I'm working on an MVC site that is using ASP.Net Identity for the log in piece.
There is a user table where the pk is an FK for another table (table 2). Because of this, the user cannot be deleted. As well, there are reports that are generated from table 2. This report displays the data from table 2 as long as the user name that generated the data. Another reason why deleting the user information should not be done.
So instead of deleting the user I thought I would add a column to the user table called "Deleted". It uses a bit datatype.
The column was added to my local copy of the database using code-first migrations. When the user logs on, this value is checked in this column is checked (0 = not deleted; 1 = deleted).
Everything was working great on my local machine. I had no errors, code ran fine. I was able to log in with any user. I then deployed to our test server and added the "Deleted" column to the table on the test SQL server using a script.
When I went to log in, with any user, I couldn't. I kept getting the "Error logging in. Please re-enter credentials and try again" even though my credentials were correct.
I deleted the files on the server and deployed again. Same thing.
I backed out all of my changes and deployed again and was able to log in.
So, I started adding things a piece at a time:
I ran the script to add a Deleted column with a bit datatype and set
to not null on our test SQL server
Tested logging in and was able to
Added public bool Deleted {get; set;} to my BL Entity and deployed to
test
Tried logging in and failed
Removed the Deleted bool and re-deployed
Was able to log in
I'm not understanding why this addition is causing issues. "Deleted" columns are used in other tables in the application and have not caused any issues. And because it's working fine when I run it locally I'm having a hard time determining what the issue is.
Here is my BL Entity:
using Microsoft.AspNet.Identity.EntityFramework;
using System;
using System.Collections.Generic;
namespace BlahBlah.BusinessLogic.Entities
{
public class User : IdentityUser
{
public User() : base() { }
public User(string username) : base(username) { }
public Guid CompanyId { get; set; }
public Company Company { get; set; }
public bool PrimaryAccount { get; set; }
public Guid DefaultCompanyId { get; set; }
public ICollection<Transaction> Transactions { get; set; }
// public bool Deleted { get; set; }
}
}
Here is a piece of my user.js code:
...
$http(call)
.success(function (data) {
userData.isAuthenticated = true;
userData.username = data.userName;
userData.role = data.role;
userData.bearerToken = data.access_token;
userData.expirationDate = new Date(data['.expires']);
setHttpAuthHeader();
if (typeof successCallback === 'function') {
successCallback();
}
})
.error(function (data) {
if (typeof errorCallback === 'function') {
if (data.error_description) {
errorCallback(data.error_description);
}
else {
errorCallback('Unable to contact server; please, try again later.');
}
}
});
};
...
Here is a piece of my login.js code:
...
function login(common, $location, config) {
var getLogFn = common.logger.getLogFn;
var log = getLogFn(controllerId);
var vm = this;
vm.title = 'Login';
vm.credentials = {
username: '',
password: ''
};
vm.hideError = true;
vm.errorMessage = 'xx.';
vm.login = function login() {
vm.hideError = true;
common.$broadcast(config.events.spinnerToggle, { show: true });
common.user.authenticate(vm.credentials.username, vm.credentials.password, onSuccessfullLogin, onFailedLogin);
};
...
function onFailedLogin(error) {
common.$broadcast(config.events.spinnerToggle, { show: false });
console.log('error ' + error);
vm.hideError = false;
}
...
Any ideas as to what is going on or how I can find out what is going on? Thanks for your time!
