我搜索了网络,但找不到能解决我问题的网络。我在.NET Core中创建了基于自定义策略的授权
//Group.cs
public class Group
{
public string GroupType { get; set; }
public string GroupValue { get; set; }
}
//AuthorizeAdmin.cs
public class AuthorizeAdmin : AuthorizeAttribute
{
public AuthorizeAdmin() : base(AuthorizationPolicyNames.Admin)
{
}
}
//AdminClaimRequirement.cs
public class AdminClaimRequirement : IAuthorizationRequirement
{
public Group Group { get; private set; }
}
public AdminClaimRequirement()
{
Group group = new Group();
claim.GroupType = "groups";
claim.GroupValue = "SiteAdmin";
Group = group;
}
//AdminClaimRequirementHandler.cs
public class AdminClaimRequirementHandler : AuthorizationHandler<AdminClaimRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AdminClaimRequirement requirement)
{
if (context.User.HasClaim(requirement.Group.GroupType, requirement.Group.GroupValue))
{
context.Succeed(requirement);
return Task.CompletedTask;
}
return Task.CompletedTask;
}
}
//AuthorizationPolicyNames.cs
public static class AuthorizationPolicyNames
{
public static string Admin => "AdminOnly";
}
这就是我在控制器中使用的方式
[ApiController]
[AuthorizeAdmin]
public class MyController : ControllerBase
{
}
我遵循了这个Unit test AuthorizationHandler
此http://blog.stoverud.no/posts/how-to-unit-test-asp-net-core-authorizationhandler/
和这个Is it possible to write a test that can test an AuthorizationPolicy Object?
但无法使其工作...
这是我目前的解决方案,但我不知道如何使用我创建的策略
[Test]
public async Task AdminAuthorizationHandler_Should_Succeed()
{
var user = new ClaimsPrincipal(new ClaimsIdentity(new List<System.Security.Claims.Claim> { new System.Security.Claims.Claim("groups", "SiteAdmin") }));
var policy = new AuthorizationPolicyBuilder()
.RequireClaim("groups", "SiteAdmin")
.Build();
Assert.That(await CanAuthorizeUserWithPolicyAsync(user, policy), Is.EqualTo(true));
}
private static async Task<bool> CanAuthorizeUserWithPolicyAsync(ClaimsPrincipal user, AuthorizationPolicy policy)
{
var handlers = policy.Requirements.Select(x => x as IAuthorizationHandler).ToArray();
// add your custom authorization handlers here to the `handlers` collection
var authorizationOptions = Options.Create(new AuthorizationOptions());
authorizationOptions.Value.AddPolicy(nameof(policy), policy);
var policyProvider = new DefaultAuthorizationPolicyProvider(authorizationOptions);
var handlerProvider = new DefaultAuthorizationHandlerProvider(handlers);
var contextFactory = new DefaultAuthorizationHandlerContextFactory();
var authorizationService = new DefaultAuthorizationService(
policyProvider,
handlerProvider,
new NullLogger<DefaultAuthorizationService>(),
contextFactory,
new DefaultAuthorizationEvaluator(),
authorizationOptions);
var result = await authorizationService.AuthorizeAsync(user, policy);
return result.Succeeded;
}
也是这个
[Test]
public async Task AdminAuthorizationHandler3_Should_Succeed()
{
// Arrange
var authorizationService = BuildAuthorizationService(services =>
{
services.AddAuthorization(options =>
{
options.AddPolicy(AuthorizationPolicyNames.Admin, policy => policy.Requirements.Add(new AdminClaimRequirement()));
});
});
var user = new ClaimsPrincipal(new ClaimsIdentity(new System.Security.Claims.Claim[] { new System.Security.Claims.Claim("groups", "SiteAdmin") }));
// Act
var allowed = await authorizationService.AuthorizeAsync(user, AuthorizationPolicyNames.Admin);
// Assert
Assert.True(allowed.Succeeded);
}
我的目标是测试AdminClaimRequirement / AdminClaimRequirementHandler而不是控制器。
答案 0 :(得分:0)
您可以在.Net Core 2.2中使用以下(Xunit)测试处理程序
[Fact]
public async Task AdminAuthorizationHander_ShouldSucceed()
{
var user = new ClaimsPrincipal(new ClaimsIdentity(new List<System.Security.Claims.Claim> { new System.Security.Claims.Claim("groups", "SiteAdmin") }));
var requirement = new AdminClaimRequirement();
var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement }, user, null);
var handler = new AdminClaimRequirementHandler();
await handler.HandleAsync(context);
Assert.True(context.HasSucceeded);
}