Skip to content
/ Acheve.Owin.Testing.Security Public

NuGet package to manage authenticated requests in owin TestServer

License

Apache-2.0 license
2 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hbiarge/Acheve.Owin.Testing.Security

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
Acheve.Owin.Testing.Security
Acheve.Owin.Testing.Security
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 

Repository files navigation

Acheve.Owin.Testing.Security

Unit testing your WebApi controllers is not enougth to verify the correctness of your WebApi. Are the filters working? The correct status code is sent when that condition is reached? Is the user authorized to request that endpoint?

The NuGet package Microsoft.Owin.Testing allows you to create an in memory owin server that exposes an HttpCient to be able to send request to the server. All in memory, all in the same process. Fast. It's the best way to create integration test in your WebApi.

But when your WebApi requires authenticated request it could be a little more dificult...

What if you have an easy way to indicate the claims in the request?

This package implements an owin authentication middleware and several extension methods to easiy indicate the claims for authenticated calls to the WebApi.

In the TestServer startup class you shoud incude the authentication middleware:

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        app.UseTestServerAuthentication();

        var config = new HttpConfiguration();
        Sample.Api.WebApiConfiguration.Configure(config);
        app.UseWebApi(config);
    }
}

And in your tests you can use an HttpClient with default credentials or build the request with the server RequestBuilder and with the specified claims:

public class VauesWithDefaultUserTests : IDisposable
{
    private readonly TestServer _server;
    private readonly HttpClient _userHttpCient;

    public VauesWithDefaultUserTests()
    {
        _server = TestServer.Create<Startup>();
        _userHttpCient = _server.HttpClient
            .WithDefaultIdentity(Identities.User);
    }

    [Fact]
    public async Task WithHttpClientWithDefautIdentity()
    {
        var response = await _userHttpCient.GetAsync("api/values");

        response.EnsureSuccessStatusCode();
    }

    [Fact]
    public async Task WithRequestBuilder()
    {
        var response = await _server.CreateRequest("api/values")
            .WithIdentity(Identities.User)
            .GetAsync();

        response.EnsureSuccessStatusCode();
    }

    public void Dispose()
    {
        _server.Dispose();
        _userHttpCient.Dispose();
    }
}

Both methods (WithDefaultIdentity and WithIdentity) accept as the ony parameter an IEnumerabe<Claim> that should include the desired user claims in the request.

You can find a complete example in the samples directory.

About

NuGet package to manage authenticated requests in owin TestServer

Resources

Readme

License

Apache-2.0 license
Activity

Stars

2 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages