public void OnAuthorization_IfControllerDescriptorIsMarkedWithAllowAnonymousAttribute_DoesNotShortCircuitResponse()
{
_controllerDescriptorMock.Setup(ad => ad.GetCustomAttributes <AllowAnonymousAttribute>()).Returns(_allowAnonymousAttributeCollection);
Mock <MockableAuthorizeAttribute> authorizeAttributeMock = new Mock <MockableAuthorizeAttribute>()
{
CallBase = true
};
AuthorizeAttribute attribute = authorizeAttributeMock.Object;
attribute.OnAuthorization(_actionContext);
Assert.Null(_actionContext.Response);
}
public void OnAuthorization_IfRequestNotAuthorized_CallsHandleUnauthorizedRequest()
{
Mock <MockableAuthorizeAttribute> authorizeAttributeMock = new Mock <MockableAuthorizeAttribute>()
{
CallBase = true
};
_principalMock.Setup(p => p.Identity.IsAuthenticated).Returns(false);
authorizeAttributeMock.Setup(a => a.HandleUnauthorizedRequestPublic(_actionContext)).Verifiable();
AuthorizeAttribute attribute = authorizeAttributeMock.Object;
attribute.OnAuthorization(_actionContext);
authorizeAttributeMock.Verify();
}