I'm using FastEndpoints and cookie authentication to for my REST API. For that I have a specialized endpoint for logging in:
await HttpContext.SignInAsync(await HttpContext.GetCookieAuthenticationSchemeAsync(), CreatePrincipal(), new AuthenticationProperties());
This works fine when called from Swagger or integration tests that are based on FastEndpoint's AppFixture. Obviously, the client automatically takes the cookies from the endpoint and adds them whereever necessary.
Now, I want to create a logout.
So parallel to the login, I'm using this method:
if (User.Identity?.IsAuthenticated == true)
{
await httpContext.SignOutAsync();
}
This works in Swagger, but not in the tests. I thought maybe the cookies don't get send correctly, so I added
var siteCookies = HttpContext.Request.Cookies;
foreach (var cookie in siteCookies)
{
httpContext.Response.Cookies.Delete(cookie.Key);
// OR
var opts = new CookieOptions();
opts.Expires = DateTimeOffset.MinValue;
httpContext.Response.Cookies.Append(cookie.Key, string.Empty, opts);
}
And I can see the correct cookies being marked as deleted, but the AppFixture won't pick up on it. So I changed that to:
public class MyApiFixture : AppFixture<Program>
{
public void CreateMyClient()
{
var options = new ClientOptions
{
HandleCookies = false, // we handle cookies