public async Task AuthorizedRoute_WithCertificateAuthenticationViaConfiguration_ShouldFailWithUnauthorized_WhenAnyClientCertificateValidationDoesntSucceeds(
string subjectValue,
string issuerValue,
bool expected)
{
// Arrange
const string subjectKey = "subject", issuerKey = "issuer";
_testServer.AddConfigKeyValue(subjectKey, "CN=known-subject");
_testServer.AddConfigKeyValue(issuerKey, "CN=known-issuername");
_testServer.AddService(
new CertificateAuthenticationValidator(
new CertificateAuthenticationConfigBuilder()
.WithSubject(X509ValidationLocation.Configuration, subjectKey)
.WithIssuer(X509ValidationLocation.Configuration, issuerKey)
.Build()));
_testServer.AddFilter(new CertificateAuthenticationFilter());
using (X509Certificate2 clientCertificate = SelfSignedCertificate.CreateWithIssuerAndSubjectName(issuerValue, subjectValue))
{
_testServer.SetClientCertificate(clientCertificate);
using (HttpClient client = _testServer.CreateClient())
{
var request = new HttpRequestMessage(
HttpMethod.Get,
NoneAuthenticationController.Route);
// Act
using (HttpResponseMessage response = await client.SendAsync(request))
{
// Assert
Assert.True(
(HttpStatusCode.Unauthorized == response.StatusCode) == expected,
$"Response HTTP status code {(expected ? "should" : "shouldn't")} be 'Unauthorized' but was '{response.StatusCode}'");
}
}
}
}
