public async Task AuthorizedRoute_WithCertificateAuthentication_ShouldFailWithUnauthorized_WhenClientCertificateSubjectNameDoesntMatch() { // Arrange string subjectKey = "subject", subjectValue = $"subject-{Guid.NewGuid()}"; _testServer.AddService <ISecretProvider>(new InMemorySecretProvider((subjectKey, subjectValue))); _testServer.AddService( new CertificateAuthenticationValidator( new CertificateAuthenticationConfigBuilder() .WithSubject(X509ValidationLocation.SecretProvider, subjectKey) .Build())); _testServer.AddFilter(new CertificateAuthenticationFilter()); using (X509Certificate2 clientCertificate = SelfSignedCertificate.CreateWithSubject("unrecognized-subject-name")) { _testServer.SetClientCertificate(clientCertificate); using (HttpClient client = _testServer.CreateClient()) { var request = new HttpRequestMessage( HttpMethod.Get, NoneAuthenticationController.Route); // Act using (HttpResponseMessage response = await client.SendAsync(request)) { // Arrange Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); } } } }