Announcing FakeAuth 2.0 now with AllowedHosts Option

Earlier today FakeAuth was updated to 2.0.0. With this release we:

removed obsolete extension methods from previous versions
introduced one breaking change in the HttpClient Extension method (we fixed a typo from SetFakeAuthClaimns to SetFakeAuthClaims )
introduced a new feature called AllowedHosts that was added to the FakeAuthOptions class

AllowedHosts

In previous versions, only localhost was allowed when using FakeAuth. This is for security reasons, and to make sure that you never run FakeAuth on a production web app. FakeAuth overrides the normal ASP.NET authentication pipeline with pre-determined claims, and is only intended for development and testing purposes. Localhost only is still the default, but now you can add additional hosts that FakeAuth will run on. This is useful when localhost isn’t an option – for example, running tests and code on different servers, or in multiple containers.

// FakeAuth with in-line custom options
services.AddAuthentication()
    .AddFakeAuth((options) =>
    {
        // Adding Claims directly to each request -- for testing / demos
        options.Claims.Add(new Claim(ClaimTypes.Name, "Fake User"));
        options.Claims.Add(new Claim(ClaimTypes.Role, "Expense_Approver"));
        options.Claims.Add(new Claim("Approval_Limit", "25.00"));
        options.Claims.Add(new Claim("Approval_Currency", "USD"));
        options.Claims.Add(new Claim("Preffered_Location", "Disney Island"));

        // adding AllowedHosts so we can test from non-localhost scenarios
        options.AllowedHosts.Add("my-container-host");
        options.AllowedHosts.Add("my-ci-qa-server");
        options.AllowedHosts.Add(FakeAuthOptions.DefaultAllowedHost); // localhost
        });

Right now, this is a very code-centric approach (showing the dev-centric origins of FakeAuth), for future versions we’re looking at ways to make the options more “bindable” with .net settings files so they can be more easily configured per environment.

Extra thanks to my friend Floyd May for suggesting the AllowedHosts feature and creating the pull request. He also helped a ton with some GitHub actions/ci clean up that was needed. Go check out Floyd's consulting company and if you need a fantastic architect and mentor - give him a call. Thanks Floyd! 🎉

Grab the latest FakeAuth from GitHub and pull down the fresh nuget bits!

Have an idea for FakeAuth? Feel like we’re missing an edge case? Post to the GitHub issues.