ASP.NET + NUnit : Good unit testing strategy for HttpModule using .NET 4

Question

I have the following HttpModule that I wanted to unit test. Problem is I am not allowed to change the access modifiers/static as they need to be as it is. I was wondering what would be the best method to test the following module. I am still pretty new in testing stuff and mainly looking for tips on testing strategy and in general testing HttpModules. Just for clarification, I am just trying to grab each requested URL(only .aspx pages) and checking if the requested url has permission (for specific users in our Intranet). So far it feels like I can't really test this module(from productive perspective).

public class PageAccessPermissionCheckerModule : IHttpModule
    {
        [Inject]
        public IIntranetSitemapProvider SitemapProvider { get; set; }
        [Inject]
        public IIntranetSitemapPermissionProvider PermissionProvider { get; set; }

        public void Init(HttpApplication context)
        {
            context.PreRequestHandlerExecute += ValidatePage;
        }

        private void EnsureInjected()
        {
            if (PermissionProvider == null)
                KernelContainer.Inject(this);
        }

        private void ValidatePage(object sender, EventArgs e)
        {
            EnsureInjected();

            var context = HttpContext.Current ?? ((HttpApplication)sender).Context;

            var pageExtension = VirtualPathUtility.GetExtension(context.Request.Url.AbsolutePath);

            if (context.Session == null || pageExtension != ".aspx") return;

            if (!UserHasPermission(context))
            {
                KernelContainer.Get<UrlProvider>().RedirectToPageDenied("Access denied: " + context.Request.Url);
            }
        }

        private bool UserHasPermission(HttpContext context)
        {
            var permissionCode = FindPermissionCode(SitemapProvider.GetNodes(), context.Request.Url.PathAndQuery);

            return PermissionProvider.UserHasPermission(permissionCode);
        }

        private static string FindPermissionCode(IEnumerable<SitemapNode> nodes, string requestedUrl)
        {
            var matchingNode = nodes.FirstOrDefault(x => ComparePaths(x.SiteURL, requestedUrl));

            if (matchingNode != null)
                return matchingNode.PermissionCode;

            foreach(var node in nodes)
            {
                var code = FindPermissionCode(node.ChildNodes, requestedUrl);
                if (!string.IsNullOrEmpty(code))
                    return code;
            }

            return null;
        }  
        public void Dispose() { }
    }

Answer 1

Testing HttpHandlers can be tricky. I would recommend you create a second library and place the functionality you want to test there. This would also get you a better separation of concerns.