Are there any recommended ways to unit test the security of one's MVC controller methods for security (in ASP.NET MVC 5)? e.g. I have administrator users and normal users, and I want to have a unit test to ensure that only administrators can access certain pages. e.g.:
/// <summary>
/// Initial page for creating a new <see cref="Widget"/>.
/// </summary>
/// <returns>
/// An <see cref="ActionResult"/> used to indicate the view to be
/// rendered. Guaranteed not to be null or empty.
/// </returns>
[HttpGet]
[Authorize(Roles = "ADMIN")]
public ActionResult Create()
{
return this.View(new CreateWidgetModel());
}
... and the unit test should be something like:
[TestMethod]
public void VerifyOnlyAdminsCanCreateWidgets()
{
Assert.???
}
Aucun commentaire:
Enregistrer un commentaire