【发布时间】:2015-05-22 09:30:51
【问题描述】:
我正在尝试测试我的自定义AuthorizeAttribute,但无论IsAuthenticated 如何,基类的IsAuthorized 方法总是返回false。让我给你看一些代码(为简洁起见,省略了一些部分):
授权属性
public class UserAuthorizeAttribute : System.Web.Http.AuthorizeAttribute
{
protected override bool IsAuthorized(HttpActionContext actionContext)
{
if (!base.IsAuthorized(actionContext)) // always returns false
return false;
//... not important user permission check
return true;
}
}
GetPrincipal 方法模拟 IPrincipal
public static IPrincipal GetPrincipal()
{
var user = new Mock<IPrincipal>();
var identity = new Mock<IIdentity>();
identity.Setup(x => x.Name).Returns("Superman");
identity.Setup(p => p.IsAuthenticated).Returns(true);
user.Setup(x => x.Identity).Returns(identity.Object);
Thread.CurrentPrincipal = user.Object;
return user.Object;
}
测试方法
[TestMethod]
public void Test()
{
HttpActionContext actionContext = ContextUtil.CreateActionContext();
var attribute = new UserAuthorizeAttribute();
IPrincipal user = Thread.CurrentPrincipal;
// yep, this passes
Assert.IsTrue(user.Identity.IsAuthenticated, "Superman is not authenticated");
attribute.OnAuthorization(actionContext);
}
根据属性的source code,它应该只检查Thread.CurrentPrincipal.Identity.IsAuthenticated,因为我没有专门分配任何用户或角色。任何线索我在这里错过了什么?
【问题讨论】:
标签: c# unit-testing asp.net-web-api