File: GlobalAuthorizationFilterTestBase.cs
Web Access
Project: src\src\Mvc\test\Mvc.FunctionalTests\Microsoft.AspNetCore.Mvc.FunctionalTests.csproj (Microsoft.AspNetCore.Mvc.FunctionalTests)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
 
using System.Net;
using System.Net.Http;
using System.Reflection;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.InternalTesting;
using Microsoft.AspNetCore.Mvc.Testing;
using Xunit.Abstractions;
 
namespace Microsoft.AspNetCore.Mvc.FunctionalTests;
 
public abstract class GlobalAuthorizationFilterTestBase<TStartup> : LoggedTest where TStartup : class
{
    protected override void Initialize(TestContext context, MethodInfo methodInfo, object[] testMethodArguments, ITestOutputHelper testOutputHelper)
    {
        base.Initialize(context, methodInfo, testMethodArguments, testOutputHelper);
        Factory = new MvcTestFixture<TStartup>(LoggerFactory).WithWebHostBuilder(ConfigureWebHostBuilder);
        Client = Factory.CreateDefaultClient();
    }
 
    public override void Dispose()
    {
        Factory.Dispose();
        base.Dispose();
    }
 
    public WebApplicationFactory<TStartup> Factory { get; private set; }
    public HttpClient Client { get; private set; }
 
    public virtual void ConfigureWebHostBuilder(IWebHostBuilder builder) { }
 
    [Fact]
    public virtual async Task DeniesAnonymousUsers_ByDefault()
    {
        // Arrange & Act
        var response = await Client.GetAsync("http://localhost/Administration/Index");
 
        // Assert
        Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
        Assert.NotNull(response.Headers.Location);
        Assert.Equal(
            "http://localhost/Home/Login?ReturnUrl=%2FAdministration%2FIndex",
            response.Headers.Location.ToString());
    }
 
    [Fact]
    public async Task AllowAnonymousUsers_ForActionsWithAllowAnonymousAttribute()
    {
        // Arrange & Act
        var response = await Client.GetAsync("http://localhost/Administration/AllowAnonymousAction");
 
        // Assert
        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
        var body = await response.Content.ReadAsStringAsync();
        Assert.Equal("Administration.AllowAnonymousAction", body);
    }
 
    [Fact]
    public async Task AuthorizationPoliciesCombine()
    {
        // Arrange & Act 1
        var response = await Client.PostAsync("http://localhost/Administration/SignInCookie2", null);
 
        // Assert 1
        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
        Assert.True(response.Headers.Contains("Set-Cookie"));
 
        // Arrange 2
        var cookie2 = response.Headers.GetValues("Set-Cookie").SingleOrDefault();
        var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/Administration/EitherCookie");
        request.Headers.Add("Cookie", cookie2);
 
        // Act 2: Will succeed because [Authorize] allows either cookie.
        response = await Client.SendAsync(request);
 
        // Assert 2
        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
        Assert.Null(response.Headers.Location);
    }
 
}