堆栈内存溢出
  简体   繁体   English

对使用 [Authorize] 属性修饰的控制器进行集成测试

[英]Integration test on controller decorated with [Authorize] attribute

 原文  2017-04-03 12:51:35       c#/ asp.net/ asp.net-core/ integration-testing/ bearer-token

问题描述

My application is an ASP.NET Core 1.0 Web API.我的应用程序是一个 ASP.NET Core 1.0 Web API。

How do I test a controller which is decorated with the Authorize attribute?如何测试使用Authorize属性修饰的控制器?

For example, with this controller and test method:例如,使用此控制器和测试方法:

[TestMethod]
public void GetSomeDataTest()
{
   var controller = new MyController();
   Assert.AreEqual(controller.GetSomeData(), "Test");
}

[Authorize]
public ActionResult GetSomeData()
{
   return this.Content("Test");
}

This is just an example code to make it possible for you guys to answer.这只是一个示例代码,让你们可以回答。 I am actually invoking the Controller via a TestServer object.我实际上是通过TestServer对象调用Controller

This has already been asked but the accepted answer doesn't work anymore.已经被问到,但接受的答案不再有效。 Any suggestions how I could "fake" the users' authenticity?任何建议我如何“伪造”用户的真实性?

2 个解决方案

解决方案1
 5 已采纳  2017-04-03 13:01:34

You could set a claim principle to the current thread您可以为当前线程设置声明原则

[TestInitialize]
public void Initialize()
{
    var claims = new List<Claim>() 
    { 
        new Claim(ClaimTypes.Name, "UserName"),
        new Claim(ClaimTypes.Role, "Admin")
    };
    var identity = new ClaimsIdentity(claims, "TestAuth");
    var claimsPrincipal = new ClaimsPrincipal(identity);
    Thread.CurrentPrincipal = claimsPrincipal;
}

For .NET Core, you could set the user to the controller context对于 .NET Core,您可以将用户设置为控制器上下文

private MyController _ctrl;

[TestInitialize]
public void Initialize()
{
    var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[]
    {
         new Claim(ClaimTypes.Name, "UserName"),
         new Claim(ClaimTypes.Role, "Admin")
    }));

    _ctrl = new MyController();
    _ctrl.ControllerContext = new ControllerContext()
    {
        HttpContext = new DefaultHttpContext() { User = user }
    };
}

[TestMethod]
public void GetSomeDataTest()
{
    Assert.AreEqual(_ctrl.GetSomeData(), "Test");
}

解决方案2
 -2  2017-04-03 12:55:06

Well, you are not actually invoking the controller.好吧,您实际上并没有调用控制器。 Rather, you are running a mock test and thus nothing is happening in the conventional way like the ASP.NET engine handling your request -- request passing through HTTP pipeline (thus authorization module).相反,您正在运行模拟测试,因此没有像 ASP.NET 引擎处理您的请求那样以传统方式发生任何事情——请求通过 HTTP 管道(因此是授权模块)传递。

So while testing, you should only concentrate on the internal logic of the controller action method instead of that Authorize attribute because, in your unit test method, no authentication / authorization will take place.因此,在测试时,您应该只关注控制器操作方法的内部逻辑而不是Authorize属性,因为在您的单元测试方法中,不会发生身份验证/授权。 You will setup mock and call the controller action method like any other method.您将设置模拟并像任何其他方法一样调用控制器操作方法。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 用Authorize属性修饰的单元测试操作 - unit test actions decorated with Authorize attribute 如何使用Authorize属性为控制器操作编写失败的单元测试用例 - How to write failed unit test case for controller actions with Authorize attribute c#WebApi如果使用具有特定参数的授权属性修饰控制器操作,如何进行单元测试 - c# WebApi how to unit test if a controller action is decorated with an authorization attribute with specific arguments 使用[授权]集成测试Web Api - Integration Test Web Api With [Authorize] 如何有效地测试动作是否用属性(AuthorizeAttribute)装饰? - How to efficiently test if action is decorated with an attribute (AuthorizeAttribute)? 具有Authorize属性的控制器被调用两次 - Controller with Authorize attribute is called twice 动态添加角色以授权控制器的属性 - Dynamically add roles to authorize attribute for controller MVC MSpec测试未达到[Authorize]属性 - MVC MSpec test not hitting [Authorize] attribute 填充用属性装饰的属性 - Populate properties decorated with an attribute 我无法用自定义授权属性装饰整个Controller - I can't decorate whole Controller with my Custom Authorize Attribute
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM