BasicHeaderAuthentication.AspNetCore
1.0.0
See the version list below for details.
dotnet add package BasicHeaderAuthentication.AspNetCore --version 1.0.0
NuGet\Install-Package BasicHeaderAuthentication.AspNetCore -Version 1.0.0
<PackageReference Include="BasicHeaderAuthentication.AspNetCore" Version="1.0.0" />
paket add BasicHeaderAuthentication.AspNetCore --version 1.0.0
#r "nuget: BasicHeaderAuthentication.AspNetCore, 1.0.0"
// Install BasicHeaderAuthentication.AspNetCore as a Cake Addin #addin nuget:?package=BasicHeaderAuthentication.AspNetCore&version=1.0.0 // Install BasicHeaderAuthentication.AspNetCore as a Cake Tool #tool nuget:?package=BasicHeaderAuthentication.AspNetCore&version=1.0.0
Basic Header Authentication
This package is designed to provide basic header authentication to .NET core 2.x / 3x. This is intended for usage with API's where a single header can be used as a "key" that has been provided to a consumer.
Warning: This header is transmitted in plain-text. This means it's subject to man in the middle attacks. If you are securing important information such as medical data, credit cards, or personal information. You should consider a more secure method for authentication. If you can't. Please look into adding a method of forward secrecy to your authenticator code in your application.
IBasicHeaderAuthenticator
It's your applications responsibility to check if a value supplied in the authentication header is valid. This is done by creating a class that inherits IBasicHeaderAuthenticator and registering it at startup as shown below. You return null if validation fails which will terminate the request as Unauthorized. You return a ClaimsPrincipal class if validation passes. If you return an empty ClaimsPrincipal as shown below. It will be auto populated with a Name claim containing the header value as User.Identity.Name
.
Note: This example only checks if a value supplied in the request exists, and is not null, or empty. You should use this method to check if the value exists in a database, or dictionary / list etc..
public class BasicHeaderAuthenticator : IBasicHeaderAuthenticator
{
public async Task<ClaimsPrincipal> SignIn(string value)
{
return string.IsNullOrEmpty(value) ? null : new ClaimsPrincipal();
}
}
Note: Make sure this line is before AddAuthentication, and AddBasicHeaderAuthentication
services.AddTransient<IBasicHeaderAuthenticator, BasicHeaderAuthenticator>();
Configuration
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = BasicHeaderAuthenticationOptions.DefaultScheme;
options.DefaultChallengeScheme = BasicHeaderAuthenticationOptions.DefaultScheme;
}).AddBasicHeaderAuthentication(options =>
{
options.HeaderKey = "X-AuthKey"; // You can use any header key you wish.
});
Authorization
You can use the [Authorize(AuthenticationSchemes = BasicHeaderAuthenticationOptions.DefaultScheme)]
attribute out of the box. However, If you wish to use the [Authorize]
attribute without having to supply an authenticator scheme each time. You can add the following code after AddBasicHeaderAuthentication.
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder(BasicHeaderAuthenticationOptions.DefaultScheme)
.RequireAuthenticatedUser()
.Build();
});
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
.NET Core | netcoreapp3.1 is compatible. |
-
.NETCoreApp 3.1
- Microsoft.AspNetCore.Authentication (>= 2.2.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.