Unit testing claims based authorization with ThinkTecture ClaimsAuthorizeAttribute

Question

We are controlling access to our application's resources and actions by using ThinkTecture's MVC ClaimsAuthorizeAttribute and would like to be able to include some unit test coverage using Moq.

Ideally, I'd like to write a test which requests a controller action decorated with:

[ClaimsAuthorize("operation_x", "resource_1")]

... so as to enter our AuthorizationManager's CheckAccess override method during execution of the test.

Our CheckAccess override simply gets the action and resource from the incoming AuthorizationContext ("operation_x" and "resource_1") and determines whether the Principal has the resource/action combination as a claim and returns true if a match is found.

The test would pass or fail based on the result of our CheckAccess override.

Most of the examples I've found online are about unit testing custom Authorize attributes or testing whether a controller action has been decorated by an AuthzAttribute. There don't seem to be many examples of testing ThinkTecture's ClaimsAuthorize attribute.

Is it even possible to achieve what I've described? If so, please advise!

Thanks

Answer 1

You may be looking to do more work than necessary - you don't need to test ThinkTecture's ClaimsAuthorizeAttribute, because ThinkTecture have already done that. You should write tests which test your own code - namely the outcome of the actions performed inside your override of CheckAccess.

If you want to check whether the ThinkTecture attribute works as it should, you should look into setting up an integration test which causes the controller action in question to be invoked.