public void Only_Word_Owner_Can_Delete_Single_Word() { // Get a word Id to remove var wordId = 1; // Spoof an authenticated user by generating a ClaimsPrincipal var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.NameIdentifier, "FIREBASE_USER2"), }, "TestAuthentication")); // Spoof UserController var controller = new WordController(_fakeUserRepo.Object, _fakeWordRepo.Object); controller.ControllerContext = new ControllerContext(); // Required to create the controller controller.ControllerContext.HttpContext = new DefaultHttpContext { User = user }; // Pretend the user is making a request to the controller // Attempt to Get single word var response = controller.DeleteSingleWord(wordId); // Returns Ok Assert.IsType <BadRequestResult>(response); _fakeWordRepo.Verify(r => r.DeleteSingleWord(It.IsAny <Word>()), Times.Never()); }