softaware.Authentication.Hmac.AspNetCore
1.0.0
See the version list below for details.
Install-Package softaware.Authentication.Hmac.AspNetCore -Version 1.0.0
dotnet add package softaware.Authentication.Hmac.AspNetCore --version 1.0.0
<PackageReference Include="softaware.Authentication.Hmac.AspNetCore" Version="1.0.0" />
paket add softaware.Authentication.Hmac.AspNetCore --version 1.0.0
#r "nuget: softaware.Authentication.Hmac.AspNetCore, 1.0.0"
// Install softaware.Authentication.Hmac.AspNetCore as a Cake Addin
#addin nuget:?package=softaware.Authentication.Hmac.AspNetCore&version=1.0.0
// Install softaware.Authentication.Hmac.AspNetCore as a Cake Tool
#tool nuget:?package=softaware.Authentication.Hmac.AspNetCore&version=1.0.0
softaware.Authentication.Hmac
softaware.Authentication.Hmac.AspNetCore
Provides an AuthenticationHandler
which supports HMAC authentication in an ASP.NET Core project.
Usage:
- Get your HMAC authenticated clients, for example from the
appsettings.json
file. For HMAC authentication, anAppId
and anApiKey
is required for each client which should get access.
var hmacAuthenticatedApps = this.Configuration
.GetSection("Authentication")
.GetSection("HmacAuthenticatedApps")
.Get<HmacAuthenticationClientConfiguration[]>()
.ToDictionary(e => e.AppId, e => e.ApiKey);
{
"Authentication": {
"HmacAuthenticatedApps": [
{
"AppId": "<some-app-id>",
"ApiKey": "<some-api-key>"
}
]
}
}
- Enable HMAC authentication in
Startup.cs
in theConfigureServices
method:
services
.AddHmacAuthentication(HmacAuthenticationDefaults.AuthenticationScheme, "HMAC Authentication", o =>
{
o.MaxRequestAgeInSeconds = HmacAuthenticationDefaults.MaxRequestAgeInSeconds;
o.HmacAuthenticatedApps = hmacAuthenticatedApps;
});
- Add
MemoryCache
(from Microsoft.Extensions.Caching.Memory) inStartup.cs
in theConfigureServices
method. TheMemoryCache
is used by the HMACAuthenticationHandler
to determine replay attacks.
services.AddMemoryCache();
- Enable authentication in
Startup.cs
in theConfigure
method:
app.UseAuthentication();
- Optional: Specify HMAC as the authentication scheme for certain controllers:
[Authorize(AuthenticationSchemes = HmacAuthenticationDefaults.AuthenticationScheme)]
[Route("api/[controller]")]
public class HomeController : Controller
{
// ...
}
softaware.Authentication.Hmac.Client
Provides a DelegatingHandler
for adding an HMAC authorization header to HTTP requests.
Instantiate your HttpClient instance with the ApiKeyDelegatingHandler
:
new HttpClient(new ApiKeyDelegatingHandler(appId, apiKey));
Or in case your WebAPI client is another ASP.NET WebAPI (>= ASP.NET Core 2.1), register your HttpClient
in the Startup.cs
for example as follows:
services.AddTransient(sp => new ApiKeyDelegatingHandler(appId, apiKey));
services
.AddHttpClient("HmacHttpClient")
.AddHttpMessageHandler<ApiKeyDelegatingHandler>();
Generate HMAC AppId and ApiKey
To generate an API Key, the following simple Console Application can be used. This implementation is also provided on .NET Fiddle.
using System.Security.Cryptography;
public class Program
{
public static void Main()
{
Console.WriteLine($"AppID: {Guid.NewGuid()} or <some-speaking-name>");
Console.WriteLine($"ApiKey: {GenerateApiKey()}");
}
private static string GenerateApiKey()
{
using (var cryptoProvider = new RNGCryptoServiceProvider())
{
byte[] secretKeyByteArray = new byte[32]; //256 bit
cryptoProvider.GetBytes(secretKeyByteArray);
return Convert.ToBase64String(secretKeyByteArray);
}
}
}
Product | Versions |
---|---|
.NET | net5.0 net5.0-windows net6.0 net6.0-android net6.0-ios net6.0-maccatalyst net6.0-macos net6.0-tvos net6.0-windows |
.NET Core | netcoreapp2.0 netcoreapp2.1 netcoreapp2.2 netcoreapp3.0 netcoreapp3.1 |
.NET Standard | netstandard2.0 netstandard2.1 |
.NET Framework | net461 net462 net463 net47 net471 net472 net48 |
MonoAndroid | monoandroid |
MonoMac | monomac |
MonoTouch | monotouch |
Tizen | tizen40 tizen60 |
Xamarin.iOS | xamarinios |
Xamarin.Mac | xamarinmac |
Xamarin.TVOS | xamarintvos |
Xamarin.WatchOS | xamarinwatchos |
-
.NETStandard 2.0
- Microsoft.AspNetCore.Authentication (>= 2.1.1)
- Microsoft.Extensions.Caching.Memory (>= 2.1.1)
- softaware.Authentication.Hmac (>= 1.0.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.