堆栈内存溢出
  简体   繁体   English

集成测试使用IdentityServer3的承载身份验证的ASP.NET WebAPI控制器

[英]Integration testing ASP.NET WebAPI controllers that use bearer authentication with identityserver3

 原文  2016-06-29 09:17:10       c#/ asp.net-web-api/ owin/ identityserver3

问题描述

I'm trying to integration test my web api controllers. 我正在尝试集成测试我的Web api控制器。 The application uses JWTs to authenticate users against the resource server. 该应用程序使用JWT来针对资源服务器对用户进行身份验证。

To spool up the application, I'm using the TestServer found in Microsoft.OWIN.Testing. 为了后台处理该应用程序,我使用了Microsoft.OWIN.Testing中找到的TestServer。

I can obtain a valid JWT by performing a login as a browser would do. 我可以通过执行登录来获得有效的JWT,就像浏览器一样。 I then proceed to add the JWT to the request as follows: 然后,我将JWT添加到请求中,如下所示: 

request.AddHeader("Authorization", "Bearer " + accessToken.RawData);

That header also arrives in the OWIN pipeline. 该标头也到达OWIN管道中。 However, all controllers protected with the [Authorize] -attribute return 401 Unauthorized when invoked. 但是,被[Authorize] -attribute保护的所有控制器在被调用时都返回401 Unauthorized

The API is protected using IdentityServer3 by Thinktecture, the relevant section looks like this: 该API使用Thinktecture的IdentityServer3保护,相关部分如下所示: 

var authority = "http://localhost:8080/idsrv/";
var parameters = new TokenValidationParameters() { ValidAudiences = new[] { "implicitclient" } };

var options = new IdentityServerBearerTokenAuthenticationOptions
                    {
                        Authority = authority, 
                        TokenValidationParameters = parameters
                    };

app.UseIdentityServerBearerTokenAuthentication(options);

var configuration = new WebApiConfiguration(this.container);
configuration.Configuration(app);

I don't really know where to look for any pointers to the problem, so any help is appreciated. 我真的不知道在哪里可以找到该问题的任何指针,因此可以提供任何帮助。

1 个解决方案

解决方案1
 3 已采纳  2016-06-30 06:57:39

Do you want to really test with the token middleware? 您是否真的要使用令牌中间件进行测试? I mean - you are not testing the token middleware itself - but the controller logic based on certain authentication outcomes. 我的意思是-您不是在测试令牌中间件本身-而是基于某些身份验证结果的控制器逻辑。

Just write a small inline middleware that sets Context.Authentication.User to some ClaimsPrincipal you want to test with. 只需编写一个小型内联中间件,即可将Context.Authentication.User设置为您要测试的某些ClaimsPrincipal。

app.Use(async (ctx, next) => { ctx.Authentication.User = somePrincipal; await next() };

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 通过angular2中的IdentityServer3进行身份验证,并从asp.net mvc4访问webapi - Authentication via IdentityServer3 in angular2 and access to webapi from asp.net mvc4 ASP.Net MVC IdentityServer3破坏了我的webapi路由 - ASP.Net MVC IdentityServer3 broke my webapi routing 如何将 IdentityServer Bearer Token Authentication 从 asp.net 迁移到 .net core 3.1 - How to migrate IdentityServer Bearer Token Authentication from asp.net to .net core 3.1 将 ASP.NET 角色授权与 IdentityServer3 隐式流结合使用 - Using ASP.NET Role Authorisation with IdentityServer3 implicit flow ASP.NET Core 3.1 MVC AddOpenIDConnect 与 IdentityServer3 - ASP.NET Core 3.1 MVC AddOpenIDConnect with IdentityServer3 未使用IdentityServer3承载令牌调用We​​bAPI授权属性 - WebAPI Authorization Attribute not being called with IdentityServer3 Bearer Token 集成测试C#WebAPI asp.NET Framework 4.6.1 - Integration testing C# WebAPI asp.NET Framework 4.6.1 在 ASP.NET WebAPI 中检索不记名令牌 - Retrieve bearer token in ASP.NET WebAPI 集成测试asp.net核心与身份验证提供程序 - Integration testing an asp.net core with authentication providers ASP.NET Core 中的承载令牌身份验证 - Bearer Token Authentication in ASP.NET Core
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM