Mihir.AspNetCore.Authentication.Basic
2.0.1
AspNetCore.Authentication.Basic
Additional DetailsThis NuGet package has been made obsolete and moved to a new package named 'AspNetCore.Authentication.Basic'. Please consider removing this package and download the new one as there will be no future updates on this package. Sorry for the inconvenience caused. This was done purely for the naming of the package. New package name is 'AspNetCore.Authentication.Basic' which can be downloaded using NuGet Package Manager or from AspNetCore.Authentication.Basic.
dotnet add package Mihir.AspNetCore.Authentication.Basic --version 2.0.1
NuGet\Install-Package Mihir.AspNetCore.Authentication.Basic -Version 2.0.1
<PackageReference Include="Mihir.AspNetCore.Authentication.Basic" Version="2.0.1" />
paket add Mihir.AspNetCore.Authentication.Basic --version 2.0.1
#r "nuget: Mihir.AspNetCore.Authentication.Basic, 2.0.1"
// Install Mihir.AspNetCore.Authentication.Basic as a Cake Addin #addin nuget:?package=Mihir.AspNetCore.Authentication.Basic&version=2.0.1 // Install Mihir.AspNetCore.Authentication.Basic as a Cake Tool #tool nuget:?package=Mihir.AspNetCore.Authentication.Basic&version=2.0.1
AspNetCore.Authentication.Basic
Easy to use and very light weight Microsoft style Basic Scheme Authentication Implementation for ASP.NET Core.
Installing
This library is published on NuGet. So the NuGet package can be installed directly to your project if you wish to use it without making any custom changes to the code.
Download directly from below link. Please consider downloading the new package as the old one has been made obsolete.
New Package link - AspNetCore.Authentication.Basic.
Old Package link - Mihir.AspNetCore.Authentication.Basic.
Or by running the below command on your project.
PM> Install-Package AspNetCore.Authentication.Basic
Example Usage
Setting it up is quite simple. You will need basic working knowledge of ASP.NET Core 2.2 or newer to get started using this code.
On Startup.cs, as shown below, add 2 lines in ConfigureServices method services.AddAuthentication(BasicDefaults.AuthenticationScheme).AddBasic<BasicUserValidationService>(options => { options.Realm = "My App"; });
. And a line app.UseAuthentication();
in Configure method.
Also add an implementation of IBasicUserValidationService as shown below in BasicUserValidationService.cs.
NOTE: Always use HTTPS (SSL Certificate) protocol in production when using Basic authentication.
Startup.cs (ASP.NET Core 3.0 or newer)
using AspNetCore.Authentication.Basic;
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
// Add the Basic scheme authentication here..
// AddBasic extension takes an implementation of IBasicUserValidationService for validating the username and password.
// It also requires Realm to be set in the options.
services.AddAuthentication(BasicDefaults.AuthenticationScheme)
.AddBasic<BasicUserValidationService>(options => { options.Realm = "My App"; });
services.AddControllers();
//// By default, authentication is not challenged for every request which is ASP.NET Core's default intended behaviour.
//// So to challenge authentication for every requests please use below option instead of above services.AddControllers().
//services.AddControllers(options =>
//{
// options.Filters.Add(new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()));
//});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseHttpsRedirection();
// The below order of pipeline chain is important!
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
Startup.cs (ASP.NET Core 2.2)
using AspNetCore.Authentication.Basic;
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
// Add the Basic scheme authentication here..
// AddBasic extension takes an implementation of IBasicUserValidationService for validating the username and password.
// It also requires Realm to be set in the options.
services.AddAuthentication(BasicDefaults.AuthenticationScheme)
.AddBasic<BasicUserValidationService>(options => { options.Realm = "My App"; });
services.AddMvc();
//// By default, authentication is not challenged for every request which is ASP.NET Core's default intended behaviour.
//// So to challenge authentication for every requests please use below option instead of above services.AddMvc().
//services.AddMvc(options =>
//{
// options.Filters.Add(new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()));
//});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseAuthentication();
app.UseMvc();
}
}
BasicUserValidationService.cs
using AspNetCore.Authentication.Basic;
public class BasicUserValidationService : IBasicUserValidationService
{
private readonly ILogger<BasicUserValidationService> _logger;
public BasicUserValidationService(ILogger<BasicUserValidationService> logger)
{
_logger = logger;
}
public Task<bool> IsValidAsync(string username, string password)
{
try
{
// write your implementation here and return true or false depending on the validation..
return Task.FromResult(true);
}
catch (Exception e)
{
_logger.LogError(e, e.Message);
throw;
}
}
}
Additional Notes
Please note that, by default, with ASP.NET Core, all the requests are not challenged for authentication. So don't worry if your BasicUserValidationService is not hit when you don't pass the required basic authentication details with the request. It is a normal behaviour. ASP.NET Core challenges authentication only when it is specifically told to do so either by decorating controller/method with [Authorize] filter attribute or by some other means.
However, if you want all the requests to challenge authentication by default, depending on what you are using, you can add the below options line to ConfigureServices method on Startup class.
services.AddControllers(options =>
{
options.Filters.Add(new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()));
});
// OR
services.AddMvc(options =>
{
options.Filters.Add(new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()));
});
If you are not using MVC but, using Endpoints on ASP.NET Core 3.0 or newer, you can add a chain method .RequireAuthorization()
to the endpoint map under Configure method on Startup class as shown below.
app.UseEndpoints(endpoints =>
{
endpoints.MapGet("/", async context =>
{
await context.Response.WriteAsync("Hello World!");
}).RequireAuthorization(); // NOTE THIS HERE!!!!
});
References
- Creating an authentication scheme in ASP.NET Core 2.0
- aspnet/Security
- ASP.NET Core Security documentation
- RFC 7617: Technical spec for HTTP Basic
License
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
.NET Core | netcoreapp2.0 was computed. netcoreapp2.1 was computed. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
.NET Standard | netstandard2.0 is compatible. netstandard2.1 was computed. |
.NET Framework | net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 was computed. net481 was computed. |
MonoAndroid | monoandroid was computed. |
MonoMac | monomac was computed. |
MonoTouch | monotouch was computed. |
Tizen | tizen40 was computed. tizen60 was computed. |
Xamarin.iOS | xamarinios was computed. |
Xamarin.Mac | xamarinmac was computed. |
Xamarin.TVOS | xamarintvos was computed. |
Xamarin.WatchOS | xamarinwatchos was computed. |
-
.NETStandard 2.0
- Microsoft.AspNetCore.Authentication (>= 2.2.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
This NuGet package has been made obsolete and moved to a new package named 'AspNetCore.Authentication.Basic'. Please consider removing this package and download the new one as there will be no future updates on this package. Sorry for the inconvenience caused. This was done purely for the naming of the package. New package name is 'AspNetCore.Authentication.Basic' which can be downloaded using NuGet Package Manager or from AspNetCore.Authentication.Basic.