How do you unit test web page authorization using ASP.NET MVC?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Kevin Pang on Stack Overflow See other posts from Stack Overflow or by Kevin Pang
Published on 2008-09-25T06:29:49Z Indexed on 2010/04/22 9:53 UTC
Read the original article Hit count: 423

Filed under:
|

Let's say you have a profile page that can only be accessed by the owner of that profile. This profile page is located at:

User/Profile/{userID}

Now, I imagine in order to prevent access to this page by other users, you could structure your UserController class's Profile function to check the current session's identity:

HttpContext.Current.User.Identity.Name

If the id matches the one in the url, then you proceed. Otherwise you redirect to some sort of error page.

My question is how do you unit test something like this? I'm guessing that you need to use some sort of dependency injection instead of the HttpContext in the controller to do the check on, but I am unclear what the best way to do that is. Any advice would be helpful.

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about asp.net-mvc

Related posts about TDD

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle