protected override void Test() { Application.Execute(browser => { const string Username = "******"; var form = new LoginForm { Username = Username, Password = "******" }; var view = new PartialViewContext("_LoginForm").SetAnonymousPrincipal(); var response = browser.Render(view, form).Submit(); response.ShouldHaveTemporarilyRedirectTo("/app"); response.ShouldHaveCookie(FormsAuthentication.FormsCookieName); }); }
protected override void Test() { Application.Execute((browser, context) => { const string Username = "******"; const string Password = "******"; // Save user to database. context.User(Username, Password); var form = new LoginForm { Username = Username, Password = Password }; var view = new PartialViewContext("_LoginForm"); view.SetFormsAuthPrincipal("invalid"); // simulate invalid anti-forgery request token. // Obviously the MVC application should handle this more gracefully, this is just an example. var exception = Assert.Throws<CrowbarException>(() => browser.Render(view, form).Submit()); Assert.That(exception.InnerException, Is.TypeOf<HttpAntiForgeryException>()); }); }