From 688065a02bf3966987a2ef79976976c69051046c Mon Sep 17 00:00:00 2001
From: Dmitry Harnitski <dmitry@brainjocks.com>
Date: Thu, 7 May 2015 10:59:10 -0400
Subject: [PATCH 1/6] upgrade xUnit to 2.0.0 in order to support [Theory] add
 HTTP header Authentication for secure token stored in config file

---
 .../AccessTokenAuthoriser.cs                  |  74 ++++++++++
 .../Contracts/ICheckRequests.cs               |   6 +-
 .../Domain/PackageInstallationSettings.cs     |   3 +
 .../HttpRequestAuthoriser.cs                  |   8 ++
 .../Sitecore.Ship.Core.csproj                 |   1 +
 .../PackageInstallationConfiguration.cs       |   4 +
 ...ackageInstallationConfigurationProvider.cs |   3 +-
 .../Web/HttpRequestChecker.cs                 |   8 +-
 ...itecore.Ship.AspNet.Web.Accept.Test.csproj |   6 +-
 .../packages.config                           |   2 +-
 .../App.config                                |   2 +-
 .../PackageInstallationConfigurationTests.cs  |   6 +
 ...ecore.Ship.Infrastructure.Intg.Test.csproj |  19 ++-
 .../packages.config                           |   8 +-
 .../Sitecore.Ship.AspNet.Test.csproj          |  19 ++-
 .../Sitecore.Ship.AspNet.Test/packages.config |   8 +-
 .../AccessTokenAuthoriserBehaviour.cs         | 128 ++++++++++++++++++
 ...s.cs => HttpRequestAuthoriserBehaviour.cs} |   0
 .../AccessTokenAuthoriserLoggingBehaviour.cs  |  80 +++++++++++
 .../HttpRequestAuthoriserLoggingBehaviour.cs  |  14 --
 .../Sitecore.Ship.Core.Test.csproj            |  24 ++--
 .../Sitecore.Ship.Core.Test/packages.config   |   8 +-
 .../Sitecore.Ship.Test.csproj                 |  19 ++-
 .../Sitecore.Ship.Test/packages.config        |   8 +-
 24 files changed, 402 insertions(+), 56 deletions(-)
 create mode 100644 src/Sitecore.Ship.Core/AccessTokenAuthoriser.cs
 create mode 100644 tests/unit-test/Sitecore.Ship.Core.Test/HttpRequestAuthoriser/AccessTokenAuthoriserBehaviour.cs
 rename tests/unit-test/Sitecore.Ship.Core.Test/HttpRequestAuthoriser/{HttpRequestAuthoriserTests.cs => HttpRequestAuthoriserBehaviour.cs} (100%)
 create mode 100644 tests/unit-test/Sitecore.Ship.Core.Test/HttpRequestAuthoriser/Logging/AccessTokenAuthoriserLoggingBehaviour.cs

diff --git a/src/Sitecore.Ship.Core/AccessTokenAuthoriser.cs b/src/Sitecore.Ship.Core/AccessTokenAuthoriser.cs
new file mode 100644
index 0000000..0882d14
--- /dev/null
+++ b/src/Sitecore.Ship.Core/AccessTokenAuthoriser.cs
@@ -0,0 +1,74 @@
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Text;
+using Sitecore.Ship.Core.Contracts;
+using Sitecore.Ship.Core.Domain;
+
+namespace Sitecore.Ship.Core
+{
+    public class AccessTokenAuthoriser : IAuthoriser
+    {
+        private readonly ICheckRequests _checkRequests;
+        private readonly PackageInstallationSettings _packageInstallationSettings;
+        private readonly ILog _logger;
+
+        private const string AuthorizationHeaderKey = "Authorization";
+
+        public AccessTokenAuthoriser(ICheckRequests checkRequests,
+            PackageInstallationSettings packageInstallationSettings, ILog logger)
+        {
+            if (checkRequests == null) 
+                throw new ArgumentNullException("checkRequests");
+            if (packageInstallationSettings == null) 
+                throw new ArgumentNullException("packageInstallationSettings");
+
+            _checkRequests = checkRequests;
+            _packageInstallationSettings = packageInstallationSettings;
+            _logger = logger;
+        }
+
+        public bool IsAllowed()
+        {
+            if (!_packageInstallationSettings.TokenRequired)
+                return true;
+
+            if (_checkRequests.Headers == null || !_checkRequests.Headers.AllKeys.Contains(AuthorizationHeaderKey))
+            {
+                LogAccessDenial(AuthorizationHeaderKey + " header missing");
+                return false;
+            }
+
+            var allAuthorizationHeadervalues = _checkRequests.Headers.GetValues(AuthorizationHeaderKey);
+
+// ReSharper disable once AssignNullToNotNullAttribute
+            string bearerHeader = allAuthorizationHeadervalues.FirstOrDefault(authorizationHeader => authorizationHeader.StartsWith("bearer", StringComparison.InvariantCultureIgnoreCase));
+
+            if (bearerHeader == null)
+            {
+                LogAccessDenial("Bearer authentication scheme required");
+                return false;
+            }
+
+            var token = bearerHeader.Substring(6).Trim();
+
+            var success = token == _packageInstallationSettings.AccessToken;
+
+            if (!success)
+            {
+                LogAccessDenial("Wrong Authentication Token");
+            }
+
+            return success;
+        }
+
+        private void LogAccessDenial(string diagnostic)
+        {
+            if (!_packageInstallationSettings.MuteAuthorisationFailureLogging)
+            {
+                _logger.Write(string.Format("Sitecore.Ship access denied: {0}", diagnostic));
+            }
+        }
+    }
+}
diff --git a/src/Sitecore.Ship.Core/Contracts/ICheckRequests.cs b/src/Sitecore.Ship.Core/Contracts/ICheckRequests.cs
index e5742f1..b338f88 100644
--- a/src/Sitecore.Ship.Core/Contracts/ICheckRequests.cs
+++ b/src/Sitecore.Ship.Core/Contracts/ICheckRequests.cs
@@ -1,9 +1,13 @@
-namespace Sitecore.Ship.Core.Contracts
+using System.Collections.Specialized;
+
+namespace Sitecore.Ship.Core.Contracts
 {
     public interface ICheckRequests
     {
         bool IsLocal { get; }
 
         string UserHostAddress { get; }
+
+        NameValueCollection Headers { get; }
     }
 }
\ No newline at end of file
diff --git a/src/Sitecore.Ship.Core/Domain/PackageInstallationSettings.cs b/src/Sitecore.Ship.Core/Domain/PackageInstallationSettings.cs
index f2bcc33..e774d12 100644
--- a/src/Sitecore.Ship.Core/Domain/PackageInstallationSettings.cs
+++ b/src/Sitecore.Ship.Core/Domain/PackageInstallationSettings.cs
@@ -22,5 +22,8 @@ public PackageInstallationSettings()
         public bool MuteAuthorisationFailureLogging { get; set; }
 
         public bool HasAddressWhitelist { get { return AddressWhitelist.Count > 0; } }
+
+        public string AccessToken { get; set; }
+        public bool TokenRequired { get { return !string.IsNullOrWhiteSpace(AccessToken); } }
     }
 }
\ No newline at end of file
diff --git a/src/Sitecore.Ship.Core/HttpRequestAuthoriser.cs b/src/Sitecore.Ship.Core/HttpRequestAuthoriser.cs
index 44121a6..81cea3b 100644
--- a/src/Sitecore.Ship.Core/HttpRequestAuthoriser.cs
+++ b/src/Sitecore.Ship.Core/HttpRequestAuthoriser.cs
@@ -48,6 +48,14 @@ public bool IsAllowed()
                 }
             }
 
