public void ShouldReturnUnauthorizedWhenNotAuthenticated()
{
_principal.SetupGet(x => x.Identity.IsAuthenticated).Returns(false);
_principal.SetupGet(x => x.Identity.Name).Returns("foo");
var httpAuthenticationContext = new HttpAuthenticationContext(_httpActionContext, _principal.Object);
var attribute = new BlogApiAuthorizationAttribute();
attribute.OnAuthentication(httpAuthenticationContext);
Assert.IsNotNull(httpAuthenticationContext.ErrorResult);
}