Skip to content
Simple way to faked an authenticated user for integration test with ASP.Net Core framework
Branch: master
Clone or download
Latest commit a3b478c Dec 11, 2018

Fake Authentication Jwt Bearer for ASP.NET Core 2

Build status

This code allow to fake a Jwt Bearer and build integration test for ASP.Net Core application.
By this way we can fake any authentication we need, without the need to really authenticate a user.
This code is based on Microsoft.AspNetCore.Authentication.JwtBearer.

If You need it for ASP.NET Core 1, check Tag 1.0.4

If You need it for ASP.NET Core 2.1, check Tag 2.1.2

How to install it?

First add this package to your Nuget configuration file : GST.Fake.Authentication.JwtBearer.

Let's imagine we are coding integration tests in the project MyApp.TestsIntegration.

This is the tree of the global solution:

| +---MyApp
| +---SecondApp
| +---MyApp.Tests
| +---MyApp.TestsIntegration

My integration test are based on this tutorial Introduction to integration testing with xUnit and TestServer in ASP.NET Core.
So I have a TestFixture.cs file where I can extend configurations made in the Startup.cs file.

In the class TestFixture.cs we have to extend the configuration of our Startup.
You have to disable you original AddJwtBearer in your Startup.cs, because the AddFakeJwtBearer doesno't overload the original.

public class TestFixture<TStartup> : IDisposable where TStartup : class
    public TestFixture()
    // ...

    // We must configure the realpath of the targeted project
    string appRootPath = Path.GetFullPath(Path.Combine(
                    , "..", "..", "..", "..", "..", "..", "src", baseNamespace));

    var builder = new WebHostBuilder()
      .ConfigureServices(x =>
          // Here we add our new configuration
          x.AddAuthentication(options =>
                options.DefaultScheme = FakeJwtBearerDefaults.AuthenticationScheme;
                options.DefaultAuthenticateScheme = FakeJwtBearerDefaults.AuthenticationScheme;
           	options.DefaultChallengeScheme = FakeJwtBearerDefaults.AuthenticationScheme;
      // ...

How to use it?

Now all the things are tied up, how to faked a user?

I've defined tree methods :

  • A token with a custom object
  • A token with a Username
  • A token with a Username and some roles

Let see that in a real world example.

 using GST.Fake.Authentication.JwtBearer;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
 using System;
 using System.Collections.Generic;
 using System.Net.Http;
 using System.Text;
 using Xunit;

 namespace MyApp.TestsIntegration
     public class SomeWeirdTest : IClassFixture<TestFixture<MyApp.Startup>>
         private TestFixture<MyApp.Startup> fixture;

         public SomeWeirdTest(TestFixtureMyApp.Startup> _fixture)
             fixture = _fixture;
             // Create a token with a Username and two roles
             fixture.Client.SetFakeBearerToken("admin", new[] { "ROLE_ADMIN", "ROLE_GENTLEMAN" });

         public void testCallPrivateAPI()
             // We call a private API with a full authenticated user (admin)
             var response = fixture.Client.GetAsync("/api/my-account").Result;

         public void testCallPrivate2API()
		 dynamic data = new System.Dynamic.ExpandoObject();
            data.organism = "ACME";
            data.thing = "more things";
            fixture.Client.SetFakeBearerToken("SUperUserName", new[] { "Role1", "Role2" }, (object)data);

            // We call a private API with a full authenticated user (admin)
            var response = fixture.Client.GetAsync("/api/my-account").Result;

Create Nuget Package

dotnet build src/GST.Fake.Authentication.JwtBearer/GST.Fake.Authentication.JwtBearer.csproj --configuration Release --framework netcoreapp2.2 --force
dotnet pack src/GST.Fake.Authentication.JwtBearer/GST.Fake.Authentication.JwtBearer.csproj --configuration Release --include-source --include-symbols --output ../../nupkgs
dotnet nuget push  src/GST.Fake.Authentication.JwtBearer/bin/Release/GST.Fake.Authentication.JwtBearer.[VERSION].nupkg -s -k [API-KEY]
You can’t perform that action at this time.