+            if (_packageInstallationSettings.TokenRequired)
+            {
+                var tokenAuthorizer = new AccessTokenAuthoriser(_checkRequests, _packageInstallationSettings, _logger);
+                var authorized = tokenAuthorizer.IsAllowed();
+                if (!authorized)
+                    return false;
+            }
+
             return true;
         }
 
diff --git a/src/Sitecore.Ship.Core/Sitecore.Ship.Core.csproj b/src/Sitecore.Ship.Core/Sitecore.Ship.Core.csproj
index 6b86010..39fdc68 100644
--- a/src/Sitecore.Ship.Core/Sitecore.Ship.Core.csproj
+++ b/src/Sitecore.Ship.Core/Sitecore.Ship.Core.csproj
@@ -48,6 +48,7 @@
     <Compile Include="..\Common\CommonVersionInfo.cs">
       <Link>Properties\CommonVersionInfo.cs</Link>
     </Compile>
+    <Compile Include="AccessTokenAuthoriser.cs" />
     <Compile Include="Contracts\IAuthoriser.cs" />
     <Compile Include="Contracts\ICheckRequests.cs" />
     <Compile Include="Contracts\IConfigurationProvider.cs" />
diff --git a/src/Sitecore.Ship.Infrastructure/Configuration/PackageInstallationConfiguration.cs b/src/Sitecore.Ship.Infrastructure/Configuration/PackageInstallationConfiguration.cs
index ffb5f01..352624d 100644
--- a/src/Sitecore.Ship.Infrastructure/Configuration/PackageInstallationConfiguration.cs
+++ b/src/Sitecore.Ship.Infrastructure/Configuration/PackageInstallationConfiguration.cs
@@ -11,6 +11,7 @@ public class PackageInstallationConfiguration : ConfigurationSection
         const string RecordInstallationHistoryKey = "recordInstallationHistory";
         const string WhitelistElementName = "Whitelist";
         const string MuteAuthorisationFailureLoggingKey = "muteAuthorisationFailureLogging";
+        const string AccessTokenKey = "accessToken";
 
         public static PackageInstallationConfiguration GetConfiguration()
         {
@@ -38,6 +39,9 @@ public WhitelistCollection Whitelist
 
         [ConfigurationProperty(MuteAuthorisationFailureLoggingKey, IsRequired = false, DefaultValue = false)]
         public bool MuteAuthorisationFailureLogging { get { return (bool)this[MuteAuthorisationFailureLoggingKey]; } }
+
+        [ConfigurationProperty(AccessTokenKey, IsRequired = false, DefaultValue = "")]
+        public string AccessToken { get { return (string)this[AccessTokenKey]; } }
     }
 
     [ConfigurationCollection(typeof(WhitelistElement))]
diff --git a/src/Sitecore.Ship.Infrastructure/Configuration/PackageInstallationConfigurationProvider.cs b/src/Sitecore.Ship.Infrastructure/Configuration/PackageInstallationConfigurationProvider.cs
index ccd94a8..c58a57b 100644
--- a/src/Sitecore.Ship.Infrastructure/Configuration/PackageInstallationConfigurationProvider.cs
+++ b/src/Sitecore.Ship.Infrastructure/Configuration/PackageInstallationConfigurationProvider.cs
@@ -15,7 +15,8 @@ public PackageInstallationConfigurationProvider()
                                AllowRemoteAccess = config.AllowRemoteAccess,
                                AllowPackageStreaming = config.AllowPackageStreaming,
                                RecordInstallationHistory = config.RecordInstallationHistory,
-                               MuteAuthorisationFailureLogging = config.MuteAuthorisationFailureLogging
+                               MuteAuthorisationFailureLogging = config.MuteAuthorisationFailureLogging,
+                               AccessToken = config.AccessToken
                            };
 
             if (config.Whitelist.Count > 0)
diff --git a/src/Sitecore.Ship.Infrastructure/Web/HttpRequestChecker.cs b/src/Sitecore.Ship.Infrastructure/Web/HttpRequestChecker.cs
index 87937fc..eea5f1f 100644
--- a/src/Sitecore.Ship.Infrastructure/Web/HttpRequestChecker.cs
+++ b/src/Sitecore.Ship.Infrastructure/Web/HttpRequestChecker.cs
@@ -1,4 +1,5 @@
-using System.Web;
+using System.Collections.Specialized;
+using System.Web;
 using Sitecore.Ship.Core.Contracts;
 
