Testing a controller method with JWT bearer token

Question

0.00/5 (No votes)

See more:

I need help with Mocking on Unit Tests.

I am trying to call a method in a WebApi Controller that has the Authorization attribute on it, for example

C#

[Authorize]
[HttpGet]
[ActionName("FineOutcome")]
[ProducesResponseType(typeof(Response), 200)]
[ProducesResponseType(401)]
public async Task<IActionResult> FineOutcome(string PCN, int ia)
{
  //Code Action here
}

The authorisation is handled by a JWT Bearer Token. Now I am trying to Test this method and can't / don't know how to mock or pass in the JWT bearer token.

What I have tried:

C#

var userMock = new Mock<IPrincipal>();
userMock.Setup(p => p.IsInRole("admin")).Returns(true);

var contextMock = new Mock<HttpContext>();
contextMock.Setup(x => x.User ).Returns(new ClaimsPrincipal());

controller.ControllerContext.HttpContext = contextMock.Object;
var outcome = controller.FineOutcome("513073/372796", 467);

but when I try to get execute the test it controller method complains that the user is blank. Can anyone give me a point in the right direction.

Links I've tried

c# - How to mock Controller.User using moq - Stack Overflow[^]
c# - Unit Testing a JWT Token with Web API - Stack Overflow[^]

Posted 21-Feb-19 3:48am

Simon_Whale

Updated 2-Oct-21 3:27am

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

F-ES Sitecore · Answer 1 · 2019-02-21T04:08:00

Unit tests are for testing your code and mocking is for replacing the parts of the functionality that are provided by third-parties that don't work in your testing environment (HttpContext being a good example, your unit tests are not running in the context of a web site), or that you need to control the outcomes from.

So long story short you trying to make the authorise attribute work is you testing the underlying asp.net framework, but you should assume that Microsoft have already tested that and that it works, so you should instead focus on testing your code.

If your code is getting the user from some form of httpcontext that that is your actual problem; getting back to what I've said above your unit tests should not rely on environmental things such as contexts, sessions, databases, networks etc, your tests need to run self-contained and in isolation. Change your code such that it gets the user via some sort of service class that you inject into the controller, and your unit test will then mock that service to provide a hard-coded user, however when the code is working on the real site the controller will have a proper user service injected that gets the user from the httpcontext, or wherever it currently gets it from.