File: AntiforgeryAuthTests.cs
Web Access
Project: src\src\Mvc\test\Mvc.FunctionalTests\Microsoft.AspNetCore.Mvc.FunctionalTests.csproj (Microsoft.AspNetCore.Mvc.FunctionalTests)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
 
using System.Net;
using System.Net.Http;
using System.Reflection;
using Microsoft.AspNetCore.InternalTesting;
using SecurityWebSite;
using Xunit.Abstractions;
 
namespace Microsoft.AspNetCore.Mvc.FunctionalTests;
 
public class AntiforgeryAuthTests : LoggedTest
{
    protected override void Initialize(TestContext context, MethodInfo methodInfo, object[] testMethodArguments, ITestOutputHelper testOutputHelper)
    {
        base.Initialize(context, methodInfo, testMethodArguments, testOutputHelper);
        Factory = new MvcTestFixture<Startup>(LoggerFactory);
        Client = Factory.CreateDefaultClient();
    }
 
    public override void Dispose()
    {
        Factory.Dispose();
        base.Dispose();
    }
 
    public MvcTestFixture<Startup> Factory { get; private set; }
    public HttpClient Client { get; private set; }
 
    [Fact]
    public async Task AutomaticAuthenticationBeforeAntiforgery()
    {
        // Arrange & Act
        var response = await Client.PostAsync("http://localhost/Home/AutoAntiforgery", null);
 
        // Assert
        Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
        Assert.Equal("/Home/Login", response.Headers.Location.AbsolutePath, StringComparer.OrdinalIgnoreCase);
    }
 
    [Fact]
    public async Task AuthBeforeAntiforgery()
    {
        // Arrange & Act
        var response = await Client.GetAsync("http://localhost/Home/Antiforgery");
 
        // Assert
        // Redirected to login page, Antiforgery didn't fail yet
        Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
        Assert.Equal("/Home/Login", response.Headers.Location.AbsolutePath, StringComparer.OrdinalIgnoreCase);
    }
 
    [Fact]
    public async Task IgnoreAntiforgeryOverridesAutoAntiforgery()
    {
        // Arrange & Act
        var response = await Client.PostAsync("http://localhost/Antiforgery/Index", content: null);
 
        // Assert
        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
    }
 
    [Fact]
    public async Task AntiforgeryOverridesIgnoreAntiforgery()
    {
        // Arrange & Act
        var response = await Client.PostAsync("http://localhost/IgnoreAntiforgery/Index", content: null);
 
        // Assert
        Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
    }
}