AspNetCore.Authentication.Basic 3.1.0

Easy to use and very light weight Microsoft style Basic Scheme Authentication implementation for ASP.NET Core.

Install-Package AspNetCore.Authentication.Basic -Version 3.1.0
dotnet add package AspNetCore.Authentication.Basic --version 3.1.0
<PackageReference Include="AspNetCore.Authentication.Basic" Version="3.1.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add AspNetCore.Authentication.Basic --version 3.1.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Readme and samples are available on github

Click here to open Github

Startup.cs (ASP.NET Core 3.0 or newer)
using AspNetCore.Authentication.Basic;
public class Startup
{
	public void ConfigureServices(IServiceCollection services)
	{
		// Add the Basic scheme authentication here..
        // It requires Realm to be set in the options if SuppressWWWAuthenticateHeader is not set.
        // If an implementation of IBasicUserValidationService interface is registered in the dependency register as well as OnValidateCredentials delegete on options.Events is also set then this delegate will be used instead of an implementation of IBasicUserValidationService.
        services.AddAuthentication(BasicDefaults.AuthenticationScheme)

            // The below AddBasic without type parameter will require OnValidateCredentials delegete on options.Events to be set unless an implementation of IBasicUserValidationService interface is registered in the dependency register.
            // Please note if both the delgate and validation server are set then the delegate will be used instead of BasicUserValidationService.
            //.AddBasic(options => { options.Realm = "My App"; });

            // The below AddBasic with type parameter will add the BasicUserValidationService to the dependency register. 
            // Please note if OnValidateCredentials delegete on options.Events is also set then this delegate will be used instead of BasicUserValidationService.
            .AddBasic<BasicUserValidationService>(options => { options.Realm = "My App"; });

		services.AddControllers();

		//// By default, authentication is not challenged for every request which is ASP.NET Core's default intended behaviour.
		//// So to challenge authentication for every requests please use below option instead of above services.AddControllers().
		//services.AddControllers(options => 
		//{
		//	options.Filters.Add(new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()));
		//});
	}

	public void Configure(IApplicationBuilder app, IHostingEnvironment env)
	{
		app.UseHttpsRedirection();

		// The below order of pipeline chain is important!
		app.UseRouting();

		app.UseAuthentication();
		app.UseAuthorization();

		app.UseEndpoints(endpoints =>
		{
			endpoints.MapControllers();
		});
	}
}
Startup.cs (ASP.NET Core 2.2)
using AspNetCore.Authentication.Basic;
public class Startup
{
	public void ConfigureServices(IServiceCollection services)
	{
		// Add the Basic scheme authentication here..
        // It requires Realm to be set in the options if SuppressWWWAuthenticateHeader is not set.
        // If an implementation of IBasicUserValidationService interface is registered in the dependency register as well as OnValidateCredentials delegete on options.Events is also set then this delegate will be used instead of an implementation of IBasicUserValidationService.
        services.AddAuthentication(BasicDefaults.AuthenticationScheme)

            // The below AddBasic without type parameter will require OnValidateCredentials delegete on options.Events to be set unless an implementation of IBasicUserValidationService interface is registered in the dependency register.
            // Please note if both the delgate and validation server are set then the delegate will be used instead of BasicUserValidationService.
            //.AddBasic(options => { options.Realm = "My App"; });

            // The below AddBasic with type parameter will add the BasicUserValidationService to the dependency register. 
            // Please note if OnValidateCredentials delegete on options.Events is also set then this delegate will be used instead of BasicUserValidationService.
            .AddBasic<BasicUserValidationService>(options => { options.Realm = "My App"; });

		services.AddMvc();

		//// By default, authentication is not challenged for every request which is ASP.NET Core's default intended behaviour.
		//// So to challenge authentication for every requests please use below option instead of above services.AddMvc().
		//services.AddMvc(options => 
		//{
		//	options.Filters.Add(new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()));
		//});
	}

	public void Configure(IApplicationBuilder app, IHostingEnvironment env)
	{
		app.UseAuthentication();
		app.UseMvc();
	}
}
BasicUserValidationService.cs
using AspNetCore.Authentication.Basic;
public class BasicUserValidationService : IBasicUserValidationService
{
	private readonly ILogger<BasicUserValidationService> _logger;
	
	public BasicUserValidationService(ILogger<BasicUserValidationService> logger)
	{
		_logger = logger;
	}

	public Task<bool> IsValidAsync(string username, string password)
	{
		try
		{
			// write your implementation here and return true or false depending on the validation..
			return Task.FromResult(true);
		}
		catch (Exception e)
		{
			_logger.LogError(e, e.Message);
			throw;
		}
	}
}

Configuration (BasicOptions)

Realm

Required to be set if SuppressWWWAuthenticateHeader is not set to true. It is used with WWW-Authenticate response header when challenging un-authenticated requests.

SuppressWWWAuthenticateHeader

Default value is false.
When set to true, it will NOT return WWW-Authenticate response header when challenging un-authenticated requests.
When set to false, it will return WWW-Authenticate response header when challenging un-authenticated requests.

Events

The object provided by the application to process events raised by the basic authentication middleware.
The application may implement the interface fully, or it may create an instance of BasicEvents and assign delegates only to the events it wants to process.

