Unit testing aspnet core 2.1

With the release of dotnet core 2.1, a lot of things came together. Things like signalr and dependency injection. No more fighting the version numbers. Trying to get the exact version of signalr to work with the other exact version of dotnet runtime and so on.

Now, when things settled down, let’s get testing to work.

In this this post, I make a note to self about how to mock enough stuff to make unit testing to work.

Project here


Here, I create three projects. The web, the definitions and the repository.
Ah, and the additional Test project.

So, fire up the good old command line and type

md demo
cd demo
dotnet new sln --name Demo
dotnet new mvc --name Demo.Web
dotnet new classlib --name Demo.Definitions
dotnet new classlib --name Demo.Repositories
dotnet new classlib --name Demo.Models
dotnet new xunit --name Demo.Tests

and now (if you are using Visual Studio 2017 proper) you would like to add them to the solution

dotnet sln add Demo.Web
dotnet sln add Demo.Definitions
dotnet sln add Demo.Repositories
dotnet sln add Demo.Tests
dotnet sln add Demo.Models

And don’t forget to reference Definitions from Repository and so on with

cd Demo.Web
dotnet add reference ..\Demo.Definitions\Demo.Definitions.csproj
dotnet add reference ..\Demo.Repositories\Demo.Repositories.csproj
cd ..\Demo.Repositories
dotnet add reference ..\Demo.Definitions\Demo.Definitions.csproj
dotnet add reference ..\Demo.Models\Demo.Models.csproj
cd ..\Demo.Models
dotnet add reference ..\Demo.Definitions\Demo.Definitions.csproj
cd ..\Demo.Tests
dotnet add reference ..\Demo.Definitions\Demo.Definitions.csproj
dotnet add reference ..\Demo.Models\Demo.Models.csproj
dotnet add reference ..\Demo.Repositories\Demo.Repositories.csproj
dotnet add reference ..\Demo.Web\Demo.Web.csproj

In this case I have a homecontroller that need the repository injected for data access and also need access to the signalr hub for push notifications to the web.

I’ll begin by creating the interfaces, models and repository.
Next, I’ll inject the repo in the HomeController. I’ll also inject the HubContext for the NotificationHub.

private readonly IRepository _repo = null;
IHubContext<NotificationHub> _hubContext = null;
public HomeController(IRepository repo, IHubContext<NotificationHub> hubContext)


For this to work we register the interface in the DI-container in Startup.cs

In the ConfigureServices method we add

services.AddTransient<IRepository, CustomerRepository>();
So, now it works and the customer Acme is shown when browsing /Home/Customer/1


For testing purposes I’ll use the DependencyInjection, FluentAssertions and Moq nuget packages.
cd Demo.Tests
dotnet add package Microsoft.Extensions.DependencyInjection -v 2.1.0
dotnet add package FluentAssertions
dotnet add package Moq

For easy access to signalR and other stuff that the web project use add also the same package the webapp is using Microsoft.AspNetCore.App

dotnet add package Microsoft.AspNetCore.App -v 2.1.0

DependencyInjection and aspnetcore are interdependent and need to be of the same version.

So, In my first test I need to mock the repository

var repo = new Mock<IRepository<ICustomer>>();
repo.Setup(x => x.GetById(1)).Returns(() =>
    return new Customer{Id = 1, CustomerName = "Acme", CreatedOn = DateTime.Now};

This means that when call GetById with parameter 1, the anonymous function sent as a parameter to Returns is executed.

Furthermore, in my HomeController action UpdateCustomer I’m executing a call to the signalr hub NotificationHub.

await _hubContext.Clients.All.SendAsync("ReceiveMessage", customer);

This has to be mocked in three steps. First a mock of _hubContext that is of type IHubcontext<NotificationHub> that, when the property Clients is requested, returns an IHubClients object. This, in turn, must mock its All property to return an IClientProxy.

Since they are referencing each other we have to mock them in reverse.

var mockClientProxy = new Mock<IClientProxy>();

var mockClients = new Mock<IHubClients>();
mockClients.Setup(clients => clients.All).Returns(mockClientProxy.Object);

var hub = new Mock<IHubContext<NotificationHub>>();
hub.Setup(x => x.Clients).Returns(() => mockClients.Object);

Then register these objects in the IoC container

var provider = new ServiceCollection()
    .AddSingleton <IRepository<ICustomer>> (repo.Object)
    .AddTransient<HomeController, HomeController>()

Now when I calls for my test subject, HomeController, The IoC container resolves the dependencies

var controller = provider.GetService<HomeController>();
As a bonus we can add some cookies if your controller need them
controller.ControllerContext.HttpContext = new DefaultHttpContext();
controller.ControllerContext.HttpContext.Request.Headers.Add("Cookie", "userid=mchammer;recordno=2");

Then just to the assert

var albumc = await controller.UpdateCustomer(customer);

This example is admittedly quite construed (I’m testing the mock 🙂 ) but serves the purpose to show the mocking of both a signalr hub internals and then stack them together plus injecting the dependencies into the container.

