public void ApiAuthorizeAttributeReturns401()
{
var httpContext = new Mock <HttpContextBase>();
httpContext.SetupGet(c => c.Items).Returns(new Dictionary <object, object> {
{ "owin.Environment", new Dictionary <string, object>() }
});
httpContext.SetupGet(c => c.User.Identity.IsAuthenticated).Returns(false);
var actionDescriptor = new Mock <ActionDescriptor>();
var controllerDescriptor = new Mock <ControllerDescriptor>();
actionDescriptor.Setup(c => c.ControllerDescriptor).Returns(controllerDescriptor.Object);
var mockAuthContext = new Mock <AuthorizationContext>(MockBehavior.Strict);
mockAuthContext.SetupGet(c => c.ActionDescriptor).Returns(actionDescriptor.Object);
mockAuthContext.SetupGet(c => c.HttpContext).Returns(httpContext.Object);
mockAuthContext.SetupGet(c => c.Controller).Returns((Controller)null);
var context = mockAuthContext.Object;
var attribute = new ApiAuthorizeAttribute();
// Act
attribute.OnAuthorization(context);
var owinContext = context.HttpContext.GetOwinContext();
// Assert
Assert.IsType <HttpUnauthorizedResult>(context.Result);
Assert.Equal(401, owinContext.Response.StatusCode);
Assert.Equal(AuthenticationTypes.ApiKey, owinContext.Authentication.AuthenticationResponseChallenge.AuthenticationTypes[0]);
}
public void ApiAuthorizeAttributeReturns401()
{
var httpContext = new Mock<HttpContextBase>();
httpContext.SetupGet(c => c.Items).Returns(new Dictionary<object, object> { { "owin.Environment", new Dictionary<string, object>() } });
httpContext.SetupGet(c => c.User.Identity.IsAuthenticated).Returns(false);
var actionDescriptor = new Mock<ActionDescriptor>();
var controllerDescriptor = new Mock<ControllerDescriptor>();
actionDescriptor.Setup(c => c.ControllerDescriptor).Returns(controllerDescriptor.Object);
var mockAuthContext = new Mock<AuthorizationContext>(MockBehavior.Strict);
mockAuthContext.SetupGet(c => c.ActionDescriptor).Returns(actionDescriptor.Object);
mockAuthContext.SetupGet(c => c.HttpContext).Returns(httpContext.Object);
mockAuthContext.SetupGet(c => c.Controller).Returns((Controller)null);
var context = mockAuthContext.Object;
var attribute = new ApiAuthorizeAttribute();
// Act
attribute.OnAuthorization(context);
var owinContext = context.HttpContext.GetOwinContext();
// Assert
Assert.IsType<HttpUnauthorizedResult>(context.Result);
Assert.Equal(401, owinContext.Response.StatusCode);
Assert.Equal(AuthenticationTypes.ApiKey, owinContext.Authentication.AuthenticationResponseChallenge.AuthenticationTypes[0]);
}
public void SucceedsForAuthenticatedUser()
{
var context = BuildAuthorizationContext(authenticated: true).Object;
var attribute = new ApiAuthorizeAttribute();
// Act
attribute.OnAuthorization(context);
var owinContext = context.HttpContext.GetOwinContext();
// Assert
Assert.Equal(200, owinContext.Response.StatusCode);
}
public void Returns401ForUnauthenticatedUser()
{
var context = BuildAuthorizationContext(authenticated: false).Object;
var attribute = new ApiAuthorizeAttribute();
// Act
attribute.OnAuthorization(context);
var owinContext = context.HttpContext.GetOwinContext();
// Assert
Assert.IsType <HttpUnauthorizedResult>(context.Result);
Assert.Equal(401, owinContext.Response.StatusCode);
Assert.Equal(AuthenticationTypes.ApiKey, owinContext.Authentication.AuthenticationResponseChallenge.AuthenticationTypes[0]);
}
