Skip to content

Simple way to faked an authenticated user for integration test with ASP.Net Core framework

License

Notifications You must be signed in to change notification settings

GestionSystemesTelecom/fake-authentication-jwtbearer

Repository files navigation

Fake Authentication Jwt Bearer for .NET

Build status

This code allow to fake a Jwt Bearer and build integration test for ASP.Net Core application.
By this way we can fake any authentication we need, without the need to really authenticate a user.
This code is based on Microsoft.AspNetCore.Authentication.JwtBearer.

If You need it for ASP.NET Core 1, check Tag 1.0.4

If You need it for ASP.NET Core 2.1, check Tag 2.1.2

If You need it for ASP.NET Core 3.1, check Tag 3.0.0

If You need it for ASP.NET Core 6.0, check Tag 6.0.0

If You need it for ASP.NET Core 6.0, check Tag 7.0.2

How to install it?

First add this package to your Nuget configuration file : GST.Fake.Authentication.JwtBearer.

Let's imagine we are coding integration tests in the project MyApp.TestsIntegration.

This is the tree of the global solution:

+--src
| +---MyApp
| +---SecondApp
+---test
| +---MyApp.Tests
| +---MyApp.TestsIntegration

My integration test are based on this tutorial Introduction to integration testing with xUnit and TestServer in ASP.NET Core.
So I have a TestFixture.cs file where I can extend configurations made in the Startup.cs file.

In the class TestFixture.cs we have to extend the configuration of our Startup.
You have to disable you original AddJwtBearer in your Startup.cs, because the AddFakeJwtBearer doesno't overload the original.

public class TestFixture<TStartup> : IDisposable where TStartup : class
{
    public TestFixture()
    {
    // ...

    // We must configure the realpath of the targeted project
    string appRootPath = Path.GetFullPath(Path.Combine(
                    PlatformServices.Default.Application.ApplicationBasePath
                    , "..", "..", "..", "..", "..", "..", "src", baseNamespace));

    var builder = new WebHostBuilder()
      .UseContentRoot(appRootPath)
      .UseStartup<TStartup>()
      .UseEnvironment("Test")
      .ConfigureServices(x =>
      {
          // Here we add our new configuration
          x.AddAuthentication(options =>
           {
                options.DefaultScheme = FakeJwtBearerDefaults.AuthenticationScheme;
                options.DefaultAuthenticateScheme = FakeJwtBearerDefaults.AuthenticationScheme;
           	options.DefaultChallengeScheme = FakeJwtBearerDefaults.AuthenticationScheme;
           }).AddFakeJwtBearer();
      });
      // ...
    }
}

How to use it?

Now all the things are tied up, how to faked a user?

I've defined tree methods :

  • A token with a custom object
  • A token with a Username
  • A token with a Username and some roles

Let see that in a real world example.

 using GST.Fake.Authentication.JwtBearer;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
 using System;
 using System.Collections.Generic;
 using System.Net.Http;
 using System.Text;
 using Xunit;

 namespace MyApp.TestsIntegration
 {
     public class SomeWeirdTest : IClassFixture<TestFixture<MyApp.Startup>>
     {
         private TestFixture<MyApp.Startup> fixture;

         public SomeWeirdTest(TestFixtureMyApp.Startup> _fixture)
         {
             fixture = _fixture;
             // Create a token with a Username and two roles
             fixture.Client.SetFakeBearerToken("admin", new[] { "ROLE_ADMIN", "ROLE_GENTLEMAN" });
         }

         [Fact]
         public void testCallPrivateAPI()
         {
             // We call a private API with a full authenticated user (admin)
             var response = fixture.Client.GetAsync("/api/my-account").Result;
             Assert.True(response.IsSuccessStatusCode);
         }

		 
         [Fact]
         public void testCallPrivate2API()
         {
		 dynamic data = new System.Dynamic.ExpandoObject();
            data.organism = "ACME";
            data.thing = "more things";
            fixture.Client.SetFakeBearerToken("SUperUserName", new[] { "Role1", "Role2" }, (object)data);

            // We call a private API with a full authenticated user (admin)
            var response = fixture.Client.GetAsync("/api/my-account").Result;
            Assert.True(response.IsSuccessStatusCode);
         }
     }
 }

Create Nuget Package

dotnet build src/GST.Fake.Authentication.JwtBearer/GST.Fake.Authentication.JwtBearer.csproj --configuration Release --framework net9.0 --force
dotnet pack src/GST.Fake.Authentication.JwtBearer/GST.Fake.Authentication.JwtBearer.csproj --configuration Release --include-source --include-symbols --output ../../nupkgs
dotnet nuget push src/GST.Fake.Authentication.JwtBearer/bin/Release/GST.Fake.Authentication.JwtBearer.[VERSION].nupkg -s https://api.nuget.org/v3/index.json -k [API-KEY]

About

Simple way to faked an authenticated user for integration test with ASP.Net Core framework

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages