I have an OAuthServerProvider issuing tokens after authenticating username and passwords. When the username or password is invalid I reject the owin Context, which will by default return 400 Bad Request
as the status code.
But I want to respond with 401 Unauthorized
To achieve this I have written a middleware which will check the header and see if a custom header is present and if so will replace the status code with 401.
if (context.Response.StatusCode == 400 && context.Response.Headers.ContainsKey(Constants.OwinChallengeFlag))
{
var headerValues = context.Response.Headers.GetValues(Constants.OwinChallengeFlag);
context.Response.StatusCode = Convert.ToInt16(headerValues.FirstOrDefault());
context.Response.Headers.Remove(Constants.OwinChallengeFlag);
}
This works absolutely fine when I hit it with fiddler, but the unit test I have written below always gets a 400. Somehow when I make a request with my unit test the middleware is skipped.
[TestFixture]
public class UnitTest1
{
private TestServer _server;
[SetUp]
public void SetUp()
{
_server = TestServer.Create<Startup>();
}
[Test]
public void ShouldReturnUnauthorizedResponse()
{
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, "/token");
//wrong password
var requestContent = "grant_type=password&UserName=foo&Password=bar";
request.Content = new StringContent(requestContent, Encoding.UTF8, "application/x-www-form-urlencoded");
var response = _server.HttpClient.SendAsync(request).Result;
//This assert fails, but shouldn't
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
}
}
Need to know what I am doing wrong here.