C# 是否可以编写一个测试来测试AuthorizationPolicy对象?
我有一个策略,我想用C语言测试# 是否有人知道一种测试授权策略的方法,以确认作用域“WorkflowAdmin”成功,而其他所有作用域均未成功 这是我在检查对象时看到的: 我设法找到了这个网站:但它谈论的是测试处理程序,并且有代码标记身份验证尝试成功 我不确定这是不是越来越近了。目前还没有通过C# 是否可以编写一个测试来测试AuthorizationPolicy对象?,c#,asp.net-core,authorization,.net-core,C#,Asp.net Core,Authorization,.net Core,我有一个策略,我想用C语言测试# 是否有人知道一种测试授权策略的方法,以确认作用域“WorkflowAdmin”成功,而其他所有作用域均未成功 这是我在检查对象时看到的: 我设法找到了这个网站:但它谈论的是测试处理程序,并且有代码标记身份验证尝试成功 我不确定这是不是越来越近了。目前还没有通过 [Test] public void GivenPolicyName_WhenICallPolicyChecks_ThenItPasses() { ClaimsPrincipal user =
[Test]
public void GivenPolicyName_WhenICallPolicyChecks_ThenItPasses()
{
ClaimsPrincipal user = new ClaimsPrincipal(new ClaimsIdentity(new List<Claim> { new Claim(CustomClaims.Scope, "WorkflowAdmin") }));
WorkflowCreatePolicy workflowCreatePolicy = new WorkflowCreatePolicy();
AuthorizationHandlerContext authorizationHandlerContext = new AuthorizationHandlerContext(workflowCreatePolicy.AuthorizationPolicy.Requirements, user, null);
Assert.That(authorizationHandlerContext.HasSucceeded, Is.EqualTo(true));
}
[测试]
public void GivenPolicyName\u whenicallpolicy checks\u ThenItPasses()
{
ClaimsPrincipal user=newclaimsprincipal(newclaimsidentity(newlist{newclaims(CustomClaims.Scope,“WorkflowAdmin”)});
WorkflowCreatePolicy WorkflowCreatePolicy=新的WorkflowCreatePolicy();
AuthorizationHandlerContext AuthorizationHandlerContext=新的AuthorizationHandlerContext(workflowCreatePolicy.AuthorizationPolicy.Requirements,user,null);
Assert.That(authorizationHandlerContext.hassucceedd,Is.EqualTo(true));
}
IMHO这是您想要测试的东西
在一天结束时,您需要确保对端点的访问得到了预期的保护
你可以用它来做
此时应测试应用程序的组成:确保在没有所需声明的情况下调用端点将导致403。在引擎盖下,
AuthorizationPolicy
只是授权处理程序的集合。像requirecarel
这样的方法将Microsoft生成的处理程序添加到集合中。在这种情况下,ClaimsAuthorizationRequirement
继承自AuthorizationHandler
要验证用户是否传递了AuthorizationPolicy
,需要调用所有策略的AuthorizationService
。DefaultAuthorizationService
将在第一个处理程序无法验证用户身份后停止。如果您没有注册另一个授权服务
将使用此服务
因此,您可以自己构建AuthorizationService
,并在其上调用authorizationasync
方法。请注意,如果要对自定义授权处理程序进行测试,也需要注册它们
private static async Task<bool> CanAuthorizeUserWithPolicyAsync(ClaimsPrincipal user, AuthorizationPolicy policy)
{
var handlers = policy.Requirements.Select(x => x as IAuthorizationHandler).ToArray();
// add your custom authorization handlers here to the `handlers` collection
var authorizationOptions = Options.Create(new AuthorizationOptions());
authorizationOptions.Value.AddPolicy(nameof(policy), policy);
var policyProvider = new DefaultAuthorizationPolicyProvider(authorizationOptions);
var handlerProvider = new DefaultAuthorizationHandlerProvider(handlers);
var contextFactory = new DefaultAuthorizationHandlerContextFactory();
var authorizationService = new DefaultAuthorizationService(
policyProvider,
handlerProvider,
new NullLogger<DefaultAuthorizationService>(),
contextFactory,
new DefaultAuthorizationEvaluator(),
authorizationOptions);
var result = await authorizationService.AuthorizeAsync(user, policy);
