使用请求头认证来测试需要授权的 API 接口 (2)

默认的 Header 是 UserId/UserName/UserRoles,你也可以自定义为符合自己需要的配置,如果只是想新增一个转换可以配置 AdditionalHeaderToClaims 增加自己需要的请求头 => Claims 转换,AuthenticationValidator 也可以自定义,就是上面提到的会首先会验证是不是需要读取 Header,验证通过之后才会读取 Header 信息并认证

测试示例

有一个接口我需要登录之后才能访问,需要用户信息,类似下面这样

[HttpPost] [Authorize] public async Task<IActionResult> MakeReservation( [FromBody] ReservationViewModel model ) { // ... }

在测试代码里我配置使用了 Header 认证,在请求的时候直接通过 Header 来控制用户的信息

Startup 配置:

services .AddAuthentication(HeaderAuthenticationDefaults.AuthenticationSchema) .AddHeader() // 使用 Query 认证 //.AddAuthentication(QueryAuthenticationDefaults.AuthenticationSchema) //.AddQuery() ;

测试代码:

[Fact] public async Task MakeReservationWithUserInfo() { using var request = new HttpRequestMessage(HttpMethod.Post, "/api/reservations"); request.Headers.TryAddWithoutValidation("UserId", GuidIdGenerator.Instance.NewId()); request.Headers.TryAddWithoutValidation("UserName", Environment.UserName); request.Headers.TryAddWithoutValidation("UserRoles", "User,ReservationManager"); request.Content = new StringContent($@"{{""reservationUnit"":""nnnnn"",""reservationActivityContent"":""13211112222"",""reservationPersonName"":""谢谢谢"",""reservationPersonPhone"":""13211112222"",""reservationPlaceId"":""f9833d13-a57f-4bc0-9197-232113667ece"",""reservationPlaceName"":""第一多功能厅"",""reservationForDate"":""2020-06-13"",""reservationForTime"":""10:00~12:00"",""reservationForTimeIds"":""1""}}", Encoding.UTF8, "application/json"); using var response = await Client.SendAsync(request); Assert.Equal(HttpStatusCode.OK, response.StatusCode); } [Fact] public async Task MakeReservationWithInvalidUserInfo() { using var request = new HttpRequestMessage(HttpMethod.Post, "/api/reservations"); request.Headers.TryAddWithoutValidation("UserName", Environment.UserName); request.Content = new StringContent($@"{{""reservationUnit"":""nnnnn"",""reservationActivityContent"":""13211112222"",""reservationPersonName"":""谢谢谢"",""reservationPersonPhone"":""13211112222"",""reservationPlaceId"":""f9833d13-a57f-4bc0-9197-232113667ece"",""reservationPlaceName"":""第一多功能厅"",""reservationForDate"":""2020-06-13"",""reservationForTime"":""10:00~12:00"",""reservationForTimeIds"":""1""}}", Encoding.UTF8, "application/json"); using var response = await Client.SendAsync(request); Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); } [Fact] public async Task MakeReservationWithoutUserInfo() { using var request = new HttpRequestMessage(HttpMethod.Post, "/api/reservations") { Content = new StringContent( @"{""reservationUnit"":""nnnnn"",""reservationActivityContent"":""13211112222"",""reservationPersonName"":""谢谢谢"",""reservationPersonPhone"":""13211112222"",""reservationPlaceId"":""f9833d13-a57f-4bc0-9197-232113667ece"",""reservationPlaceName"":""第一多功能厅"",""reservationForDate"":""2020-06-13"",""reservationForTime"":""10:00~12:00"",""reservationForTimeIds"":""1""}", Encoding.UTF8, "application/json") }; using var response = await Client.SendAsync(request); Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); } More

QueryString 认证和请求头认证是类似的,这里就不再赘述,只是把请求头上的参数转移到 QueryString 上了,觉得不够好用的可以直接 Github 上找源码修改, 也欢迎 PR,源码地址: https://github.com/WeihanLi/WeihanLi.Web.Extensions

Reference

https://github.com/WeihanLi/WeihanLi.Web.Extensions

https://www.nuget.org/packages/WeihanLi.Web.Extensions

https://github.com/OpenReservation/ReservationServer/blob/dev/ActivityReservation.API.Test/TestStartup.cs

https://github.com/OpenReservation/ReservationServer/blob/dev/ActivityReservation.API.Test/Controllers/ReservationControllerTest.cs

https://www.cnblogs.com/weihanli/p/cutom-authentication-in-aspnetcore.html

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/wpspws.html