Skip to content

shubh-admin/Bazinga.AspNetCore.Authentication.Basic

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
Basic.sln
Basic.sln
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
appveyor.yml
appveyor.yml
 
 
codecov.yml
codecov.yml
 
 
coverage.ps1
coverage.ps1
 
 
global.json
global.json
 
 

Repository files navigation

Bazinga.AspNetCore.Authentication.Basic

Build status NuGet codecov Basic Authentication for Microsoft ASP.NET Core Security

Microsoft doesn't ship a Basic Authentication package with ASP.NET Core Security for a good reason. While that doesn't stop us needing such implementation for testing, this is not advised for production systems due to the many pitfalls and insecurities.

Sample usages, with hard-coded credentials:

public void ConfigureServices(IServiceCollection services)
{
    services.AddMvc();
    services.AddAuthentication(BasicAuthenticationDefaults.AuthenticationScheme)
        .AddBasicAuthentication(credentials => 
            Task.FromResult(
                credentials.username == "myUsername" 
                && credentials.password == "myPassword"));
}

Or by defining a service to register. Allowing your validator to take dependencies through Dependency Injection:

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthorization()
        .AddBasicAuthentication<DatabaseBasicCredentialVerifier>();
}

// With your own validator
public class DatabaseBasicCredentialVerifier : IBasicCredentialVerifier
{
    private readonly IUserRepository _db;
    
    public DatabaseBasicCredentialVerifier(IUserRepository db) => _db = db;

    public Task<bool> Authenticate(string username, string password)
    {
        return _db.IsValidAsync(username, password);
    }
}

And finally, since ASP.NET Core 2.0, the single middeware for authentication:

public void Configure(IApplicationBuilder app)
{
    app.UseAuthentication();
    app.AddMvc();
}

If you need to include your own claim types, after the user is authenticated, an event called OnCredentialsValidated is dispatched, see the code below:

public void ConfigureServices()
{
    services.AddAuthentication(BasicAuthenticationDefaults.AuthenticationScheme)
        .AddBasicAuthentication<BasicAuthenticationVerifier>(options => {
            options.Events = new BasicAuthenticationEvents()
            {
                OnCredentialsValidated = (context) =>
                {
                    context.Principal = new ClaimsPrincipal(); // New instance of claims principal with your claims
                    return Task.FromResult(context);
                }
            };
        });

}

If inside the function you need call a service from DI, you can use:

public void ConfigureServices()
{
    services.AddAuthentication(BasicAuthenticationDefaults.AuthenticationScheme)
        .AddBasicAuthentication<BasicAuthenticationVerifier>(options => {
            options.Events = new BasicAuthenticationEvents()
            {
                OnCredentialsValidated = (context) =>
                {
                    var authService = context.HttpContext.RequestServices.GetRequiredService<AuthenticationService>();

                    context.Principal = authService.GetClaimPrincipal(); // New instance of claims principal with your claims
                    return Task.FromResult(context);
                }
            };
        });

}

For better understanding of the ASP.NET Core Identity, see Microsoft docs

License

Licensed under MIT

About

Basic Authentication for Microsoft ASP.NET Core Authentication

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

1 tags

Packages

 
 
 

Contributors

Languages

  • C# 94.5%
  • PowerShell 5.5%