 namespace Sitecore.Ship.Infrastructure.Web
@@ -14,5 +15,10 @@ public string UserHostAddress
         {
             get { return HttpContext.Current.Request.UserHostAddress; }
         }
+
+        public NameValueCollection Headers 
+        {
+            get { return HttpContext.Current.Request.Headers; } 
+        }
     }
 }
\ No newline at end of file
diff --git a/tests/acceptance-test/Sitecore.Ship.AspNet.Web.Accept.Test/Sitecore.Ship.AspNet.Web.Accept.Test.csproj b/tests/acceptance-test/Sitecore.Ship.AspNet.Web.Accept.Test/Sitecore.Ship.AspNet.Web.Accept.Test.csproj
index 0061534..c3b5b2e 100644
--- a/tests/acceptance-test/Sitecore.Ship.AspNet.Web.Accept.Test/Sitecore.Ship.AspNet.Web.Accept.Test.csproj
+++ b/tests/acceptance-test/Sitecore.Ship.AspNet.Web.Accept.Test/Sitecore.Ship.AspNet.Web.Accept.Test.csproj
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props" Condition="Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props')" />
+  <Import Project="..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props" Condition="Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props')" />
   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
   <PropertyGroup>
     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
@@ -22,7 +22,7 @@
     <IISExpressUseClassicPipelineMode />
     <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\..\..\</SolutionDir>
     <RestorePackages>true</RestorePackages>
-    <NuGetPackageImportStamp>e34a2b6a</NuGetPackageImportStamp>
+    <NuGetPackageImportStamp>be5dc727</NuGetPackageImportStamp>
     <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
@@ -115,7 +115,7 @@
     <PropertyGroup>
       <ErrorText>This project references NuGet package(s) that are missing on this computer. Enable NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
     </PropertyGroup>
-    <Error Condition="!Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props'))" />
+    <Error Condition="!Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props'))" />
   </Target>
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.
diff --git a/tests/acceptance-test/Sitecore.Ship.AspNet.Web.Accept.Test/packages.config b/tests/acceptance-test/Sitecore.Ship.AspNet.Web.Accept.Test/packages.config
index 8c3983d..802922a 100644
--- a/tests/acceptance-test/Sitecore.Ship.AspNet.Web.Accept.Test/packages.config
+++ b/tests/acceptance-test/Sitecore.Ship.AspNet.Web.Accept.Test/packages.config
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
   <package id="Sitecore.Ship.AspNet" version="0.3.4" targetFramework="net40" />
-  <package id="xunit.runner.visualstudio" version="2.0.0-rc3-build1046" targetFramework="net40" />
+  <package id="xunit.runner.visualstudio" version="2.0.0" targetFramework="net45" />
 </packages>
\ No newline at end of file
diff --git a/tests/intg-test/Sitecore.Ship.Infrastructure.Intg.Test/App.config b/tests/intg-test/Sitecore.Ship.Infrastructure.Intg.Test/App.config
index bd7504b..26fcdf5 100644
--- a/tests/intg-test/Sitecore.Ship.Infrastructure.Intg.Test/App.config
+++ b/tests/intg-test/Sitecore.Ship.Infrastructure.Intg.Test/App.config
@@ -3,7 +3,7 @@
   <configSections>
     <section name="packageInstallation" type="Sitecore.Ship.Infrastructure.Configuration.PackageInstallationConfiguration, Sitecore.Ship.Infrastructure" />
   </configSections>
-  <packageInstallation enabled="true" allowRemote="true" allowPackageStreaming="true" recordInstallationHistory="true">
+  <packageInstallation enabled="true" allowRemote="true" allowPackageStreaming="true" recordInstallationHistory="true" accessToken="some-key">
     <Whitelist>
       <add name="Allowed machine 1" IP="1.2.3.4" />
       <add name="Allowed machine 2" IP="2.3.4.5" />
diff --git a/tests/intg-test/Sitecore.Ship.Infrastructure.Intg.Test/PackageInstallationConfigurationTests.cs b/tests/intg-test/Sitecore.Ship.Infrastructure.Intg.Test/PackageInstallationConfigurationTests.cs
index 96ab85e..5bd7efe 100644
--- a/tests/intg-test/Sitecore.Ship.Infrastructure.Intg.Test/PackageInstallationConfigurationTests.cs
+++ b/tests/intg-test/Sitecore.Ship.Infrastructure.Intg.Test/PackageInstallationConfigurationTests.cs
@@ -55,5 +55,11 @@ public void PackageInstallation_recordInstallationHistory_can_be_set_true()
         {
             _section.RecordInstallationHistory.ShouldBeTrue();
         }
+
+        [Fact]
+        public void PackageInstallation_accessKey_can_be_set()
+        {
+            _section.AccessToken.ShouldEqual("some-key");
+        }
     }
 }
diff --git a/tests/intg-test/Sitecore.Ship.Infrastructure.Intg.Test/Sitecore.Ship.Infrastructure.Intg.Test.csproj b/tests/intg-test/Sitecore.Ship.Infrastructure.Intg.Test/Sitecore.Ship.Infrastructure.Intg.Test.csproj
index 0bd50bd..a5a6ddf 100644
--- a/tests/intg-test/Sitecore.Ship.Infrastructure.Intg.Test/Sitecore.Ship.Infrastructure.Intg.Test.csproj
+++ b/tests/intg-test/Sitecore.Ship.Infrastructure.Intg.Test/Sitecore.Ship.Infrastructure.Intg.Test.csproj
@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props" Condition="Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props')" />
+  <Import Project="..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props" Condition="Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props')" />
+  <Import Project="..\..\..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props" Condition="Exists('..\..\..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props')" />
   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
   <PropertyGroup>
     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
@@ -15,7 +16,7 @@
     <FileAlignment>512</FileAlignment>
     <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\..\..\</SolutionDir>
     <RestorePackages>true</RestorePackages>
-    <NuGetPackageImportStamp>2d90dd8b</NuGetPackageImportStamp>
+    <NuGetPackageImportStamp>7b66054b</NuGetPackageImportStamp>
     <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
@@ -50,9 +51,14 @@
     <Reference Include="Microsoft.CSharp" />
     <Reference Include="System.Data" />
     <Reference Include="System.Xml" />
-    <Reference Include="xunit, Version=1.9.1.1600, Culture=neutral, PublicKeyToken=8d05b1bb7a6fdb6c, processorArchitecture=MSIL">
-      <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\..\..\packages\xunit.1.9.2\lib\net20\xunit.dll</HintPath>
+    <Reference Include="xunit.abstractions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=8d05b1bb7a6fdb6c, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\xunit.abstractions.2.0.0\lib\net35\xunit.abstractions.dll</HintPath>
+    </Reference>
+    <Reference Include="xunit.assert">
+      <HintPath>..\..\..\packages\xunit.assert.2.0.0\lib\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.assert.dll</HintPath>
+    </Reference>
+    <Reference Include="xunit.core">
