NUnitAsp is a great tool for running web "smoke tests" from your continuous integration environment.  (You do have your CI env't setup, don't you? ;)  NUnitAsp is also a handy tool to automatically preload and check all of your web pages after a deployment has been performed.  It only becomes a little tricky when you want to test secure web pages protected with Forms Authentication.  If your site is using Windows Integrated security, the security is trivially bypassed by passing credentials to the framework's virtual browser.  But with Forms Authentication, the actual login page should to be invoked to setup the user credentials and perform other application-specific actions.

The following derived class from NUnitAsp's WebFormTestCase class creates a Forms Authentication session by invoking the login page of the application, populating the username and password fields with real data, and submitting the form to allow the web application to set up the authentication session.  As a limitation of the framework, before every NUnitAsp unit test, the virtual browser used by NUnitAsp, along with the current Forms Authentication session, gets trashed.  At first, this implies that you must invoke the login page before every unit test; but by grabbing the cookies created by the first invocation of the login page and reusing them on subsequent tests, you only need to invoke the login page once.  This significantly cuts down on the time it takes to run a number of NUnitAsp tests at once.

public class FormsAuthenticatedWebFormTestCase : WebFormTestCase { protected override void SetUp() { base.SetUp(); if (FormsAuthenticationCookies != null) { Browser.Cookies.Add(FormsAuthenticationCookies); } else { LoginToApplication(); FormsAuthenticationCookies = Browser.Cookies.GetCookies(Browser.CurrentUrl); } } private CookieCollection FormsAuthenticationCookies { get { return (CookieCollection) CallContext.GetData("FormsAuthenticationCookies"); } set { CallContext.SetData("FormsAuthenticationCookies", value); } } private void LoginToApplication() { Browser.GetPage(LOGIN_PAGE_URL); TextBoxTester txtUsername = new TextBoxTester(ID_OF_USERNAME_TEXTBOX, CurrentWebForm); TextBoxTester txtPassword = new TextBoxTester(ID_OF_PASSWORD_TEXTBOX, CurrentWebForm); ButtonTester btnLogin = new ButtonTester(ID_OF_SUBMIT_BUTTON, CurrentWebForm); txtUsername.Text = APP_USERNAME; txtPassword.Text = APP_PASSWORD; btnLogin.Click(); } }

I'd rather use composition over inheritance of the WebFormTestCase but since the WebFormTestCase's Browser object is protected, it's not accessible unless you inherit from it, use reflection, or use another technique to bypass the protected accessor.

With this extension to NUnitAsp to test secure applications, it's a no-brainer to include NUnitAsp in your test suite.  You'll find that it takes a lot of guess work out of knowing if a deployment was successful.

Billy McCafferty