Adding authentication in AspNetCore 2.0

<EDIT> A few days ago they changed it again….
Instead of .AddCookieAuthentication(….
It’s now just .AddCookie();

Or rather Aspnetcore 2.0.0-preview2-006497 since they changed it again….

First, download the latest bits from .NET Core 2.0 and install it.
Open a developer command prompt and check version with

dotnet –version

It should say 2.0.0-preview2-006497 for you to be sure that my instructions will work 🙂
Create a new folder for your project and create a new mvc project with

dotnet new mvc

After it is done we will add the dependencies for authentication

dotnet add package Microsoft.AspNetCore.Authentication -v “2.0.0-preview2-final”


dotnet add package Microsoft.AspNetCore.Http -v “2.0.0-preview2-final”

Now we add, one by one the authentication providers we want. In Startup.cs in ConfigureServices:

services.AddAuthentication(options =>
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
.AddCookieAuthentication(CookieAuthenticationDefaults.AuthenticationScheme, option =>
option.LoginPath = "/home/login";
.AddTwitterAuthentication(o =>
o.ConsumerKey = Configuration["Authentication:Twitter:ConsumerKey"];
o.ConsumerSecret = Configuration["Authentication:Twitter:ConsumerSecret"];

view raw


hosted with ❤ by GitHub

The biggest change in this version is perhaps that you only add


To the pipeline in the Configure method.

So. Done with that part. Oh, forgot the usings. Add these to the top

using System.Security.Claims;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Rewrite;
using Microsoft.AspNetCore.Mvc;

view raw


hosted with ❤ by GitHub

A few more than necessary but I will get to them. Now the project should start with

dotnet run

But it still allows for anonymous access.

Add the attribute [Authorize] to your HomeController together with a matching using like so:

using Microsoft.AspNetCore.Authorization;
namespace [namespace].Controllers
public class HomeController : Controller

view raw


hosted with ❤ by GitHub

So. Again start the project and browse to http://localhost:5000/. You will be redirected to /home/login and get an error since that page does not exist (yet).

In the HomeController.cs add this code

public async Task<IActionResult> Login(string username, string password)
if (IsValidUser(username, password))
var claims = new List<Claim>(2);
claims.Add(new Claim(ClaimTypes.Name, username));
claims.Add(new Claim(ClaimTypes.Role, "GroupThatUserIsIn",
ClaimValueTypes.String, "IHaveIssuedThis"));
await HttpContext.SignInAsync(
new ClaimsPrincipal(new ClaimsIdentity(claims,
return RedirectToAction("Index");
return View();
private bool IsValidUser(string username, string password)
return username == "foo" && password == "bar";

This is used when you manage all the users and passwords yourself (please don’t).
But seriously, sometimes you have an old back-end system that you are building a new front-web for and it has all the user info.

I created a super simplistic view for this action. Create a new file in the folder Views/Home called Login.cshtml with this content

<form action="/home/login" method="post">
<input name="username" />
<input name="password" type="password"/>
<input type="submit" value="Go"/>
<a href='/login-twitter' \">I prefer Twitter</a>

view raw


hosted with ❤ by GitHub

Told you. Simplistic. Make sure these “usings” are in place in your HomeController.cs

using Microsoft.AspNetCore.Authorization;
using System.Security.Claims;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Authentication;

Now, go back up to the project root folder and run the application again. This time the login page is displayed. If you try to login with your hard coded username and password you will be logged in and redirected to /. If you inspect the ClaimsPrincipal when debugging you will see that your claims are visible under the Identity-property.


Great. Let the user logout as well.

public async Task<IActionResult> Logout()
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
return RedirectToAction("Index");

Add a link somewhere that redirects the user to /home/logout. Done.

So. How about Twitter?

First, add a new app at apps.twitter.com . Click “Create new app” and fill out the form. You can set callback url to localhost:5000. Go to the Keys and Access Tokens-tab and copy them to your appSettings.json file

"Authentication": {
"Twitter": {
"ConsumerKey": "<Your key here>",
"ConsumerSecret": "<Your secret here>"

Please note that if you intend to publish the code somewhere, don’t store these credentials here. Use secrets instead.

Remember the fancy looking login page? The Twitter-link was /login-twitter. Just because it is fun I will hard-wire this url into the processing pipeline.

So. Head over to Startup.cs and paste this code into the Configure-method.

app.Map("/login-twitter", login =>
login.Run(async context =>
await context.ChallengeAsync("Twitter", new AuthenticationProperties() {
RedirectUri = "/" });

view raw


hosted with ❤ by GitHub

Now you redirected to a Twitter page and depending if you are already logged into Twitter or not the page either asks you to logon or only to authorize your new app to connect to Twitter.

Tip: If you want to dress the current user with more claims than Twitter sent, you can always add them. Like your internal user id of that Twitter-identified user.

public async Task<IActionResult> Index()
var principal = User.Identity as ClaimsIdentity;
var idClaim = principal.Claims.Where(i => i.Type == "https://marcusclasson.com/claims/id")
if(idClaim == null)
principal.AddClaim(new Claim("https://marcusclasson.com/claims/id", "MyCustomId"));
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
await HttpContext.SignInAsync(User);
return View();

Code on Github