Bypass Authentication With WebApplicationFactory
Updated
•1 min readThere are many approaches for this out in the wild. I think this speaks for itself.
public class SampleWebApplicationFactory : WebApplicationFactory<Program>
{
public const string MockScheme = nameof(MockScheme);
protected override void ConfigureWebHost(IWebHostBuilder builder) =>
builder.ConfigureServices(services =>
{
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = MockScheme;
options.DefaultChallengeScheme = MockScheme;
}).AddScheme<AuthenticationSchemeOptions, SampleMockAuthenticationHandler>(MockScheme, null);
services.AddAuthorization(options =>
{
var defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder(MockScheme);
defaultAuthorizationPolicyBuilder =
defaultAuthorizationPolicyBuilder.RequireAuthenticatedUser();
options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();
});
});
}
public class SampleMockAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
public SampleMockAuthenticationHandler(
IOptionsMonitor<AuthenticationSchemeOptions> options,
ILoggerFactory logger,
UrlEncoder encoder)
: base(options, logger, encoder)
{
}
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
{
var claims = new[] { new Claim(ClaimTypes.Name, "MockUser"), new Claim(ClaimTypes.Role, "MockRole") };
var identity = new ClaimsIdentity(claims, Scheme.Name);
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return Task.FromResult(AuthenticateResult.Success(ticket));
}
}