public void OnAuthorization_IfControllerDescriptorIsMarkedWithAllowAnonymousAttribute_DoesNotShortCircuitResponse()
        {
            _controllerDescriptorMock.Setup(ad => ad.GetCustomAttributes <AllowAnonymousAttribute>()).Returns(_allowAnonymousAttributeCollection);
            Mock <MockableAuthorizeAttribute> authorizeAttributeMock = new Mock <MockableAuthorizeAttribute>()
            {
                CallBase = true
            };
            AuthorizeAttribute attribute = authorizeAttributeMock.Object;

            attribute.OnAuthorization(_actionContext);

            Assert.Null(_actionContext.Response);
        }
        public void OnAuthorization_IfRequestNotAuthorized_CallsHandleUnauthorizedRequest()
        {
            Mock <MockableAuthorizeAttribute> authorizeAttributeMock = new Mock <MockableAuthorizeAttribute>()
            {
                CallBase = true
            };

            _principalMock.Setup(p => p.Identity.IsAuthenticated).Returns(false);
            authorizeAttributeMock.Setup(a => a.HandleUnauthorizedRequestPublic(_actionContext)).Verifiable();
            AuthorizeAttribute attribute = authorizeAttributeMock.Object;

            attribute.OnAuthorization(_actionContext);

            authorizeAttributeMock.Verify();
        }