Azure-Samples/active-directory-dotnet-webapp-openidconnect

Integration testing

Closed this issue · 1 comments

bdebaere commented

I'm trying to get an integration test going for an API with authentication. Because some API functions call other API's on behalf of the user and this allows us to test everything before publishing.

The problem is I keep getting a 302 redirect even though I pass the token in the header. I'm not familiar with OpenID so perhaps I'm filling in the wrong header(s)? I've pretty much copy pasted the Startup from the sample. Can you please point me in the right direction?

FYI everything works without the AuthorizeAttribute on my controller.

    public class Startup
    {
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    	{
    	    app.UseAuthentication();
    	}
    	
    	public void ConfigureServices(IServiceCollection services)
    	{
            services.AddAuthentication(sharedOptions =>
                {
                    sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                    sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
                })
                .AddOpenIdConnect(options =>
                {
                    options.Authority = "hidden";
                    options.ClientId = "hidden";
                    options.CallbackPath = "/signin-oidc";
                    options.RequireHttpsMetadata = false;
                    options.UseTokenLifetime = true;
                })
                .AddCookie();
    	}
    }
    
    [TestClass]
    public class Tests
    {
        [TestMethod]
    	public void Test()
    	{
    	    // Get access token for API.
    	    var httpClient = new HttpClient();
			var formContent = new FormUrlEncodedContent(new[]
                {
                    new KeyValuePair<string, string>("resource", "hidden"),
                    new KeyValuePair<string, string>("client_secret", "hidden"),
                    new KeyValuePair<string, string>("username", "hidden"),
                    new KeyValuePair<string, string>("password", "hidden"),
                    new KeyValuePair<string, string>("client_id", "hidden"),
                    new KeyValuePair<string, string>("grant_type", "password")
                })
    		var result = httpClient.PostAsync(new Uri("https://login.microsoftonline.com/hidden.onmicrosoft.com/oauth2/token", formContent).Result;
    		var content = result.Content.ReadAsStringAsync().Result;
    		var accessToken = JObject.Parse(content)["access_token"].ToString();
    		
    		// Create client calling the API.
            var builder = new WebHostBuilder()
                .UseStartup<Startup>();
            var testServer = new TestServer(builder);
    
            var client = testServer.CreateClient();
            client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accToken);
            var response = client.GetAsync("/hidden").Result; // Receiving a 302 redirect
            var content = response.Content.ReadAsStringAsync().Result;
    
            Console.WriteLine(content);
    
            Assert.IsTrue(response.IsSuccessStatusCode);
    	}
    }