Configuring Authentication in Functional testing in ASP.NET WEB API
WebAPI
18 Articles
In this article, let's learn about how to setup Authentication
in
Functional Test
in WebAPI
in ASP.NET Core.
Note: If you have not done so already, I recommend you read the article on Using WireMock.NET in Functional testing in ASP.NET WEB API.
Table of Contents
Introduction
In our previous article we saw how to use WireMock.NET
in functional test to validate HTTP calls. In this article,
we will see how to setup Authentication
and Authorization
in functional test in
WebAPI
in ASP.NET Core step by step. We will be using the same project that we used in our previous article.
The straight forward way to enable Authentication
and Authorization
in
Web API is to add UseAuthentication()
middleware and decorate necessary endpoints
with [Authorize]
attribute.
Code Sample - Configure Authentication in Web API
Now we need to decorate the endpoints with [Authorize]
attribute as shown below.
Now if we run our tests, all our tests will fail with 401 UnAuthorized
as shown below.
Lets quickly verify if we are getting 401 UnAuthorized
from swagger. Here is the swagger response from the
WeatherForecast
endpoint.
Setup Authentication
Setting up Authentication
in Functional Test
is a bit tricky as it cannot be
mocked like unit tests. But here is plan as per official documentation.
Let's start with Empty
AuthClaimsProvider
.Code Sample - Empty Auth Claims Provider to be used in Functional Test Authentication
Next, we need to add
AuthenticationHandler
.Code Sample - Configure Test Auth Handler for ASP.NET WEB API Functional Test
When application is started in test host add new authentication scheme (let's call it
Test
).Code Sample - Register Test Authentication Scheme in Custom Web Application Factory
Configure authentication scheme to use custom authentication handler (
TestAuthHandler
) that creates fake identity for integration tests. This handler creates fake user whenHandleAuthenticateAsync()
is called. We don't need any additional hacks to make ASP.NET Core application use this fake identity. Our integration test needs also some changes because of authentication handler.
That's it now if we run our tests, it should pass. Here is the output of the test after adding the above code.
Setup Authorization
So far so good. Now the problem with the above TestHandler
is that it provides static set of claims for all the
tests. This will not be the case in real world applications. The handler provides web application with static set of claims. No matter what is the
request claims are always the same. This way it is not possible to test application with different users and roles. We need to validate
Authorization
for endpoints which require different set of claims. So we need to configure claims for each test. Here is the plan.
To make test authentication handler support different user accounts I extended claims provider. This is the
class
that carries given set ofclaims
to test authentication provider. I added also some static methods to return already initialized provider with set of claims specific for role likeGuest
andAdmin
.Code Sample - Configuring Claims in ASP.NET WEB API Functional Test
Now we need to add extension method to create
HttpClient
with requiredClaims
. This method will be used in tests to createHttpClient
with required claims. The code for that is shown below.Code Sample - Extension Method to create HttpClient with Claims
That's it. Now we can use the above code to configure claims
and roles
for
each test. Let's try to test both Guest
and Admin
role.
Now lets try to test the Admin
role on GetWeatherForecastFromDatabase
endpoint. For this we need to use the extension method to create HttpClient
with Admin
claims.
Code Sample - Running WEB API Functional Test with Admin Role
Thats it. We are done with setup. Now the tests will run in the following flow.
- Start Test Method.
- Create WebApplicationFactory.
- Run Program.cs.
- Add Default Authentication.
- Service Registration.
- Build Web Application.
- Create HTTP Client with required Claims.
- Test Code Execution.
Now lets run the test and see the result.
We can do the same for Guest Claims
for another test.
Summary
In this article, we learnt about how to setup Authentication
and Authorization
in Functional Test
in WebAPI
in ASP.NET Core. We learnt how to setup
Test Authentication Handler
and Test Scheme
and also learnt how to inject
different users and claims in runtime. The complete source code for this article can be found here.
With this we are completing the series on Functional Testing in ASP.NET WebAPI
. I'm happy to share my knowledge
on functional testing. Hope you enjoyed reading it.