This post is for csAdvent organized and managed by Matt Groves. Thanks for including me for the second annual csAdvent calendar. If you want to follow all the great posts you can check the following #csadvent in twitter or checkout here.
I was under confusion, if I need to use the term as Integration Testing or Unit Testing so I left it to be generic as Testing. Recently I have been accepted as an Auth0 Ambassador.It is great program for people like me who are interested to speak at conferences and code camps , but are not able to do due to monetary difficulties. We all know that, not all companies would sponsor their employee travel expenses to speak. You can find the details of the program here.
I followed the steps mentioned in Auth0 documentation for the .Net Core API which I am using for this post. You can follow the steps to use Auth0 to perform authorization here.
In this sample I am using a simple controller which has Authorize attribute over two Get methods.
If I run the API now as expected I get 401- UnAuthorized error. We are now sure that wiring with Auth0 is perfect.
The most common practice to test, API is to use PostMan. You can find a recent post from Auth0 blog here explaining how to use PostMan to test your secure APIs.
Being a C# developer, I would prefer to use Visual Studio Tests or Xunit to develop integration test cases for .Net Core APIs. So as usual , I created a test project and added below test method, by adding reference to .Net Core API Project. I was surprised to know what happened after running the test.
I expected the above test to fail with UnAuthorized Exception. But the test completed with out exception. I understood later that, it is because the request to controller was not executed through ASP.Net Core Middleware. The Authorize attribute is enforced only when the request is made through Http.
So it was clear that, I had to run my tests using Http Client. I referred the following document which gave me an idea to test API using TestServer. We have to add appSettings.json to test project. Below are the contents of my configuration file which has the Auth0 domain and Api Identifier.
As per the microsoft documentation, I used TestServer to host the API. In order to use the above configuration, we need to add the configuration while hosting.
As part of the constructor I am creating the client which will be reused in my tests. RestClient is used to get the token from Auth0 and the same can be reused in subsequent tests. This way I am making only one call to fetch the token instead of fetching token in every tests.
The above tests use Http Client to execute the Http requests which pass through ASP.Net Core Middleware, making the Authorization attributes to work as expected.
TestMethod2 passes with UnAuthorized Http Exception as there is no access token sent as part of the request.
TestAuthorizedMethod performs Http Request by passing access token in request header making the test to pass as expected.
It is not recommended to use client Id and client Secret in code. We can make use of secrets in .Net Core to store them as User Secrets in Development and make use of Environment Variables for Production.
Happy Coding and Merry Christmas and Happy New Year to all.
References –
- https://docs.microsoft.com/en-us/dotnet/standard/microservices-architecture/multi-container-microservice-net-applications/test-aspnet-core-services-web-apps
- https://docs.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-2.2&tabs=windows
- https://auth0.com/docs/quickstart/backend/aspnet-core-webapi
baskarrao.wordpress.com 