Configuring Authentication in Functional testing in ASP.NET WEB API
WebAPI
19 Articles
In this article, let's learn about how to setup Authentication in Functional Test in WebAPI in ASP.NET Core.
Note: If you have not done so already, I recommend you read the article on Using WireMock.NET in Functional testing in ASP.NET WEB API.
Table of Contents
Introduction
In our previous article we saw how to use WireMock.NET in functional test to validate HTTP calls. In this article, we will see how to setup Authentication and Authorization in functional test in WebAPI in ASP.NET Core step by step. We will be using the same project that we used in our previous article.
The straight forward way to enable Authentication and Authorization in Web API is to add UseAuthentication() middleware and decorate necessary endpoints with [Authorize] attribute.
Code Sample - Configure Authentication in Web API
Now we need to decorate the endpoints with [Authorize] attribute as shown below.
Now if we run our tests, all our tests will fail with 401 UnAuthorized as shown below.
Lets quickly verify if we are getting 401 UnAuthorized from swagger. Here is the swagger response from the WeatherForecast endpoint.
Setup Authentication
Setting up Authentication in Functional Test is a bit tricky as it cannot be mocked like unit tests. But here is plan as per official documentation.
Let's start with Empty AuthClaimsProvider.
Code Sample - Empty Auth Claims Provider to be used in Functional Test Authentication
Next, we need to add AuthenticationHandler.
Code Sample - Configure Test Auth Handler for ASP.NET WEB API Functional Test
When application is started in test host add new authentication scheme (let's call it Test).
Code Sample - Register Test Authentication Scheme in Custom Web Application Factory
Configure authentication scheme to use custom authentication handler (TestAuthHandler) that creates fake identity for integration tests. This handler creates fake user when HandleAuthenticateAsync() is called. We don't need any additional hacks to make ASP.NET Core application use this fake identity. Our integration test needs also some changes because of authentication handler.
That's it now if we run our tests, it should pass. Here is the output of the test after adding the above code.
Setup Authorization
So far so good. Now the problem with the above TestHandler is that it provides static set of claims for all the tests. This will not be the case in real world applications. The handler provides web application with static set of claims. No matter what is the request claims are always the same. This way it is not possible to test application with different users and roles. We need to validate Authorization for endpoints which require different set of claims. So we need to configure claims for each test. Here is the plan.
To make test authentication handler support different user accounts I extended claims provider. This is the class that carries given set of claims to test authentication provider. I added also some static methods to return already initialized provider with set of claims specific for role like Guest and Admin.
Code Sample - Configuring Claims in ASP.NET WEB API Functional Test
Now we need to add extension method to create HttpClient with required Claims. This method will be used in tests to create HttpClient with required claims. The code for that is shown below.
Code Sample - Extension Method to create HttpClient with Claims
That's it. Now we can use the above code to configure claims and roles for each test. Let's try to test both Guest and Admin role.
Now lets try to test the Admin role on GetWeatherForecastFromDatabase endpoint. For this we need to use the extension method to create HttpClient with Admin claims.
Code Sample - Running WEB API Functional Test with Admin Role
Thats it. We are done with setup. Now the tests will run in the following flow.
- Start Test Method.
- Create WebApplicationFactory.
- Run Program.cs.
- Add Default Authentication.
- Service Registration.
- Build Web Application.
- Create HTTP Client with required Claims.
- Test Code Execution.
Now lets run the test and see the result.
We can do the same for Guest Claims for another test.
Summary
In this article, we learnt about how to setup Authentication and Authorization in Functional Test in WebAPI in ASP.NET Core. We learnt how to setup Test Authentication Handler and Test Scheme and also learnt how to inject different users and claims in runtime. The complete source code for this article can be found here. With this we are completing the series on Functional Testing in ASP.NET WebAPI. I'm happy to share my knowledge on functional testing. Hope you enjoyed reading it.