问题
How to use basic authentication in asp.net core api? I have below asp.net web api controller. how to use the middleware for authentication or any other method to achieve the basic authentication in asp.net core web api.
namespace Test.Web.Controllers
{
[Route("api/[controller]")]
public class TestAPIController : Controller
{
// GET: api/<controller>
[HttpGet]
public IEnumerable<string> Get()
{
return new string[] { "value1", "value2" };
}
// GET api/<controller>/5
[HttpGet("{id}")]
public string Get(int id)
{
return "value";
}
// POST api/<controller>
[HttpPost]
public void Post([FromBody]string value)
{
}
// PUT api/<controller>/5
[HttpPut("{id}")]
public void Put(int id, [FromBody]string value)
{
}
// DELETE api/<controller>/5
[HttpDelete("{id}")]
public void De`enter code here`lete(int id)
{
}
}
}
I have seen below middleware. How to use the middleware in the controller? Do I need to configure any additional setting?
public class AuthenticationMiddleware
{
private readonly RequestDelegate _next;
public AuthenticationMiddleware(RequestDelegate next)
{
_next = next;
}
public async Task Invoke(HttpContext context)
{
string authHeader = context.Request.Headers["Authorization"];
if (authHeader != null && authHeader.StartsWith("Basic"))
{
//Extract credentials
string encodedUsernamePassword = authHeader.Substring("Basic ".Length).Trim();
Encoding encoding = Encoding.GetEncoding("iso-8859-1");
string usernamePassword = encoding.GetString(Convert.FromBase64String(encodedUsernamePassword));
int seperatorIndex = usernamePassword.IndexOf(':');
var username = usernamePassword.Substring(0, seperatorIndex);
var password = usernamePassword.Substring(seperatorIndex + 1);
if(username == "test" && password == "test" )
{
await _next.Invoke(context);
}
else
{
context.Response.StatusCode = 401; //Unauthorized
return;
}
}
else
{
// no authorization header
context.Response.StatusCode = 401; //Unauthorized
return;
}
}
}
回答1:
You're almost there .
- if you want to use Basic Authentication globally , just add a
UseMiddleware<YourBasicMiddleware>()beforeUseMvc(). - I guess you want to use basic authentication middlware for some particular controller and action . To do that ,
Just Add a class that has a public void Configure(IApplication) method :
public class BasicFilter
{
public void Configure(IApplicationBuilder appBuilder) {
// note the AuthencitaionMiddleware here is your Basic Authentication Middleware ,
// not the middleware from the Microsoft.AspNetCore.Authentication;
appBuilder.UseMiddleware<AuthenticationMiddleware>();
}
}
and now you can use the middleware to filter some action :
[Route("api/[controller]")]
[MiddlewareFilter(typeof(BasicFilter))]
[ApiController]
public class TestApiController : ControllerBase
{
// ...
}
Now when you send a request without the authencation header :
GET https://localhost:44371/api/TestApi HTTP/1.1
the Response will be :
HTTP/1.1 401 Unauthorized
Server: Kestrel
X-SourceFiles: =?UTF-8?B?RDpccmVwb3J0XDgtMjNcU08uQmFzaWNBdXRoTWlkZGxld2FyZVxXZWJBcHBcV2ViQXBwXGFwaVxUZXN0QXBp?=
X-Powered-By: ASP.NET
Date: Thu, 23 Aug 2018 09:49:24 GMT
Content-Length: 0
and if you send the request with a basic authentication header ,
GET https://localhost:44371/api/TestApi HTTP/1.1
Authorization: Basic dGVzdDp0ZXN0
it will hit the correct action .
来源:https://stackoverflow.com/questions/51979589/how-to-use-basic-authentication-in-my-application