+      <HintPath>..\..\..\packages\xunit.extensibility.core.2.0.0\lib\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.dll</HintPath>
     </Reference>
   </ItemGroup>
   <ItemGroup>
@@ -91,7 +97,8 @@
     <PropertyGroup>
       <ErrorText>This project references NuGet package(s) that are missing on this computer. Enable NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
     </PropertyGroup>
-    <Error Condition="!Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props'))" />
+    <Error Condition="!Exists('..\..\..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props'))" />
+    <Error Condition="!Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props'))" />
   </Target>
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.
diff --git a/tests/intg-test/Sitecore.Ship.Infrastructure.Intg.Test/packages.config b/tests/intg-test/Sitecore.Ship.Infrastructure.Intg.Test/packages.config
index 88dc33f..870cae4 100644
--- a/tests/intg-test/Sitecore.Ship.Infrastructure.Intg.Test/packages.config
+++ b/tests/intg-test/Sitecore.Ship.Infrastructure.Intg.Test/packages.config
@@ -1,6 +1,10 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
   <package id="Should" version="1.1.20" targetFramework="net40" />
-  <package id="xunit" version="1.9.2" targetFramework="net40" />
-  <package id="xunit.runner.visualstudio" version="2.0.0-rc3-build1046" targetFramework="net40" />
+  <package id="xunit" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.abstractions" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.assert" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.core" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.extensibility.core" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.runner.visualstudio" version="2.0.0" targetFramework="net45" />
 </packages>
\ No newline at end of file
diff --git a/tests/unit-test/Sitecore.Ship.AspNet.Test/Sitecore.Ship.AspNet.Test.csproj b/tests/unit-test/Sitecore.Ship.AspNet.Test/Sitecore.Ship.AspNet.Test.csproj
index f2fbce6..1f35c13 100644
--- a/tests/unit-test/Sitecore.Ship.AspNet.Test/Sitecore.Ship.AspNet.Test.csproj
+++ b/tests/unit-test/Sitecore.Ship.AspNet.Test/Sitecore.Ship.AspNet.Test.csproj
@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props" Condition="Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props')" />
+  <Import Project="..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props" Condition="Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props')" />
+  <Import Project="..\..\..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props" Condition="Exists('..\..\..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props')" />
   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
   <PropertyGroup>
     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
@@ -15,7 +16,7 @@
     <TargetFrameworkProfile />
     <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\..\..\</SolutionDir>
     <RestorePackages>true</RestorePackages>
-    <NuGetPackageImportStamp>ae303cfc</NuGetPackageImportStamp>
+    <NuGetPackageImportStamp>083515df</NuGetPackageImportStamp>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <DebugSymbols>true</DebugSymbols>
@@ -56,9 +57,14 @@
     <Reference Include="Microsoft.CSharp" />
     <Reference Include="System.Data" />
     <Reference Include="System.Xml" />
-    <Reference Include="xunit, Version=1.9.2.1705, Culture=neutral, PublicKeyToken=8d05b1bb7a6fdb6c, processorArchitecture=MSIL">
-      <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\..\..\packages\xunit.1.9.2\lib\net20\xunit.dll</HintPath>
+    <Reference Include="xunit.abstractions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=8d05b1bb7a6fdb6c, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\xunit.abstractions.2.0.0\lib\net35\xunit.abstractions.dll</HintPath>
+    </Reference>
+    <Reference Include="xunit.assert">
+      <HintPath>..\..\..\packages\xunit.assert.2.0.0\lib\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.assert.dll</HintPath>
+    </Reference>
+    <Reference Include="xunit.core">
+      <HintPath>..\..\..\packages\xunit.extensibility.core.2.0.0\lib\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.dll</HintPath>
     </Reference>
   </ItemGroup>
   <ItemGroup>
@@ -90,7 +96,8 @@
     <PropertyGroup>
       <ErrorText>This project references NuGet package(s) that are missing on this computer. Enable NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
     </PropertyGroup>
-    <Error Condition="!Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props'))" />
+    <Error Condition="!Exists('..\..\..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props'))" />
+    <Error Condition="!Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props'))" />
   </Target>
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.
diff --git a/tests/unit-test/Sitecore.Ship.AspNet.Test/packages.config b/tests/unit-test/Sitecore.Ship.AspNet.Test/packages.config
index 4da7ec3..7183c2c 100644
--- a/tests/unit-test/Sitecore.Ship.AspNet.Test/packages.config
+++ b/tests/unit-test/Sitecore.Ship.AspNet.Test/packages.config
@@ -4,6 +4,10 @@
   <package id="Moq" version="4.2.1402.2112" targetFramework="net40" />
   <package id="Nancy" version="0.23.2" targetFramework="net40" />
   <package id="Nancy.Testing" version="0.23.2" targetFramework="net40" />
-  <package id="xunit" version="1.9.2" targetFramework="net40" />
-  <package id="xunit.runner.visualstudio" version="2.0.0-rc3-build1046" targetFramework="net40" />
+  <package id="xunit" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.abstractions" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.assert" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.core" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.extensibility.core" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.runner.visualstudio" version="2.0.0" targetFramework="net45" />
 </packages>
\ No newline at end of file
diff --git a/tests/unit-test/Sitecore.Ship.Core.Test/HttpRequestAuthoriser/AccessTokenAuthoriserBehaviour.cs b/tests/unit-test/Sitecore.Ship.Core.Test/HttpRequestAuthoriser/AccessTokenAuthoriserBehaviour.cs
new file mode 100644
index 0000000..36ac2be
--- /dev/null
+++ b/tests/unit-test/Sitecore.Ship.Core.Test/HttpRequestAuthoriser/AccessTokenAuthoriserBehaviour.cs
@@ -0,0 +1,128 @@
+using System.Collections.Specialized;
+using Xunit;
+
+namespace Sitecore.Ship.Core.Test.HttpRequestAuthoriser
+{
+    public class AccessTokenAuthoriserBehaviour : HttpRequestAuthoriserTest
+    {
+        public AccessTokenAuthoriserBehaviour()
+        {
+            PackageInstallationSettings.AllowRemoteAccess = true;
+            PackageInstallationSettings.AccessToken = "MyToken";
+        }
+        
+        [Fact]
+        public void Should_return_true_when_configuration_settings_token_is_empty()
+        {
+            // Arrange
+            PackageInstallationSettings.AccessToken = string.Empty;
+
+            // Act