UPDATE
I shouldn't have gotten too excited. After performing some testing in the application I thought I would test the reports. Everything was working beautifully up until then. When I viewed a report I got the following error:
The model backing the 'BabDbContext' context has changed since the database was created. Consider using Code First Migrations to update the database
The reports are using SSRS. If I ran the script to create the column AND update the _Migrations table I'm not understanding why I'm getting this error. The stack trace points to the last line. I've read suggestions but where I need to add some code to the OnModelCreating method but I'm not sure if that's the way to go. There have been other deploys done by others prior to me so I'm missing something.
public class AbaDbContext : IdentityDbContext<User>, IDbContext
{
public const int UnknownCTId = 1;
private IEncryptionService _encryptionService;
private static Dictionary<Guid, string> _cipherCache = new Dictionary<Guid,string>();
public BabDbContext()
: base("BabDbContext")
{
((IObjectContextAdapter)this).ObjectContext.ObjectMaterialized += new ObjectMaterializedEventHandler(ObjectMaterialized);
It looks like your context is trying to run migrations on the production server and is failing due to either insufficient permissions or that the Deleted column already exists. Your options are:
Run your production migrations by creating a script. You can do this by running the following command:
Update-Database -Script
This will create a SQL script that yuo can run against your database to create the column and, critically, insert a row into the __MigrationHistory table that tells EF that it doesn't need to run migrations again.
Create a context initialiser that effectively disables migrations. Add a class that inherits from NullDatabaseInitializer<T>:
public class DisableMigrations : NullDatabaseInitializer<YourContext>
{
}
And in your production web.config:
<entityFramework>
<contexts>
<context type="YourNamespace.Domain.YourContext, YourNamespace.Domain">
<databaseInitializer
type="YourNamespace.Domain.DisableMigrations, YourNamespace.Domain"/>
</context>
</contexts>
</entityFramework>
I have junit testscript that creates different and unique ID. So when it finds an existing ID or a wrong Id I want the test script report via ANT to show that it is failed for following record but passed for the rest of the records that are correct.
#Test
public void testCreateTrade() throws Exception
driver.findElement(By.id("VIN")).clear();
driver.findElement(By.id("VIN")).sendKeys(vVin);
String str = driver.getCurrentUrl();
if(str.contains("step1")) // for existing ID
{
driver.findElement(By.cssSelector("body > div.bootbox.modal.in > div.modal-footer > a.btn.null")).click();
break;
}
driver.findElement(By.id("mileage")).sendKeys(vMileage);
driver.findElement(By.id("odometerType")).sendKeys(vKm);
driver.findElement(By.id("passengers")).sendKeys(vPassengers);
driver.findElement(By.id("exteriorColor")).sendKeys(vExterior);
driver.findElement(By.id("interiorColor")).sendKeys(vInterior);
driver.findElement(By.id("hasAccident")).sendKeys(vAccident);
driver.findElement(By.id("dealerSalesPerson")).sendKeys(vSalesPerson);
driver.findElement(By.id("step3btn")).click();
Thread.sleep(1000);
String str3 = driver.getCurrentUrl();
if(str3.contains("step2")) // Loop for wrong ID
{
driver.findElement(By.linkText("Create")).click();
driver.findElement(By.xpath("html/body/div[7]/div[2]/a[1]")).click();
//System.out.println("Is a wrong Vin"+vVin);
break;
}
driver.findElement(By.id("step4btn")).click();
driver.findElement(By.id("windshieldCondition")).sendKeys(vWindshield);
driver.findElement(By.id("tireCondition")).sendKeys(vTire);
driver.findElement(By.id("accidentBrand3")).sendKeys(vAcBrand);
driver.findElement(By.id("confirmedParked")).click();
If you want a single test case to continue running after it "fails" and then report its exceptions at the end, use ErrorCollector.
#RunWith(JUnit4.class) public class YourTestClass {
#Rule public ErrorCollector errorCollector = new ErrorCollector();
#Test public void yourTest() {
// ... (your setup)
for (Record record : expectedRecords) {
if (dataSource.hasRecord(record.getId())) {
Record fetchedRecord = dataSource.getRecord(record.getId());
errorCollector.checkThat(record, matchesRecordValuesOf(record));
} else {
errorCollector.addError(new IllegalStateException(""));
}
}
}
}
Note, however, that it's always preferable to test exactly one thing per unit test. Here it may make sense, but don't overuse ErrorCollector where refactoring and splitting the test makes more sense.
