Needs example of sociable unit testing/integration testing using WebApplicationFactory<Startup> about authpermissions.aspnetcore HOT 3 CLOSED

Hi @kcaswick,

I haven't tried mocking authentication so I can't really advise you, but I can see the benefits of mocking authentication. At the moment I build runnable examples, but unit tests would be great so I will try to help.

One thing I did when working on JWT Token is that the signature used for creating the token and the signature for checking the token are different, and I don't know why (which worries me) - see this here. Could that be creating your error??

Some question:

• Where does the Unauthorized error come from? I assume from code outside the AuthP code - correct??
• I don't understand the two code block you show. I would have thought you would have one block to register AuthP.

Not sure that helps but its all I have at this stage.

from authpermissions.aspnetcore.

The 2 blocks are the standard, non-testing registration (in Startup.ConfigureServices), and then the testing registration (in CustomWebApplicationFactory.ConfigureWebHost). The testing registration runs second, since for the database side Microsoft's documentation has it remove the standard DbContextOptions to replace it with one configured to UseInMemoryDatabase().

I'm not certain where the error comes from, somewhere outside my code, but when I turn logging all the way up to trace I get this:

Information [1]: Failed to validate the token.
   Information [1]: Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10503: Signature validation failed. Token does not have a kid. Keys tried: 'System.Text.StringBuilder'.
Exceptions caught:
 'System.Text.StringBuilder'.
token: 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken'.
   at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
   at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()

After adding that exception to the Break When Thrown settings, it looks like it may be coming from something configured by the AAD authentication.

Currently I've set this branch aside and I'm trying to implement my own AuthPolicy instead. In researching for that, I suspect part of the problem may be that I am not un-registering the old auth, nor using a different name for the test auth scheme. Perhaps a better path would be to skip the token entirely, and just add the claims directly via the TestAuthHandler,

from authpermissions.aspnetcore.

First thing: the exception in Microsoft's code, not AuthP code but I do wonder if its because AuthP code uses the recommended SecurityAlgorithms.HmacSha256Signature and not SecurityAlgorithms.HmacSha256. Worth a check.

Yep, this code is complex and any way you can simplify is going to help.

I'll close this for now, but if you want to reopen it again I happy to help.

from authpermissions.aspnetcore.