+            var isAllowed = RequestAuthoriser.IsAllowed();
+
+            // Assert
+            Assert.True(isAllowed);
+        }
+
+        [Fact]
+        public void Should_return_false_when_headers_are_not_defined()
+        {
+            // Arrange
+
+            // Act
+            var isAllowed = RequestAuthoriser.IsAllowed();
+
+            // Assert
+            Assert.False(isAllowed);
+        }
+
+        [Fact]
+        public void Should_return_false_when_authorization_header_is_not_defined()
+        {
+            // Arrange
+            CheckRequests.Setup(x => x.Headers).Returns(new NameValueCollection
+            {
+                {"Accept-Language", "en-US"}
+            });
+
+            // Act
+            var isAllowed = RequestAuthoriser.IsAllowed();
+
+            // Assert
+            Assert.False(isAllowed);
+        }
+
+        [Theory]
+        [InlineData("bearer MyToken")]
+        [InlineData("Bearer MyToken")]
+        [InlineData("Bearer    MyToken")]
+        [InlineData("Bearer MyToken  ")]
+        public void Should_return_true_when_tokens_match_each_other(string authorizationHeader)
+        {
+            // Arrange
+            CheckRequests.Setup(x => x.Headers).Returns(new NameValueCollection
+            {
+                {"Authorization", authorizationHeader}
+            });
+
+            // Act
+            var isAllowed = RequestAuthoriser.IsAllowed();
+
+            // Assert
+            Assert.True(isAllowed);
+        }
+
+        [Fact]
+        public void Should_return_false_when_different_authentication_sceme_used()
+        {
+            // Arrange
+            CheckRequests.Setup(x => x.Headers).Returns(new NameValueCollection
+            {
+                {"Authorization", "Basic MyToken"}
+            });
+
+            // Act
+            var isAllowed = RequestAuthoriser.IsAllowed();
+
+            // Assert
+            Assert.False(isAllowed);
+        }
+
+        [Theory]
+        //tokens are case sensitive
+        [InlineData("mytoken")]
+        [InlineData("wrong-values")]
+        public void Should_return_false_when_wrong_token_provided(string token)
+        {
+            // Arrange
+            CheckRequests.Setup(x => x.Headers).Returns(new NameValueCollection
+            {
+                {"Authorization", "Bearer " + token}
+            });
+
+            // Act
+            var isAllowed = RequestAuthoriser.IsAllowed();
+
+            // Assert
+            Assert.False(isAllowed);
+        }
+
+        [Fact]
+        public void Should_return_true_when_several_scemes_used_but_one_is_correct()
+        {
+            // Arrange
+            CheckRequests.Setup(x => x.Headers).Returns(new NameValueCollection
+            {
+                {"Authorization", "Basic MyToken"},
+                {"Authorization", "Bearer MyToken"}
+            });
+
+            // Act
+            var isAllowed = RequestAuthoriser.IsAllowed();
+
+            // Assert
+            Assert.True(isAllowed);
+        }
+
+    }
+}
diff --git a/tests/unit-test/Sitecore.Ship.Core.Test/HttpRequestAuthoriser/HttpRequestAuthoriserTests.cs b/tests/unit-test/Sitecore.Ship.Core.Test/HttpRequestAuthoriser/HttpRequestAuthoriserBehaviour.cs
similarity index 100%
rename from tests/unit-test/Sitecore.Ship.Core.Test/HttpRequestAuthoriser/HttpRequestAuthoriserTests.cs
rename to tests/unit-test/Sitecore.Ship.Core.Test/HttpRequestAuthoriser/HttpRequestAuthoriserBehaviour.cs
diff --git a/tests/unit-test/Sitecore.Ship.Core.Test/HttpRequestAuthoriser/Logging/AccessTokenAuthoriserLoggingBehaviour.cs b/tests/unit-test/Sitecore.Ship.Core.Test/HttpRequestAuthoriser/Logging/AccessTokenAuthoriserLoggingBehaviour.cs
new file mode 100644
index 0000000..10924a5
--- /dev/null
+++ b/tests/unit-test/Sitecore.Ship.Core.Test/HttpRequestAuthoriser/Logging/AccessTokenAuthoriserLoggingBehaviour.cs
@@ -0,0 +1,80 @@
+using System.Collections.Specialized;
+using Moq;
+using Should;
+using Xunit;
+
+namespace Sitecore.Ship.Core.Test.HttpRequestAuthoriser.Logging
+{
+    public class AccessTokenAuthoriserLoggingBehaviour : HttpRequestAuthoriserLoggingTest
+    {
+        public AccessTokenAuthoriserLoggingBehaviour()
+        {
+            PackageInstallationSettings.AllowRemoteAccess = true;
+            PackageInstallationSettings.AccessToken = "MyToken";
+        }
+
+        [Fact]
+        public void Should_log_authorisation_failures_for_missing_authorization_header()
+        {
+            //Act
+            RequestAuthoriser.IsAllowed();
+
+            //Assert
+            Logger.Verify(x => x.Write(It.IsAny<string>()), Times.Once());
+            DiagnosticMessage.ShouldContain("Authorization");
+            DiagnosticMessage.ShouldContain("missing");
+        }
+
+        [Fact]
+        public void Should_log_authorisation_failures_for_wrong_authentication_scheme()
+        {
+            //Arrange
+            CheckRequests.Setup(x => x.Headers).Returns(new NameValueCollection
+            {
+                {"Authorization", "Basic MyToken"}
+            });
+
+
+            //Act
+            RequestAuthoriser.IsAllowed();
+
+            //Assert
+            Logger.Verify(x => x.Write(It.IsAny<string>()), Times.Once());
+            DiagnosticMessage.ShouldContain("Bearer");
+            DiagnosticMessage.ShouldContain("required");
+        }
+
+        [Fact]
+        public void Should_log_authorisation_failures_for_wrong_token()
+        {
+            //Arrange
+            CheckRequests.Setup(x => x.Headers).Returns(new NameValueCollection
+            {
+                {"Authorization", "Bearer NotValid"}
+            });
+            
+            //Act
+            RequestAuthoriser.IsAllowed();
+
+            //Assert
+            Logger.Verify(x => x.Write(It.IsAny<string>()), Times.Once());
+            DiagnosticMessage.ShouldContain("Token");
+        }
+
+        [Fact]
+        public void Should_not_log_success_authorisation()
+        {
+            //Arrange
+            CheckRequests.Setup(x => x.Headers).Returns(new NameValueCollection
+            {
+                {"Authorization", "Bearer MyToken"}
+            });
+            
+            //Act
+            RequestAuthoriser.IsAllowed();
+
+            //Assert
+            Logger.Verify(x => x.Write(It.IsAny<string>()), Times.Never());
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/unit-test/Sitecore.Ship.Core.Test/HttpRequestAuthoriser/Logging/HttpRequestAuthoriserLoggingBehaviour.cs b/tests/unit-test/Sitecore.Ship.Core.Test/HttpRequestAuthoriser/Logging/HttpRequestAuthoriserLoggingBehaviour.cs
index 554e29c..efe51a5 100644
--- a/tests/unit-test/Sitecore.Ship.Core.Test/HttpRequestAuthoriser/Logging/HttpRequestAuthoriserLoggingBehaviour.cs
+++ b/tests/unit-test/Sitecore.Ship.Core.Test/HttpRequestAuthoriser/Logging/HttpRequestAuthoriserLoggingBehaviour.cs
@@ -3,20 +3,6 @@
 
