MSTEST PrincipalPermission

Question

How do you unit test code decorated with the PrincipalPermission attribute?

For example, this works:

class Program
{
    static void Main(string[]          


        

Answer 1

How about creating a GenericIdentity and attaching that to the Thread.CurrentPrincipal in your test like so:

[TestMethod]
public void TestMethod1() 
{ 
    var identity = new GenericIdentity("tester");
    var roles = new[] { @"BUILTIN\Users" };
    var principal = new GenericPrincipal(identity, roles);
    Thread.CurrentPrincipal = principal;

    var c = new MyClass();
}

For a fail test, you could:

[TestMethod]
[ExpectedException(typeof(SecurityException))] // Or whatever it's called in MsTest
public void TestMethod1() 
{ 
    var identity = new GenericIdentity("tester");
    var roles = new[] { @"BUILTIN\NotUsers" };
    var principal = new GenericPrincipal(identity, roles);
    Thread.CurrentPrincipal = principal;

    var c = new MyClass();
}

Answer 2

You could try impersonating different users within the test method, if you run the code as an admin you could create a local user account inside the test (or test class) and delete it at the end.

Edit: Sorry, I imagined using impersonate to test a failure case - I should have read your question properly :) I have similar unit tests, and they are able to create local accounts within mstest. Whether this is good practice is another matter.

I see you already did as this page suggests: set the app domain's principal policy to "WindowsPrincipal". For me, Thread.CurrentPrincipal.Identity.Name gives my user name and the test passes using VS 2005 and VS 2008 targetting .NET 2.0, 3.0 & 3.5.

Are you running on Vista/Win7 with UAC and non elevated VS? Otherwise are you able to repro either on another machine, using a different group or by creating another local admin account on your machine and running the tests as this user?