public async Task AuthorizedRoute_WithCertificateAuthenticationViaConfiguration_ShouldFailWithUnauthorized_WhenAnyClientCertificateValidationDoesntSucceeds( string subjectValue, string issuerValue, bool expected) { // Arrange const string subjectKey = "subject", issuerKey = "issuer"; _testServer.AddConfigKeyValue(subjectKey, "CN=known-subject"); _testServer.AddConfigKeyValue(issuerKey, "CN=known-issuername"); _testServer.AddService( new CertificateAuthenticationValidator( new CertificateAuthenticationConfigBuilder() .WithSubject(X509ValidationLocation.Configuration, subjectKey) .WithIssuer(X509ValidationLocation.Configuration, issuerKey) .Build())); _testServer.AddFilter(new CertificateAuthenticationFilter()); using (X509Certificate2 clientCertificate = SelfSignedCertificate.CreateWithIssuerAndSubjectName(issuerValue, subjectValue)) { _testServer.SetClientCertificate(clientCertificate); using (HttpClient client = _testServer.CreateClient()) { var request = new HttpRequestMessage( HttpMethod.Get, NoneAuthenticationController.Route); // Act using (HttpResponseMessage response = await client.SendAsync(request)) { // Assert Assert.True( (HttpStatusCode.Unauthorized == response.StatusCode) == expected, $"Response HTTP status code {(expected ? "should" : "shouldn't")} be 'Unauthorized' but was '{response.StatusCode}'"); } } } }