 namespace Sitecore.Ship.Core.Test.HttpRequestAuthoriser.Logging
 {
-    public class HttpRequestAuthoriserLoggingBehaviour : HttpRequestAuthoriserLoggingTest
-    {
-        public HttpRequestAuthoriserLoggingBehaviour()
-        {
-            RequestAuthoriser.IsAllowed();            
-        }
-
-        [Fact]
-        public void Should_not_log_authorisation_succeeding()
-        {
-            Logger.Verify(x => x.Write(It.IsAny<string>()), Times.Never());
-        }
-    }
-
     public class HttpRequestAuthoriserLoggingConfigurationBehaviour : HttpRequestAuthoriserLoggingTest
     {
         public HttpRequestAuthoriserLoggingConfigurationBehaviour()
diff --git a/tests/unit-test/Sitecore.Ship.Core.Test/Sitecore.Ship.Core.Test.csproj b/tests/unit-test/Sitecore.Ship.Core.Test/Sitecore.Ship.Core.Test.csproj
index 3f5cd65..05d90f5 100644
--- a/tests/unit-test/Sitecore.Ship.Core.Test/Sitecore.Ship.Core.Test.csproj
+++ b/tests/unit-test/Sitecore.Ship.Core.Test/Sitecore.Ship.Core.Test.csproj
@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props" Condition="Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props')" />
+  <Import Project="..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props" Condition="Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props')" />
+  <Import Project="..\..\..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props" Condition="Exists('..\..\..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props')" />
   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
   <PropertyGroup>
     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
@@ -16,7 +17,7 @@
     <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\..\..\</SolutionDir>
     <RestorePackages>true</RestorePackages>
     <TargetFrameworkProfile />
-    <NuGetPackageImportStamp>4252d0e8</NuGetPackageImportStamp>
+    <NuGetPackageImportStamp>079e9f8f</NuGetPackageImportStamp>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <DebugSymbols>true</DebugSymbols>
@@ -62,14 +63,20 @@
     <Reference Include="Microsoft.CSharp" />
     <Reference Include="System.Data" />
     <Reference Include="System.Xml" />
-    <Reference Include="xunit, Version=1.9.2.1705, Culture=neutral, PublicKeyToken=8d05b1bb7a6fdb6c, processorArchitecture=MSIL">
-      <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\..\..\packages\xunit.1.9.2\lib\net20\xunit.dll</HintPath>
-      <Private>True</Private>
+    <Reference Include="xunit.abstractions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=8d05b1bb7a6fdb6c, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\xunit.abstractions.2.0.0\lib\net35\xunit.abstractions.dll</HintPath>
+    </Reference>
+    <Reference Include="xunit.assert">
+      <HintPath>..\..\..\packages\xunit.assert.2.0.0\lib\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.assert.dll</HintPath>
+    </Reference>
+    <Reference Include="xunit.core">
+      <HintPath>..\..\..\packages\xunit.extensibility.core.2.0.0\lib\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.dll</HintPath>
     </Reference>
   </ItemGroup>
   <ItemGroup>
     <Compile Include="CouplingTests.cs" />
+    <Compile Include="HttpRequestAuthoriser\AccessTokenAuthoriserBehaviour.cs" />
+    <Compile Include="HttpRequestAuthoriser\Logging\AccessTokenAuthoriserLoggingBehaviour.cs" />
     <Compile Include="HttpRequestAuthoriser\Logging\HttpRequestAuthoriserLoggingBehaviour.cs" />
     <Compile Include="HttpRequestAuthoriser\Logging\HttpRequestAuthoriserLoggingDisabledBehaviour.cs" />
     <Compile Include="HttpRequestAuthoriser\Logging\HttpRequestAuthoriserLoggingRemoteAccessBehaviour.cs" />
@@ -78,7 +85,7 @@
     <Compile Include="HttpRequestAuthoriser\Logging\HttpRequestAuthoriserLoggingWhitelistBehaviour.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
     <Compile Include="Services\InstallationRecorderTests.cs" />
-    <Compile Include="HttpRequestAuthoriser\HttpRequestAuthoriserTests.cs" />
+    <Compile Include="HttpRequestAuthoriser\HttpRequestAuthoriserBehaviour.cs" />
     <Compile Include="Services\ZipEntryDataParserTests.cs" />
   </ItemGroup>
   <ItemGroup>
@@ -103,7 +110,8 @@
     <PropertyGroup>
       <ErrorText>This project references NuGet package(s) that are missing on this computer. Enable NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
     </PropertyGroup>
-    <Error Condition="!Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props'))" />
+    <Error Condition="!Exists('..\..\..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props'))" />
+    <Error Condition="!Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props'))" />
   </Target>
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.
diff --git a/tests/unit-test/Sitecore.Ship.Core.Test/packages.config b/tests/unit-test/Sitecore.Ship.Core.Test/packages.config
index e978728..81d1bc6 100644
--- a/tests/unit-test/Sitecore.Ship.Core.Test/packages.config
+++ b/tests/unit-test/Sitecore.Ship.Core.Test/packages.config
@@ -5,6 +5,10 @@
   <package id="Nancy" version="0.23.2" targetFramework="net40" />
   <package id="Nancy.Testing" version="0.23.2" targetFramework="net40" />
   <package id="Should" version="1.1.20" targetFramework="net40" />
-  <package id="xunit" version="1.9.2" targetFramework="net40" />
-  <package id="xunit.runner.visualstudio" version="2.0.0-rc3-build1046" targetFramework="net40" />
+  <package id="xunit" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.abstractions" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.assert" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.core" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.extensibility.core" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.runner.visualstudio" version="2.0.0" targetFramework="net45" />
 </packages>
\ No newline at end of file
diff --git a/tests/unit-test/Sitecore.Ship.Test/Sitecore.Ship.Test.csproj b/tests/unit-test/Sitecore.Ship.Test/Sitecore.Ship.Test.csproj
index 69b65e6..0bc4c10 100644
--- a/tests/unit-test/Sitecore.Ship.Test/Sitecore.Ship.Test.csproj
+++ b/tests/unit-test/Sitecore.Ship.Test/Sitecore.Ship.Test.csproj
@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props" Condition="Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props')" />
+  <Import Project="..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props" Condition="Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props')" />
+  <Import Project="..\..\..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props" Condition="Exists('..\..\..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props')" />
   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
   <PropertyGroup>
     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
@@ -15,7 +16,7 @@
     <TargetFrameworkProfile />
     <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\..\..\</SolutionDir>
     <RestorePackages>true</RestorePackages>
-    <NuGetPackageImportStamp>2c3d64b2</NuGetPackageImportStamp>
+    <NuGetPackageImportStamp>e55ae358</NuGetPackageImportStamp>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <DebugSymbols>true</DebugSymbols>
@@ -67,9 +68,14 @@
     <Reference Include="Microsoft.CSharp" />
     <Reference Include="System.Data" />
     <Reference Include="System.Xml" />
-    <Reference Include="xunit, Version=1.9.2.1705, Culture=neutral, PublicKeyToken=8d05b1bb7a6fdb6c, processorArchitecture=MSIL">
-      <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\..\..\packages\xunit.1.9.2\lib\net20\xunit.dll</HintPath>
+    <Reference Include="xunit.abstractions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=8d05b1bb7a6fdb6c, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\xunit.abstractions.2.0.0\lib\net35\xunit.abstractions.dll</HintPath>
+    </Reference>
+    <Reference Include="xunit.assert">
+      <HintPath>..\..\..\packages\xunit.assert.2.0.0\lib\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.assert.dll</HintPath>
+    </Reference>
+    <Reference Include="xunit.core">
+      <HintPath>..\..\..\packages\xunit.extensibility.core.2.0.0\lib\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.dll</HintPath>
     </Reference>
   </ItemGroup>
   <ItemGroup>
@@ -114,7 +120,8 @@
     <PropertyGroup>
       <ErrorText>This project references NuGet package(s) that are missing on this computer. Enable NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
     </PropertyGroup>
-    <Error Condition="!Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\xunit.runner.visualstudio.2.0.0-rc3-build1046\build\net20\xunit.runner.visualstudio.props'))" />
+    <Error Condition="!Exists('..\..\..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props'))" />
+    <Error Condition="!Exists('..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props'))" />
   </Target>
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.
diff --git a/tests/unit-test/Sitecore.Ship.Test/packages.config b/tests/unit-test/Sitecore.Ship.Test/packages.config
index 2c36705..17107db 100644
--- a/tests/unit-test/Sitecore.Ship.Test/packages.config
+++ b/tests/unit-test/Sitecore.Ship.Test/packages.config
@@ -6,6 +6,10 @@
   <package id="Nancy.Testing" version="0.23.2" targetFramework="net40" />
   <package id="Newtonsoft.Json" version="6.0.6" targetFramework="net40" />
   <package id="Should" version="1.1.20" targetFramework="net40" />
-  <package id="xunit" version="1.9.2" targetFramework="net40" />
-  <package id="xunit.runner.visualstudio" version="2.0.0-rc3-build1046" targetFramework="net40" />
+  <package id="xunit" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.abstractions" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.assert" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.core" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.extensibility.core" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.runner.visualstudio" version="2.0.0" targetFramework="net45" />
 </packages>
\ No newline at end of file

