I've just moved to using OWIN\Katana for a web api project. It uses Windows Authentication. This seems to be working, but most of my integration tests have broken. They were previously just using an In-Memory HttpServer but I've changed to using Microsoft.Owin.Testing.TestServer. I've replaced something like this in my test setup:
var config = new HttpConfiguration { IncludeErrorDetailPolicy = IncludeErrorDetailPolicy.Always };
config.EnableQuerySupport();
Server = new HttpServer(config);
MyConfigClass.Configure(config);
WebApiConfig.Register(config);
with a simpler:
TestServer = TestServer.Create<Startup>();
But whereas previously I could just put the following to "fake" authentication with the in-memory server:
Thread.CurrentPrincipal = new ClientRolePrincipal(new HttpListenerBasicIdentity(Username, Password));
This now doesn't work. I get the following for all requests:
System.Exception : {"Message":"Authorization has been denied for this request."}
How do I Authenticate with the In-Memory OWIN test server or at least by-pass the authentication?
I've been able to workaround this in a way that I'm sure is sub-optimal, but will have to do until I come across a better solution or one of you fine folk tells me a better way to do this :) I've done it as follows:
In my Startup class I've added a CreateAuthFilter hook which we'll see later is used only in integration tests:
// Sample Startup class
public class Startup
{
public void Configuration(IAppBuilder app)
{
var config = new HttpConfiguration();
// Use CreateFilter Method to create Authorisation Filter - if not null add it
var authFilter = CreateAuthFilter();
if(authFilter != null)
config.Filters.Add(authFilter);
// Other configuration and middleware...
}
public static Func<IFilter> CreateAuthFilter = () => null;
}
Implemented an Authorization Filter which will only be used in Integration Tests:
public class TestAuthFilter : IAuthenticationFilter
{
static TestAuthFilter()
{
TestUserId = "TestDomain\\TestUser";
}
public bool AllowMultiple { get; private set; }
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
context.Principal = new ClientRolePrincipal(new HttpListenerBasicIdentity(TestUserId, "password")); ;
}
public static string TestUserId { get; set; }
public async Task ChallengeAsync(HttpAuthenticationChallengeContext context, CancellationToken cancellationToken)
{
}
}
In the SetUp code for my Integration Tests I inject the Test Authorization Filter:
Startup.CreateAuthFilter = () => new TestAuthFilter();
var TestServer = TestServer.Create<Startup>();
When needed in specific tests, I set the TestUserId to a known value, and other tests just seem to work because the Auth Filter is present:
TestAuthFilter.TestUserId = testUser.UserId;
I'm sharing this here incase it helps others out there, but please someone tell me a better way! At the very least I'm sure there's a better way to inject my Test Filter without including code in Startup... I just haven't thought of it.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 啃猪蹄的小仙女 的文章《Authentication with Microsoft.Owin.Testing.TestSer》','https://www.manongdao.com/article-558162.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}