public ActionResult Login(LoginForm form) { if (form.Username == "admin" && form.Password == "admin") { FormsAuthentication.SetAuthCookie("admin", false); return Redirect("/app"); } return Redirect("/"); }
protected override void Test() { Application.Execute(browser => { const string Username = "******"; var form = new LoginForm { Username = Username, Password = "******" }; var view = new PartialViewContext("_LoginForm").SetAnonymousPrincipal(); var response = browser.Render(view, form).Submit(); response.ShouldHaveTemporarilyRedirectTo("/app"); response.ShouldHaveCookie(FormsAuthentication.FormsCookieName); }); }
protected override void Test() { Application.Execute(browser => { const string Username = "******"; var form = new LoginForm { Username = Username, Password = "******" }; var view = new PartialViewContext("_LoginForm"); view.SetFormsAuthPrincipal("invalid"); // simulate invalid anti-forgery request token. // Obviously the MVC application should handle this more gracefully, this is just an example. var exception = Assert.Throws<CrowbarException>(() => browser.Render(view, form).Submit()); Assert.That(exception.InnerException, Is.TypeOf<HttpAntiForgeryException>()); }); }
protected override void Test() { Application.Execute(browser => { var form = new LoginForm { Username = "******", Password = "******" }; var response = browser.Render("_LoginForm", form).Submit(); response.ShouldHaveTemporarilyRedirectTo("/"); }); }