return result.Succeeded;
}
私有静态异步任务CanAuthorizeUserWithPolicyAsync(ClaimsPrincipal用户,授权策略)
{
var handlers=policy.Requirements.Select(x=>x作为IAAuthorizationHandler.ToArray();
//在此将自定义授权处理程序添加到“处理程序”集合
var authorizationOptions=Options.Create(new authorizationOptions());
authorizationOptions.Value.AddPolicy(策略名称,策略);
var policyProvider=新的DefaultAuthorizationPolicyProvider(authorizationOptions);
var handlerProvider=新的DefaultAuthorizationHandlerProvider(处理程序);
var contextFactory=新的DefaultAuthorizationHandlerContextFactory();
var authorizationService=新的DefaultAuthorizationService(
保单提供者,
handlerProvider,
新的NullLogger(),
contextFactory,
新建DefaultAuthorizationEvaluator(),
授权选项);
var result=await authorizationService.authorizationAsync(用户,策略);
返回结果。成功;
}
您可以像下面这样使用此方法
var user = new ClaimsPrincipal(new ClaimsIdentity(new List<Claim> { new Claim("scope", "WorkflowAdmin") }));
var policy = new AuthorizationPolicyBuilder()
.RequireClaim("scope", "WorkflowAdmin")
.Build();
Assert.That(await CanAuthorizeUserWithPolicyAsync(user, policy), Is.EqualTo(true));
var user=newclaimsprincipal(newclaimsidentity(newlist{newclaim(“scope”,“WorkflowAdmin”)});
var policy=new AuthorizationPolicyBuilder()
.Requirecall(“范围”、“工作流管理”)
.Build();
Assert.That(wait CanAuthorizeUserWithPolicyAsync(user,policy),Is.EqualTo(true));
找到了:)
请参阅ASP.NET核心安全单元测试中的。我已经从它的模式,并应用到您的政策
[事实]
公共异步任务应允许AllowIfsCopeClaimWorkflowAdminisPresent()
{
//安排
var authorizationService=BuildAuthorizationService(服务=>
{
services.AddAuthorization(选项=>
{
options.AddPolicy(“SomePolicyName”,新WorkflowCreatePolicy())
.授权政策);
});
});
var user=新索赔实体(新索赔实体)(
新索赔[]{newclaim(“scope”,“WorkflowAdmin”)});
//表演
var allowed=await authorizationService.authorizationAsync(用户,“SomePolicyName”);
//断言
Assert.True(允许.成功);
}
private IAAuthorizationService BuildAuthorizationService(
操作(设置服务=空)
{
var services=newservicecolection();
services.AddAuthorization();
services.AddLogging();
services.AddOptions();
setupServices?调用(服务);
return services.BuildServiceProvider().GetRequiredService();
}
您不认为单元测试安全策略很重要吗?为什么我不想对我的定制处理程序(可能还有需求)进行单元测试?
var user = new ClaimsPrincipal(new ClaimsIdentity(new List<Claim> { new Claim("scope", "WorkflowAdmin") }));
var policy = new AuthorizationPolicyBuilder()
.RequireClaim("scope", "WorkflowAdmin")
.Build();
Assert.That(await CanAuthorizeUserWithPolicyAsync(user, policy), Is.EqualTo(true));
[TestFixture]
public class WorkflowCreatePolicyTests
{
[Test]
public void GivenAuthorizationPolicy_WhenICheckTheClaimScopes_ThenItHasUserAdmin()
{
AuthorizationPolicy authorizationPolicy = new WorkflowCreatePolicy().AuthorizationPolicy;
ClaimsAuthorizationRequirement claimsAuthorizationRequirement = authorizationPolicy.Requirements
.FirstOrDefault(x => (x as ClaimsAuthorizationRequirement)?.ClaimType == "scope")
as ClaimsAuthorizationRequirement;
Assert.That(claimsAuthorizationRequirement?.AllowedValues, Contains.Item("WorkflowAdmin"));
}
}