I have a ASP.NET MVC website that uses Windows Authentication to control access. I would like to have a specflow selenium test that checks the configuration is correct by attempting to visit the site as a non-authorised user.
As we're using domain accounts to control access there isn't a username/password login screen. The credentials of the current user are automatically passed to the site by the browser.
So for my Selenium test I need to be able to run Internet Explorer as a specific user.
I have found a number of articles about windows impersonation and I can switch to my test user during the running of the test (using the code from http://support.microsoft.com/kb/306158). However if I then create an InternetExplorerDriver it starts internet explorer with my credentials rather than the test user's (although this question and answer suggests that it should work https://sqa.stackexchange.com/questions/2277/using-selenium-webdriver-with-windows-authentication).
I can also explicitly start an Internet Explorer process as my test user, but I can't see a way of binding an InternetExplorerDriver to an already running Internet Explorer process, so this may be a dead end.
My code, basically taken from the MSDN page above is below. In the debugger I can see that WindowsIdentity.GetCurrent().Name is "testUser" in all the steps of the test.
namespace MyProject.Specs
{
using NUnit.Framework;
using OpenQA.Selenium;
using OpenQA.Selenium.IE;
using System;
using System.Runtime.InteropServices;
using System.Security.Principal;
using TechTalk.SpecFlow;
[Binding]
public class AuthorisationSteps
{
public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_PROVIDER_DEFAULT = 0;
private static WindowsImpersonationContext impersonationContext;
private static IWebDriver driver;
[BeforeScenario]
public static void impersonateUser()
{
if (!impersonateValidUser("testUser", "testDomain", "password"))
{
throw new Exception();
}
driver = new InternetExplorerDriver();
}
[AfterScenario]
public static void cleanupUser()
{
undoImpersonation();
driver.Quit();
}
[Given(#"I am an unauthorised user")]
public void GivenIAmAnUnauthorisedUser()
{
var temp = WindowsIdentity.GetCurrent().Name;
}
[When(#"I go to the home page")]
public void WhenIGoToTheHomePage()
{
var temp = WindowsIdentity.GetCurrent().Name;
driver.Navigate().GoToUrl(BaseUrl);
}
[Then(#"I should see an error page")]
public void ThenIShouldSeeAnErrorPage()
{
var temp = WindowsIdentity.GetCurrent().Name;
Assert.That(driver.Title.Contains("Error"));
}
[DllImport("advapi32.dll")]
public static extern int LogonUserA(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern int DuplicateToken(IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool RevertToSelf();
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);
private static bool impersonateValidUser(String userName, String domain, String password)
{
WindowsIdentity tempWindowsIdentity;
var token = IntPtr.Zero;
var tokenDuplicate = IntPtr.Zero;
if (RevertToSelf())
{
if (LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0)
{
if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
return true;
}
}
}
}
if (token != IntPtr.Zero)
{
CloseHandle(token);
}
if (tokenDuplicate != IntPtr.Zero)
{
CloseHandle(tokenDuplicate);
}
return false;
}
private static void undoImpersonation()
{
impersonationContext.Undo();
}
}
}
We have many enterprise clients that use Windows Authentication for intranet facing applications and we are starting to run many Selenium tests for confirmation, regression, etc.
We've taken the helpful code from Steven's answer and refactored it into a re-usable class similar to other Impersonate posts that just weren't working for us because we wanted the tests to work both locally in development and deployed as part of the Visual Studio Team System release process.
The uri method was not working locally and neither were impersonating methods using Win32 native methods.
This one worked so here it is.
