Unit Testing Authorize and Custom Attribute in ASP.NET Core

Unit Test and mock Authorize Attribute

Today in this article, we will see how to Unit Test and mock Authorize Attribute ASP.NET Core.

This approach can be used for unit testing any other Custom Attributes in ASP.NET Core.

Unit testing is all about making our code better and better.

Unit Test always acts like a State machine where it validates current and any implementation and then continues validating your code for new changes or breaking changes or any anomalies introduced.

I have examined, and many might think, why we are getting crazy about writing unit tests for such scenarios.

Some of you might think of this as Integration Test.

Why to unit test Authorize or custom attributes

However, I would say there is absolutely no problem in adding more test cases including Custom attribute validation or [Authorize] attribute validation within the Unit Test cases. By having such test cases, you are validating that such attributes are not changed or removed by the developer accidentally.

Here is the below sample code for Unit Testing,

Unit Testing Authorize Attribute ASPNET Core

The below example will verify the presence of the [Authorize] attribute on the Create() method of the controller.

You shall need to use the Reflection technique to verify if the Authorize Attribute exists or not.

var actualAttribute = service.GetType().GetMethod("Create").GetCustomAttributes(typeof(AuthorizeAttribute),true);

Similarly if using any Custom Attributes, 

var actualAttribute = service.GetType().GetMethod("Create").GetCustomAttributes(typeof(InterceptAttribute),true);

The above code will give us an attribute if it exists. Using the above technique, you can validate any other Custom attributes presence.

The below code can be used to assert the result,

Assert.Equal(typeof(AuthorizeAttribute), actualAttribute[0].GetType());//Ensure [Authorize] Attribute exist

Please note that with this validation we are making sure the method is secured using Authorize attributes.

Let’s say, If developers remove [Authorize] attributes by mistake, then Unit test cases will fail. This will prompt you to perform corrective action.

In the end, any measure which helps you make your code robust should be welcomed always.

Below is the complete code,

Unit Testing Authorize Attribute ASPNET Core

References:

Did I miss anything else in the above scenario?

Do you have any better suggestions or thoughts? Please sound off your comments below!

Happy Coding !!


Please bookmark this page and share it with your friends. Please Subscribe to the blog to receive notifications on freshly published(2024) best practices and guidelines for software design and development.


2 thoughts on “Unit Test and mock Authorize Attribute ASP.NET Core

  1. How would you test that all controllers have the [Authorized] or [Authorized(Policy=”MustHavePolicy”)] attribute? It would be a lot of tests to write for every API in many controllers

    Reply

    1. Hello Chris- Thanks for your query. You can get a count of Authorized attributes needed for a particular controller using the above explained “var actualAttributes” (which is a list of all such attributes). You can then validate against expected vs actual and perform validation within the same test or new test as needed. Hope this helps.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *