecurityManager
{
bool IsAllowedToPrint(User user);
bool IsAllowedToAdminister(User user);
}
那么你就写单元测试
then you write unit tests
User user = CreateAdimistrator();
Assert.AreEqual(true, securityManager.IsAllowedToAdminister(user));
Contrologic(即MVVM)使用许可逻辑
创建一个模拟,安全管理器总是允许/禁止功能。 写单元测试控制器,如果它的反应如预期。
create a mock-SecurityManager that always allow/disallow functionality. and write unit tests for the controller if it reacts as expected.
var allowEverythingMock = CreateSecurityManagerMockThatAllowsEverything();
var mvvm = CreateMvvm(allowEverythingMock );
Assert.IsNotNull(mvvm.GetAdminGui());
我不舒尔如果有一个简单的方法来创建一个集成测试,其中点击一次 - 应用程序实际上使用了真正的安全管理器,结果得到验证。
I am not shure if there is an easy way to create an integration-test where Click-Once-App actually uses the real SecurityManager and the result gets verified.
这是什么,目标是获得更多的相关信息后的更新
Update after getting more infos on what the goal is
编写单元测试控制器,如果它的反应如预期。
write unit tests for the controller if it reacts as expected.
var controller = CreateCreate(Permission.Low);
try
{
// File io is not allowed with low permissions
controller.SaveTextAsFile("HellowWorld", @"c:\temp\UnittestResult.txt");
Assert.Fail("The Controller should have forbidden this");
} catch(PermissionException pex) {
// everything is ok. This specific exception was expected.
}