From 9be35568d15af862eab4bb0dfbec872241fb813e Mon Sep 17 00:00:00 2001
From: Dmitry Harnitski <dmitry@brainjocks.com>
Date: Thu, 7 May 2015 11:46:33 -0400
Subject: [PATCH 2/6] fix Build by updating references to xUnit 2.0.0

---
 build/build.props                |  2 +-
 tests/TestUtils/TestUtils.csproj | 11 +++++++++++
 tests/TestUtils/packages.config  |  4 ++++
 3 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 tests/TestUtils/packages.config

diff --git a/build/build.props b/build/build.props
index 088369b..dd2c699 100644
--- a/build/build.props
+++ b/build/build.props
@@ -16,7 +16,7 @@
     <OutputHtmlFile>$(TestResultsPath)\TestResults.html</OutputHtmlFile>
     <OutputXmlFile>$(TestResultsPath)\TestResults.xml</OutputXmlFile>
     <ToolsPath>$(ProjectRoot)\tools</ToolsPath>
-    <XunitPath>$(ProjectRoot)\packages\xunit.1.9.2\lib\net20</XunitPath>
+    <XunitPath>$(ProjectRoot)\packages\xunit.runner.msbuild.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS</XunitPath>
     <CurlPath>$(ToolsPath)\curl</CurlPath>
     <CurlExePath>$(CurlPath)\curl.exe</CurlExePath>
   </PropertyGroup>
diff --git a/tests/TestUtils/TestUtils.csproj b/tests/TestUtils/TestUtils.csproj
index b3eecde..6af3464 100644
--- a/tests/TestUtils/TestUtils.csproj
+++ b/tests/TestUtils/TestUtils.csproj
@@ -1,5 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="..\..\packages\xunit.runner.msbuild.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.runner.msbuild.props" Condition="Exists('..\..\packages\xunit.runner.msbuild.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.runner.msbuild.props')" />
   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
   <PropertyGroup>
     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
@@ -12,6 +13,8 @@
     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <TargetFrameworkProfile />
+    <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\..\</SolutionDir>
+    <RestorePackages>true</RestorePackages>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <DebugSymbols>true</DebugSymbols>
@@ -46,6 +49,14 @@
     <Compile Include="TypeExtensions.cs" />
   </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <Import Project="$(SolutionDir)\.nuget\NuGet.targets" Condition="Exists('$(SolutionDir)\.nuget\NuGet.targets')" />
+  <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
+    <PropertyGroup>
+      <ErrorText>This project references NuGet package(s) that are missing on this computer. Enable NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
+    </PropertyGroup>
+    <Error Condition="!Exists('$(SolutionDir)\.nuget\NuGet.targets')" Text="$([System.String]::Format('$(ErrorText)', '$(SolutionDir)\.nuget\NuGet.targets'))" />
+    <Error Condition="!Exists('..\..\packages\xunit.runner.msbuild.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.runner.msbuild.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\packages\xunit.runner.msbuild.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.runner.msbuild.props'))" />
+  </Target>
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.
   <Target Name="BeforeBuild">
diff --git a/tests/TestUtils/packages.config b/tests/TestUtils/packages.config
new file mode 100644
index 0000000..58a3a73
--- /dev/null
+++ b/tests/TestUtils/packages.config
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<packages>
+  <package id="xunit.runner.msbuild" version="2.0.0" targetFramework="net45" />
+</packages>
\ No newline at end of file

From 085107e2b38c36294b2f935a6effef512a1706bd Mon Sep 17 00:00:00 2001
From: Dmitry Harnitski <dmitry@brainjocks.com>
Date: Thu, 7 May 2015 14:29:26 -0400
Subject: [PATCH 3/6] bugfix - HttpHandled should not execute request if not
 Authorized unit test for Nancy Authorization

---
 build/Build.proj                              |  3 +
 src/Sitecore.Ship.AspNet/BaseHttpHandler.cs   |  1 +
 .../AccessTokenAuthoriser.cs                  |  2 +-
 .../Sitecore.Ship.Test/AuthorizationTests.cs  | 57 +++++++++++++++++++
 .../Sitecore.Ship.Test.csproj                 |  2 +
 .../Sitecore.Ship.Test/TestModule.cs          | 34 +++++++++++
 6 files changed, 98 insertions(+), 1 deletion(-)
 create mode 100644 tests/unit-test/Sitecore.Ship.Test/AuthorizationTests.cs
 create mode 100644 tests/unit-test/Sitecore.Ship.Test/TestModule.cs

diff --git a/build/Build.proj b/build/Build.proj
index aac8805..afb0ae1 100644
--- a/build/Build.proj
+++ b/build/Build.proj
@@ -45,6 +45,9 @@
     <!-- Ship About page -->
     <Exec Command="$(CurlExePath) -i $(TestWebsiteUrl)services/about" />
 
+    <!-- Test for Secure Token Authorization - add accessToken="some-key" to <packageInstallation> web.config section-->
+    <!-- <Exec Command="$(CurlExePath) -i -H &quot;Authorization: Bearer some-key&quot; $(TestWebsiteUrl)services/about" />-->	
+
     <!-- Install the SitecoreShip content package -->
     <Exec Command="$(CurlExePath) -i --form &quot;path=@$(SitecoreShipPackagePath)&quot; $(TestWebsiteUrl)services/package/install/fileupload -F &quot;PackageId=00&quot; -F &quot;Description=Sitecore Ship package&quot;"  />
 
diff --git a/src/Sitecore.Ship.AspNet/BaseHttpHandler.cs b/src/Sitecore.Ship.AspNet/BaseHttpHandler.cs
index 0401913..06d553c 100644
--- a/src/Sitecore.Ship.AspNet/BaseHttpHandler.cs
+++ b/src/Sitecore.Ship.AspNet/BaseHttpHandler.cs
@@ -37,6 +37,7 @@ public void ProcessRequest(HttpContext context)
             if (!_authoriser.IsAllowed())
             {
                 context.Response.StatusCode = (int) HttpStatusCode.Unauthorized;
+                return;
             }
 
             context.Items.Add(StartTime, DateTime.UtcNow);
diff --git a/src/Sitecore.Ship.Core/AccessTokenAuthoriser.cs b/src/Sitecore.Ship.Core/AccessTokenAuthoriser.cs
index 0882d14..bd873f5 100644
--- a/src/Sitecore.Ship.Core/AccessTokenAuthoriser.cs
+++ b/src/Sitecore.Ship.Core/AccessTokenAuthoriser.cs
@@ -8,7 +8,7 @@
 
