public async Task CreatePost_AsAnUnauthorizedUser_ShouldReturnForbid() { // Arrange var productServiceMock = new Mock <IProductService>(); var product = new Product(); productServiceMock.Setup(ps => ps.AddProductAsync(It.IsAny <Product>())); var authorizationServiceMock = CreateAuthorizationServiceMockThatDoesNotAuthorizeUser(); var mockUserStore = new Mock <IUserStore <IdentityUser> >(); var userManagerMock = new Mock <UserManager <IdentityUser> >(mockUserStore.Object, null, null, null, null, null, null, null, null); userManagerMock.Setup(um => um.GetUserId(It.IsAny <ClaimsPrincipal>())).Returns("ownerId"); var productsController = new ProductsController( productServiceMock.Object, authorizationServiceMock.Object, userManagerMock.Object ); // Act IActionResult actionResult = await productsController.CreatePost(product); // Assert actionResult.ShouldBeOfType <ForbidResult>(); }