public void NamespaceBasedAuthorization_MatchOnNamespace_ShouldThrowNoExceptions()
        {
            //Arrange
            var strategy = new NamespaceBasedAuthorizationStrategy();

            var claims = new List <Claim>
            {
                new Claim(EdFiOdsApiClaimTypes.NamespacePrefix, @"uri://ed-fi.org/"),
                new Claim(EdFiOdsApiClaimTypes.NamespacePrefix, @"uri://ed-fi-2.org/")
            };

            ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(claims, EdFiAuthenticationTypes.OAuth));

            string resource = @"http://ed-fi.org/ods/identity/claims/academicSubjectDescriptor";
            string action   = @"http://ed-fi.org/ods/actions/manage";

            var data = new NamespaceBasedAuthorizationContextData
            {
                Namespace = @"uri://ed-fi.org/"
            };

            //Act
            strategy.GetAuthorizationStrategyFiltering(
                new List <Claim>(),
                new EdFiAuthorizationContext(new ApiKeyContext(), principal, new[] { resource }, action, data));

            //Assert
        }
        public void NamespaceBasedAuthorization_EmptyNamespaceClaim()
        {
            //Arrange
            var strategy = new NamespaceBasedAuthorizationStrategy();

            var claims = new List <Claim>
            {
                new Claim(EdFiOdsApiClaimTypes.NamespacePrefix, string.Empty),
                new Claim(EdFiOdsApiClaimTypes.NamespacePrefix, string.Empty)
            };

            ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(claims, EdFiAuthenticationTypes.OAuth));

            string resource = @"http://ed-fi.org/ods/identity/claims/academicSubjectDescriptor";
            string action   = @"http://ed-fi.org/ods/actions/manage";

            var data = new NamespaceBasedAuthorizationContextData
            {
                Namespace = @"uri://ed-fi.org/"
            };

            //Act

            var exception = Assert.Throws <EdFiSecurityException>(
                () => strategy.GetAuthorizationStrategyFiltering(
                    new List <Claim>(), new EdFiAuthorizationContext(new ApiKeyContext(), principal, new[] { resource }, action, data)));

            exception.Message.ShouldBe(
                "Access to the resource could not be authorized because the caller did not have any NamespacePrefix claims ('"
                + EdFiOdsApiClaimTypes.NamespacePrefix + "') or the claim values were all empty.");

            //Assert
        }