我们有一个自定义身份验证管理器,它使用静态工厂方法来启动存储库的实例(因为我们不知道如何注入),它从数据库中进行一些安全性查找。
正如您可以想象的那样,它是我们安全基础设施的一个非常关键的部分,我想知道其他人如何对组件进行单元测试以确保它们按照设计工作。
谢谢
约翰
问问题
264 次
1 回答
2
IMHO, The best solution is to break up your Authentication and Authorization logic into separate (aka testable) methods, and unit test them like you would any other method. You can setup/Mock the IClaimsPrincipal to ensure your Authenticate method is working as expected.
We wouldn't need to unit test the ClaimsAuthenticationManager itself as Microsoft has already done that.
I would also consider setting up some integration tests that will ensure everything is working, eg (loading of policies from config, parsing them, etc and that your mocking of the IClaimsPrincipal is correct.
Hope that helps.
于 2014-07-10T01:27:54.200 回答