Example of a test using Steven's code refactored into a helper
[TestMethod]
public void ThisApp_WhenAccessedByUnathorizedUser_ShouldDisallowAccess()
{
string userName = "ThisAppNoAccess";
string password = "123456";
string domainName = Environment.MachineName;
using (new Perkins.Impersonator(userName, domainName, password))
{
// - Use Remote Web Driver to hook up the browser driver instance launched manually.
using (var driver = new RemoteWebDriver(new Uri("http://localhost:9515"), DesiredCapabilities.Chrome()))
{
var desiredUri = Helper.Combine(Helper.BaseURL, "/ThisApp/#/appGrid");
TestContext.WriteLine("desiredUri: {0}", desiredUri);
driver.Navigate().GoToUrl(desiredUri);
Helper.WaitForAngular(driver);
var noPermissionNotificationElement = driver.FindElementByXPath("//div[#ng-show='!vm.authorized']/div/div/div/p");
var showsNoPermissionNotification = noPermissionNotificationElement.Text.Contains("You do not have permissions to view ThisApp.");
Assert.AreEqual(true, showsNoPermissionNotification, "The text `You do not have permissions to view ThisApp.` is not being displayed!");
}
}
}
The helper class
// Idea from http://stackoverflow.com/a/34406336/16008
// - Launch the browser driver manually with other user's credentials in background
public class Perkins
{
public class Impersonator : IDisposable
{
Process _driverProcess = null;
string _driverPath = #"chromedriver.exe";
/// <summary>
/// Impersonates the specified user account by launching the selenium server under that account. Connect to it via RemoteWebDriver and localhost on port 9515.
/// </summary>
/// <remarks>
/// We may later want to enhance this by allowing for different ports, etc.
/// </remarks>
/// <param name="userName">Name of the user</param>
/// <param name="domainName">Name of the domain or computer if using a local account.</param>
/// <param name="password">The password</param>
public Impersonator(string userName, string domainName, string password)
{
ProcessStartInfo processStartInfo = new ProcessStartInfo(_driverPath);
processStartInfo.UserName = userName;
System.Security.SecureString securePassword = new System.Security.SecureString();
foreach (char c in password)
{
securePassword.AppendChar(c);
}
processStartInfo.Password = securePassword;
processStartInfo.Domain = domainName; // this is important, mcollins was getting a 'stub received bad data' without it, even though rglos was not
processStartInfo.UseShellExecute = false;
processStartInfo.LoadUserProfile = true; // this seemed to be key, without this, I get Internal Server Error 500
Thread startThread = new Thread(() =>
{
_driverProcess = Process.Start(processStartInfo);
_driverProcess.WaitForExit();
})
{ IsBackground = true };
startThread.Start();
}
public void Dispose()
{
// - Remember to close/exit/terminate the driver process and browser instance when you are done.
if (_driverProcess != null)
{
// Free managed resources
if (!_driverProcess.HasExited)
{
_driverProcess.CloseMainWindow();
_driverProcess.WaitForExit(5000);
// Kill the process if the process still alive after the wait
if (!_driverProcess.HasExited)
{
_driverProcess.Kill();
}
_driverProcess.Close();
}
_driverProcess.Dispose();
_driverProcess = null;
}
}
}
}
Perhaps this will help someone else with the same issue.
This is in fact possible. I ran into the exact problem you had. Basically, here are the steps you need to do.
Launch the browser driver manually with other user's credentials in background
Process driverProcess;
string driverPath; // The path to Selenium's IE driver.
ProcessStartInfo info = new ProcessStartInfo(driverPath)
{
UserName = "UserName", // The user name.
Password = new SecureString(), // The password for the user.
UseShellExecute = false,
LoadUserProfile = true,
Arguments = "about:blank"
};
// Start the driver in background thread
Thread startThread = new Thread(
() => {
try
{
driverProcess = Process.Start(info);
driverProcess.WaitForExit();
}
catch
{
// Close the process.
}
})
{
IsBackground = true
};
startThread.Start();
Use Remote Web Driver to hook up the browser driver instance launched manually.
var remoteDriver = new RemoteWebDriver(Uri("http://localhost:5555"), DesiredCapabilities.InternetExplorer());
Remember to close/exit/terminate the driver process and browser instance when you are done.
