Integration tests are used to check if the different parts of the application work as expected when they are assembled together. When working with integration tests, you will often want to skip authentication and authorization tests. For instance, you might be more interested in testing the controller methods, without authentication and authorization getting in the way.
In this article I will discuss how we can bypass such security checks when working with integration tests in ASP.Net Core.
Who needs secure integration tests?
You will often need to write integration tests for controller methods that have the [Authorize] tag on them. Let’s say that you are hitting an identity provider (that resides on another server) with this attribute. The problem is that your integration tests might fail if the identity server is down.
As such, it would be a good practice to bypass the authentication checks when running integration tests on the controller methods. After all, you want to test the application pipeline and not the availability of an external server. In the sections that follow, we will examine how we can bypass the [Authorize] attribute in integration tests.