This project is read-only.

Change to Antiforgery Token in MVC4 RC broke our unit test

Jun 8, 2012 at 4:31 PM

This change in MVC4 RC broke one of our unit tests. In our application, we created an extension method for HtmlHelper which gerneates our sign out link. Our sign out link consists of a form post with a AntiForgeryToken. Our unit test validates that string returned from the method matches an expected value. We had to search for, and remove the actual AntiForgery token value since it always changes, but the rest of the string is something we could validate. Here is a small code snippet that shows the use of html.AntiForgeryToken().

var form = string.Format(CultureInfo.InvariantCulture, format, html.AttributeEncode(url), 
In MVC4 RC, the call to AntiForgeryToken(), now uses the parameterless version of AntiForgery.GetHtml(), which in turn throws an exception if HttpContext.Current is null.
We were able to work around this by setting HttpContext.Current to a new HttpContext in our setup method, instead of setting up the ViewContext.HttpContext which we were doing previously (with a fake based on HttpContextBase). Thankfully we didn't need to setup or mock anything too specific for this test.
Jun 8, 2012 at 8:00 PM

Thanks for the feedback. We missed this testability aspect when making changes to the API's implementation. We're getting really close to finalizing our bits for RTM but I will log a bug so that we can improve the experience for vNext.

Jun 8, 2012 at 8:02 PM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.