// Close the process when done.
if (driverProcess != null)
{
// Free managed resources
if (!driverProcess.HasExited)
{
driverProcess.CloseMainWindow();
driverProcess.WaitForExit(5000);
// Kill the process if the process still alive after the wait
if (!driverProcess.HasExited)
{
driverProcess.Kill();
}
driverProcess.Close();
}
driverProcess.Dispose();
driverProcess = null;
}
This similar question links to this Microsoft support article. Essentially you need
System.Security.Principal.WindowsImpersonationContext impersonationContext;
impersonationContext =
((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
IWebDriver webDriver = new InternetExplorerDriver();
// do your stuff here.
impersonationContext.Undo();
There's additional code in the support article about impersonating a specific user.
Do you have a couple of old PCs? Or the capacity for some virtual machines?
If so, build a Selenium Grid set-up, and configure one to automatically login as the desired domain user and one as a non-domain user.
http://code.google.com/p/selenium/wiki/Grid2
I was having same problem when I was doing automation project for web based application which required window authentication. However, I have achieved this with using firefox, following are the steps to achieve it.
FIREFOX SETUP
OPEN RUN DIALOG OF YOUR SYSTEM AND TYPE 'firefox.exe -p' (CLOSE YOUR FIREFOX BROWSER BEFORE RUNNING THIS COMMAND) http://www.wikihow.com/Create-a-Firefox-Profile
CLICK ON CREATE PROFILE AND GIVE A NAME AS REQURIED
SELECT CREATED PROFILE AND START BROWSER AND OPEN ADD-ONS MANAGER (TOOLS - ADD-ONS)
SEARCH FOR 'AutoAuth' AND INSTALL IT. IT WILL ASK FOR RESTART, DO IT
ONCE THE FIREFOX IS RESTARTED, THAN OPEN URL IT WILL ASK YOU FOR AUTHENTICATION
ENTER USERNAME AND PASSWORD - SUBMIT IT, FIREFOX WILL ASK YOU TO REMEMBER THE PASSWORD
CLICK ON REMEMBER AND IT WILL SAVE THE PASSWORD IN FIREFOX PROFILE
COPY CREATED FIREFOX PROFILE AND SAVE IT TO REQUIRED FOLDER
IN YOUR SELENIUM SCRIPT CALL ABOVE CREATED PROFILE WITH FIREFOX DRIVER AND PASS THE SAME URL, IT WILL NOT ASK FOR AUTHENTICATION DIALOG
This is working very successfully in my project.
We use https://stackoverflow.com/a/31540010/3489693 approach for IE and Chrome over 2 years. It works fine
So it seems the problem that the question is trying to circumvent has to do with NTLM Auto Login. See Google Chrome and NTLM Auto Login Using Windows Authentication
The solutions above did not work for me since the auto-login would successfully authenticate with any user on my system, so it didn't matter which user I used for impersonation.
However, I noticed that you can outsmart auto-login by replacing localhost with any other domain name, such as the local IP address. No impersonation required :)
This may / may not work.
Try to launch your site in "CHROME".
Hit F-12, go to Application Tab -> Cookies -> Click on your site link. on left hand side look for something that represent your session id, may be JSESSIONID or similar that represents user's session, copy that.
Now open your Internet Explorer,
hit F-12 and manually create that JSESSIONID ( or similar key ) by running this command in console window
document.cookie = "JSESSIONID=your-session-id-from-chrome"
hit play button to execute script
Refresh your browser
I'm trying out the specFlow assist and not sure how would one create class property from table.
Imagine I have this class:
public class Tracking
{
public string Category { get; set; }
}
public class ODARequest
{
public string Title { get; set; }
public string Name { get; set; }
public Tracking Tracking { get; set; }
}
My Given scenario is next:
Scenario: Successfully create an account
Given I have entered the following data into the ODA form:
| Field | Value |
| Title | Mr |
| Name | Andy |
| Tracking Category | MDA |
public void GivenIHaveEnteredTheFollowingDataIntoTheODAForm(Table table)
{
var request = table.CreateInstance<ODARequest>();
}
The Tracking property will not be populated. Anyone know how to describe Tracking.Category in the table for this situation?