  • OnValidateCredentials
  • OnAuthenticationSucceeded
  • OnAuthenticationFailed
  • OnHandleChallenge
  • OnHandleForbidden

More details available on Github Click here to open Github

Readme and samples are available on github

Click here to open Github

Startup.cs (ASP.NET Core 3.0 or newer)
using AspNetCore.Authentication.Basic;
public class Startup
{
	public void ConfigureServices(IServiceCollection services)
	{
		// Add the Basic scheme authentication here..
        // It requires Realm to be set in the options if SuppressWWWAuthenticateHeader is not set.
        // If an implementation of IBasicUserValidationService interface is registered in the dependency register as well as OnValidateCredentials delegete on options.Events is also set then this delegate will be used instead of an implementation of IBasicUserValidationService.
        services.AddAuthentication(BasicDefaults.AuthenticationScheme)

            // The below AddBasic without type parameter will require OnValidateCredentials delegete on options.Events to be set unless an implementation of IBasicUserValidationService interface is registered in the dependency register.
            // Please note if both the delgate and validation server are set then the delegate will be used instead of BasicUserValidationService.
            //.AddBasic(options => { options.Realm = "My App"; });

            // The below AddBasic with type parameter will add the BasicUserValidationService to the dependency register. 
            // Please note if OnValidateCredentials delegete on options.Events is also set then this delegate will be used instead of BasicUserValidationService.
            .AddBasic<BasicUserValidationService>(options => { options.Realm = "My App"; });

		services.AddControllers();

		//// By default, authentication is not challenged for every request which is ASP.NET Core's default intended behaviour.
		//// So to challenge authentication for every requests please use below option instead of above services.AddControllers().
		//services.AddControllers(options => 
		//{
		//	options.Filters.Add(new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()));
		//});
	}

	public void Configure(IApplicationBuilder app, IHostingEnvironment env)
	{
		app.UseHttpsRedirection();

		// The below order of pipeline chain is important!
		app.UseRouting();

		app.UseAuthentication();
		app.UseAuthorization();

		app.UseEndpoints(endpoints =>
		{
			endpoints.MapControllers();
		});
	}
}
Startup.cs (ASP.NET Core 2.2)
using AspNetCore.Authentication.Basic;
public class Startup
{
	public void ConfigureServices(IServiceCollection services)
	{
		// Add the Basic scheme authentication here..
        // It requires Realm to be set in the options if SuppressWWWAuthenticateHeader is not set.
        // If an implementation of IBasicUserValidationService interface is registered in the dependency register as well as OnValidateCredentials delegete on options.Events is also set then this delegate will be used instead of an implementation of IBasicUserValidationService.
        services.AddAuthentication(BasicDefaults.AuthenticationScheme)

            // The below AddBasic without type parameter will require OnValidateCredentials delegete on options.Events to be set unless an implementation of IBasicUserValidationService interface is registered in the dependency register.
            // Please note if both the delgate and validation server are set then the delegate will be used instead of BasicUserValidationService.
            //.AddBasic(options => { options.Realm = "My App"; });

            // The below AddBasic with type parameter will add the BasicUserValidationService to the dependency register. 
            // Please note if OnValidateCredentials delegete on options.Events is also set then this delegate will be used instead of BasicUserValidationService.
            .AddBasic<BasicUserValidationService>(options => { options.Realm = "My App"; });

		services.AddMvc();

		//// By default, authentication is not challenged for every request which is ASP.NET Core's default intended behaviour.
		//// So to challenge authentication for every requests please use below option instead of above services.AddMvc().
		//services.AddMvc(options => 
		//{
		//	options.Filters.Add(new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()));
		//});
	}

	public void Configure(IApplicationBuilder app, IHostingEnvironment env)
	{
		app.UseAuthentication();
		app.UseMvc();
	}
}
BasicUserValidationService.cs
using AspNetCore.Authentication.Basic;
public class BasicUserValidationService : IBasicUserValidationService
{
	private readonly ILogger<BasicUserValidationService> _logger;
	
	public BasicUserValidationService(ILogger<BasicUserValidationService> logger)
	{
		_logger = logger;
	}

	public Task<bool> IsValidAsync(string username, string password)
	{
		try
		{
			// write your implementation here and return true or false depending on the validation..
			return Task.FromResult(true);
		}
		catch (Exception e)
		{
			_logger.LogError(e, e.Message);
			throw;
		}
	}
}

Configuration (BasicOptions)

Realm

Required to be set if SuppressWWWAuthenticateHeader is not set to true. It is used with WWW-Authenticate response header when challenging un-authenticated requests.

SuppressWWWAuthenticateHeader

Default value is false.
When set to true, it will NOT return WWW-Authenticate response header when challenging un-authenticated requests.
When set to false, it will return WWW-Authenticate response header when challenging un-authenticated requests.

Events

The object provided by the application to process events raised by the basic authentication middleware.
The application may implement the interface fully, or it may create an instance of BasicEvents and assign delegates only to the events it wants to process.

  • OnValidateCredentials
  • OnAuthenticationSucceeded
  • OnAuthenticationFailed
  • OnHandleChallenge
  • OnHandleForbidden

More details available on Github Click here to open Github

Release Notes

- Multitarget framework support added
- Source Link support added
- Strong Name Key support added
- SuppressWWWAuthenticateHeader added to configure options
- Events added to configure options

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated
3.1.0 523 8/16/2020
3.1.0-preview.1 142 6/29/2020
2.2.0 3,794 12/18/2019