This example demonstrates:
- Exporting data as CSV using
raw,separator,columnsannotations - HTTP Basic Authentication with password hashing
- Mapping authenticated username to function parameters via
user_params - SSL/HTTPS configuration for secure credential transmission
Basic Authentication transmits credentials encoded in Base64 - this is NOT encryption. Without SSL/TLS, credentials can be intercepted by anyone on the network.
Never use Basic Auth over plain HTTP in production!
The application needs a certificate file. Export the ASP.NET Core development certificate:
dotnet dev-certs https --export-path ./5_csv_basic_auth/localhost.pfx --password dev123This creates a localhost.pfx file that Kestrel can use.
Trust the certificate to avoid browser warnings:
dotnet dev-certs https --trustYou may be prompted for your system password.
Check if you have a valid and trusted development certificate:
dotnet dev-certs https --check --trustnpgsqlrest --config ./5_csv_basic_auth/config.jsonThe application will start on https://localhost:8080
Using curl:
curl -k -u admin:secret123 https://localhost:8080/api/example-5-public/sales-reportNote: The -k flag allows curl to accept the self-signed certificate.
Using browser:
- Navigate to https://localhost:8080
- Click the download link
- Enter credentials when prompted:
admin/secret123
{
"Urls": "https://localhost:8080",
"Ssl": {
"Enabled": true,
"UseHttpsRedirection": false,
"UseHsts": false
},
"Kestrel": {
"Endpoints": {
"Https": {
"Url": "https://localhost:8080",
"Certificate": {
"Path": "./5_csv_basic_auth/localhost.pfx",
"Password": "dev123"
}
}
}
}
}| Setting | Value | Description |
|---|---|---|
Ssl.Enabled |
true |
Enables Kestrel HTTPS configuration |
Ssl.UseHttpsRedirection |
false |
Not needed when only HTTPS is used |
Ssl.UseHsts |
false |
Disabled for development (enable in production) |
{
"AuthenticationOptions": {
"DefaultAuthenticationType": "example_5",
"BasicAuth": {
"SslRequirement": "Required"
}
}
}| Setting | Value | Description |
|---|---|---|
DefaultAuthenticationType |
"example_5" |
Required for user_params - sets IsAuthenticated=true |
SslRequirement |
"Required" |
Rejects Basic Auth over plain HTTP |
comment on function example_5_public.sales_report(text) is '
HTTP GET
@raw
@separator ,
@new_line \n
@columns
Content-Type: text/csv
Content-Disposition: attachment; filename="sales_report.csv"
@basic_auth admin lgjSqahngJF9DN0W+2vAf+EDgxSs14e9ag+DezupGdsftJJ8DUphu6cfroMB6Uqp
@user_params';| Annotation | Description |
|---|---|
basic_auth admin <hash> |
Requires Basic Auth with username admin and hashed password |
user_params |
Maps authenticated username to _user_name parameter |
Generate a password hash using:
npgsqlrest --hash your_passwordExample:
npgsqlrest --hash secret123
# Output: lgjSqahngJF9DN0W+2vAf+EDgxSs14e9ag+DezupGdsftJJ8DUphu6cfroMB6UqpClean and recreate certificate:
dotnet dev-certs https --clean
dotnet dev-certs https --trustmacOS Keychain: If prompted, allow the certificate to be trusted in Keychain Access.
Windows: Run the command prompt as Administrator if trust fails.
Ensure the application is running and listening on the correct port:
[12:00:00.000 INF] Now listening on: https://localhost:8080
For development, you can proceed past the browser warning. In production, use a proper certificate from a trusted CA.