I haven't been able to find a way of getting specflow to map "CreateInstance" to non-standard data types properties.
However, in this case you could at least use a StepArgumentTransformation as follows:
[Given(#"I have entered the following data into the ODA form:")]
public void GivenIHaveEnteredTheFollowingDataIntoTheODAForm(ODARequest request)
{
Assert.IsNotNull(request.Tracking);
}
[StepArgumentTransformation(#".*")]
public ODARequest StringToTracking(Table input)
{
return new ODARequest() {
Title = input.Rows.Single(row => row["Title"])["value"],
Name = input.Rows.Single(row => row["Name"])["value"],
Tracking = new Tracking()
{ Category = input.Rows.Single(row => row["Field"] == "Tracking Category")["Value"] }
};
}
With a little work you could tidy the stepargumenttransformation up to accept each parameter as optional (rather than having "single()" throw if it is omitted).
I feel like there really ought to be a better way to do this, more like your original suggested code.
Hope this is helpful.
I've been hitting this problem and been thinking how to do it with a single step.
Scenario: Successfully create an account
Given I have entered the following data into the ODA form:
|Title | Name | Category|
| Mr | Andy | MDA |
public void GivenIHaveEnteredTheFollowingDataIntoTheODAForm(Table table)
{
var request = table.CreateInstance<ODARequest>();
request.Tracking = table.CreateInstance<Tracking>();
}
How it works:
You may call "CreateInstance" for each complex property you have so specflow will create you an instance. So you can have a single table with properties from different types.
By doing so you won't need a different step and the need of sharing data between the steps.
The drawback is that you may end up with a huge table if your class has a lot of properties with different types.
Note: As #Alex M commented it there is a risk when the classes are having a property with same name. What will happen actually is that both instances will get the same value due to the property name match on both classes.
Another possibility without modifying the specflow assist itself is to separate the subclass properties into separate Given.
Can be as per below example:
Scenario: Successfully create an account
Given I have entered the following data into the ODA form:
| Field | Value |
| Title | Mr |
| Name | Andy |
And the tracking info as:
| Tracking Category | MDA |
then my step definitions would be as:
[Given(#"I have entered the following data into the ODA form:")]
public void GivenIHaveEnteredTheFollowingDataIntoTheODAForm(Table table)
{
var request = table.CreateInstance<ODARequest>();
ScenarioContext.Current.Set(request, "request");
}
[Given(#"the tracking info as:")]
public void GivenTheTrackingInfoAs(Table table)
{
var request = ScenarioContext.Current.Get<ODARequest>("request");
request.TrackingFields = table.CreateInstance<Tracking>();
}
Otherwise the possibility is to contribute to specflow assist development.
I'm new to Grails, and having a problem that is no doubt trivial, but I cannot find anything online!
I have a class:
package lib
class Login {
String name
String email
String password
String phonenumber
static constraints = {
}
}
In my Bootstrap file I create two instances of this class:
new Login(email:"tom", password:"password1")
new Login(email:"ian", password:"password2")
Now I have set up a Login form and I am trying to loop over these values and do something if they match:
def submit() {
def result = Login.findAll { email == params.email && password == params.password }
if (result.size() > 0) {
println "good login"
}
else {
println "bad login"
}
// some other stuff
}
The problem is that it is printing "bad login" every time, every when the entered email and password match those declared in the Bootstrap file. It's probably just a misunderstanding on my end, but I can't figure it out!
Thanks.
phonenumber and name are null in your initialisation. Therefore the users cannot be persisted in your bootstrap.groovy. Double check, that save works:
def login1 = new Login(..)
if (!login1.save()) {
log.error("Login cannot be persisted: " + login1.errors);
}