2

我正在尝试通过调用 FormsAuthentication.SetAuthCookie("someUser", false); 来验证内部集成测试。
之后我确实需要调用 WebAPI 并且不会收到未经授权的异常,因为我已经应用了授权属性。我正在使用此代码创建身份验证 cookie:

var cookie = FormsAuthentication.GetAuthCookie(name, rememberMe);
    var ticket = FormsAuthentication.Decrypt(cookie.Value);

    var newTicket = new FormsAuthenticationTicket(ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration,
        ticket.IsPersistent, userData.ToJson(), ticket.CookiePath);
    var encTicket = FormsAuthentication.Encrypt(newTicket);

    /// Use existing cookie. Could create new one but would have to copy settings over...
    cookie.Value = encTicket;

现在我想将此 cookie 添加到新 HttpClient 内的 HttpRequestMessage 中,并在集成测试中将其与我的常规请求一起发送。

我不知道如何将该身份验证 cookie 添加到 HttpRequestMessage ?

4

2 回答 2

4

要操作 cookie,您需要使用WebRequestHandlerHttpClient. 例如,

 var handler = new WebRequestHandler();
 var client = new HttpClient(handler);
 // use handler to configure request such as add cookies to send to server

CookieContainer属性将允许访问 cookie 集合。

另一方面,我怀疑在客户端上创建FormsAuthentication cookie 是否可行。客户端/服务器都需要相同的加密密钥。最好的方法是重放实际 Web API 的登录请求——很可能,它是一个带有用户凭据的登录页面的POST 。使用 Fiddler 等工具在浏览器上观察相同的内容,并在您的 http 客户端中构造相同的请求。

于 2012-11-30T09:58:03.783 回答
0

晚了将近 6 年,但仍然可能会有所帮助。基于此的解决方案: https ://blogs.taiga.nl/martijn/2016/03/10/asp-net-web-api-owin-authenticated-integration-tests-without-authorization-server/

首先,在创建 Owin TestServer 时,您必须创建 DataProtector:

    private readonly TestServer _testServer;
    public IDataProtector DataProtector { get; private set; }

    public Server(OwinStartup startupConfig)
    {
        _testServer = TestServer.Create(builder =>
        {
            DataProtector = builder.CreateDataProtector(
                typeof(CookieAuthenticationMiddleware).FullName, DefaultAuthenticationTypes.ApplicationCookie, "v1");

            startupConfig.Configuration(builder);
        });
    }

然后像这样生成 cookie(使用上一步中创建的 DataProtector):

    public string GeterateCookie()
    {
        var claims = new List<Claim>
        {
            new Claim(ClaimTypes.Role, "your-role"),
            new Claim(ClaimTypes.UserData, "user-data"),
            new Claim(ClaimTypes.Name, "your-name")
        };

        var identity = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie, ClaimTypes.Name, ClaimTypes.Role);

        var tdf = new TicketDataFormat(DataProtector);
        var ticket = new AuthenticationTicket(identity, new AuthenticationProperties {ExpiresUtc = DateTime.UtcNow.AddHours(1)});

        var protectedCookieValue = tdf.Protect(ticket);

        var cookie = new CookieHeaderValue("yourCookie", protectedCookieValue)
        {
            Path = "/",
            HttpOnly = true
        };

        return cookie.ToString();
    }

确保设置所需的声明,根据提供给 UseCookieAuthentication 方法的设置初始化 ClaimsIdentity,并设置正确的 CookieName。

最后一步是将 CookieHeader 添加到您的请求中:

    public Task<HttpResponseMessage> RequestAsync(HttpRequestMessage request)
    {
        request.Headers.Add("cookie", GenerateCookie());
        return _client.SendAsync(request);
    }
于 2018-06-28T05:55:43.770 回答