 namespace Sitecore.Ship.Core
 {
-    public class AccessTokenAuthoriser : IAuthoriser
+    public class AccessTokenAuthoriser// : IAuthoriser - do not inherit from Interface to make sure that IoC dependencies resolution is not affected
     {
         private readonly ICheckRequests _checkRequests;
         private readonly PackageInstallationSettings _packageInstallationSettings;
diff --git a/tests/unit-test/Sitecore.Ship.Test/AuthorizationTests.cs b/tests/unit-test/Sitecore.Ship.Test/AuthorizationTests.cs
new file mode 100644
index 0000000..25c003b
--- /dev/null
+++ b/tests/unit-test/Sitecore.Ship.Test/AuthorizationTests.cs
@@ -0,0 +1,57 @@
+using Moq;
+using Nancy.Testing;
+using Sitecore.Ship.Core.Contracts;
+using Xunit;
+
+namespace Sitecore.Ship.Test
+{
+    public class AuthorizationTests
+    {
+        private readonly Mock<IAuthoriser> _mockAuthoriser;
+        private readonly Browser _browser;
+        private readonly Mock<IDepencency> _mockDependency;
+
+        public AuthorizationTests()
+        {
+            _mockAuthoriser = new Mock<IAuthoriser>();
+            _mockDependency = new Mock<IDepencency>();
+
+            var bootstrapper = new ConfigurableBootstrapper(with =>
+            {
+                //todo: mock module and Verify if EmptyMethod() called instead of using Dependency
+                with.Module<TestModule>();
+                //dependency is used for verification of method execution
+                with.Dependency(_mockAuthoriser.Object);
+                with.Dependency(_mockDependency.Object);
+            });
+
+            _browser = new Browser(bootstrapper);
+        }
+
+        [Fact]
+        public void method_executed_when_request_authorized()
+        {
+            //Arrange
+            _mockAuthoriser.Setup(x => x.IsAllowed()).Returns(true);
+
+            //Act
+            _browser.Get("/services/test/empty");
+
+            //Assert
+            _mockDependency.Verify(t => t.DoSomething(), Times.Once);
+        }
+
+        [Fact]
+        public void method_not_executed_when_request_not_authorized()
+        {
+            //Arrange
+            _mockAuthoriser.Setup(x => x.IsAllowed()).Returns(false);
+
+            //Act
+            _browser.Get("/services/test/empty");
+
+            //Assert
+            _mockDependency.Verify(t => t.DoSomething(), Times.Never);
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/unit-test/Sitecore.Ship.Test/Sitecore.Ship.Test.csproj b/tests/unit-test/Sitecore.Ship.Test/Sitecore.Ship.Test.csproj
index 0bc4c10..3b4040d 100644
--- a/tests/unit-test/Sitecore.Ship.Test/Sitecore.Ship.Test.csproj
+++ b/tests/unit-test/Sitecore.Ship.Test/Sitecore.Ship.Test.csproj
@@ -79,6 +79,7 @@
     </Reference>
   </ItemGroup>
   <ItemGroup>
+    <Compile Include="AuthorizationTests.cs" />
     <Compile Include="AboutModuleTests.cs" />
     <Compile Include="CouplingTests.cs" />
     <Compile Include="InstallationRecorderTests.cs" />
@@ -86,6 +87,7 @@
     <Compile Include="PackageInstallationSettingsBuilder.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
     <Compile Include="PublishModuleTests.cs" />
+    <Compile Include="TestModule.cs" />
   </ItemGroup>
   <ItemGroup>
     <None Include="app.config" />
diff --git a/tests/unit-test/Sitecore.Ship.Test/TestModule.cs b/tests/unit-test/Sitecore.Ship.Test/TestModule.cs
new file mode 100644
index 0000000..e7e34bb
--- /dev/null
+++ b/tests/unit-test/Sitecore.Ship.Test/TestModule.cs
@@ -0,0 +1,34 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using Nancy;
+using Sitecore.Ship.Core.Contracts;
+
+namespace Sitecore.Ship.Test
+{
+    public interface IDepencency
+    {
+        void DoSomething();
+    }
+
+    public class TestModule : ShipBaseModule
+    {
+        private readonly IDepencency _dependency;
+
+        public TestModule(IAuthoriser authoriser, IDepencency dependency)
+            : base(authoriser, "/services/test")
+        {
+            _dependency = dependency;
+            Get["/empty"] = EmptyMethod;
+        }
+
+        public virtual dynamic EmptyMethod(dynamic o)
+        {
+            _dependency.DoSomething();
+
+            return Response.AsJson(DateTime.Now);
+        }
+    }
+}

From 1093ba3f1ad0d20cd497af73e6a44e6c96e04a96 Mon Sep 17 00:00:00 2001
From: Dmitry Harnitski <dmitry@brainjocks.com>
Date: Fri, 8 May 2015 13:31:55 -0400
Subject: [PATCH 4/6] update documentation for token Authorization

---
 README.md | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 6232d26..ff4cde4 100644
--- a/README.md
+++ b/README.md
@@ -185,9 +185,9 @@ Issue a GET request to `/services/about`
 
 Shown below is a fully specified configuration section for Sitecore.Ship:
 
-    <packageInstallation enabled="true" allowRemote="true" allowPackageStreaming="true" recordInstallationHistory="true">
+    <packageInstallation enabled="true" allowRemote="true" allowPackageStreaming="true" recordInstallationHistory="true" accessToken="some-key">
       <Whitelist>
-        <add name="local loopback" IP="127.0.01" />
+        <add name="local loopback" IP="127.0.0.1" />
         <add name="Allowed machine 1" IP="10.20.3.4" />
         <add name="Allowed machine 2" IP="10.40.4.5" />
       </Whitelist>
@@ -201,6 +201,7 @@ Default configuration:
 * allowPackageStreaming = false
 * recordInstallationHistory = false
 * IP address whitelisting is disabled if no elements are specified below the `<Whitelist>` element or if the element is omited.
+* access token is not specified and service can be used without `Authorization` HTTP header
 
 When `recordInstallationHistory` has been set to true packages should follow the naming conventions set out below:
 
@@ -219,6 +220,15 @@ For example:
 
     02-HomePage.zip
 
+### Tocken based security
+
+Service can be protected by secure access token. Every request without correct access token in its header will get `401 Unauthorized` HTTP error code.
+
+Token transmition: 
+
+    `curl -i -H "Authorization: Bearer some-key" https://mysite/services/about`
+
+
 ### Tools
 
 POSTMAN is a powerful HTTP client that runs as a Chrome browser extension and greatly helps with testing test REST web services. Find out more <http://www.getpostman.com/> 

From 32e7464f2e76a53ce0038962e8083e62f6c1ef22 Mon Sep 17 00:00:00 2001
From: Dmitry Harnitski <dmitry@brainjocks.com>
Date: Fri, 8 May 2015 13:40:17 -0400
Subject: [PATCH 5/6] fix for documentation markup

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index ff4cde4..595f4da 100644
--- a/README.md
+++ b/README.md
@@ -226,7 +226,7 @@ Service can be protected by secure access token. Every request without correct a
 
 Token transmition: 
 
-    `curl -i -H "Authorization: Bearer some-key" https://mysite/services/about`
+    curl -i -H "Authorization: Bearer some-key" https://mysite/services/about	
 
 
 ### Tools

From 7967676c823f58f285572f2c91faaf94e15b3cd8 Mon Sep 17 00:00:00 2001
From: Dmitry Harnitski <dmitry@brainjocks.com>
Date: Fri, 8 May 2015 14:01:15 -0400
Subject: [PATCH 6/6] documentation - add message regarding to importance of
 HTTPS

---
 README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 595f4da..3ecdfd6 100644
--- a/README.md
+++ b/README.md
@@ -220,10 +220,12 @@ For example:
 
     02-HomePage.zip
 
-### Tocken based security
+### Token based security
 
 Service can be protected by secure access token. Every request without correct access token in its header will get `401 Unauthorized` HTTP error code.
 
+**Important:** Token cannot protect your service without transport level security. Do not forget to use `https` when you call APIs. 
+
 Token transmition: 
 
     curl -i -H "Authorization: Bearer some-key" https://mysite/services/about