How to implement Basic Authentication middleware in ASP.NET

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

basic authentication is a very simple authentication mechanism for authenticating users in web apis in basic authentication the the client application which is trying to access an authenticated web API needs to pass the username and password combination into the HTTP header in the HTTP request and then on the server these credentials will be used to validate the user basic authentication is extremely simple to implement but it has some security limitation and it is not as secure as other authentication mechanism like auth or JWT but it can be really useful for simple web application to just go ahead and use a basic authentication mechanism so here I have a web API which is created using the default template of asp.net and it comes with the weather controller so what we are going to do is we are going to create a basic authentication Handler for this service and then we are going to test it using Postman so if I run this application it is going to show up the default Swagger and here we can see the weather forecast we can try it out and it is going to return 200 as expected now if we go back here if we have to implement the basic Authentication we can go ahead and create a new middleware for handling the basic Authentication and if you are new to creating middleware I have a video on how to create middleware in asp.net and I'm going to share the link in the description below so we can name this class as basic or Handler and inside of this class we can create the Constructor and the Constructor is going to take the request delegate and we usually name it as next and then it will also take a realm and then I can just create both of these variable locally and then after that what we have to do is we have to implement the invoke async method the asp.net middleware work with the convention based mechanism meaning when a middleware is configured with a class it will try to find the invoke async method and try to execute that so we'll create a invoke async and which will take an HTTP context and then after that what we are going to do here is first thing we'll do is if the header is missing then we want to just return unauthorized error so for that what we can do is we will check if context Dot request dot headers and here we can do contains key and if it is missing the authorization then what we want to do is we want to send the authorization error so for that we are going to set the response so we can say context Dot response Dot status code is equal to 401 and we can do yeah wait context dot response Dot write a sync and here we can just say unauthorized so if authorization header is missing it is unauthorized otherwise we can take the VAR second context dot request dot adder authorization so it pick up the authorization header and then authorization header is going to give the encoded user ID and password so we can say VAR coded credentials is equal to we can take the header from here Dot substring of 6 y 6 should be let me just do a two string here or I can do this two string here so we can do substring of Sig Y6 because we are going to pass basic and the space before the token so that will mean six characters so we'll take after the sixth character and after that we'll do bar credential is equal to encoding Dot utf8 dot get string and here we are going to pass convert dot 2 base 64 string of the encoded credits so this is going to give us the credential and then we can break the credential in semicolon because usually how the credential comes it's usually in this format it is basic space and then user ID column password and the user ID and password is usually base64 encoded so that is why first we are getting it we are taking a substring because this is six characters so we are taking a substring of six and then we are getting the string from the end base64 encoded value so that's what we did then what we are going to do is we are going to do string uid PWD is equal to and we'll take the credentials that we got and here we are going to do a split we are going to do a split on column that's what we are going to do and then we can see VAR uid is equal to uid password of 0 and password is equal to uid password of 1. and then here for the time being I can just do hard-coded implementation because I don't have any data storage but ideally here we can go into a data storage and figure out if user ID and password matches and then return authenticated response but here I'll just say if user ID is not equal to John and password is not equal to for password let's just keep it as password then we're going to do the same thing as before we are going to return we're going to write the 401 in the response and return it and finally afterwards if user ID and password matches John and password then we are just going to continue with the next middleware in the pipeline so here we are going to say context it's pretty much it so this is our authentication and learn after that what we can do is we can come here and here we can do app Dot use middleware and for the middleware we are going to use basic auth Handler and the Constructor of the basic auth Handler takes a realm so we are going to pass a realm here and it can be test for the time being so once we have that now our server is ready to use authentication mechanism so now if we run this application and if we go here we try it out and execute we are getting 4 1 as error code which is what we return as a authentication failure so here now what we can do our basic authentication mechanism is working as expected next we can open Postman we can paste the URL of weather forecast and then what we can do is we go into the authorization tab and here we can select the basic auth and for username past John and for password we are going to pass password Here can see it's possible because this is what we are expecting John and password and now if we execute I have a issue here in the code instead of request I have used response that is why I was getting this error so this should be request and the other change that we should do is we should make it as R because either user ID is not equal to John or password is not equal to password then we should return the error response so let's start this application now and once the application is started you can go back here try it out and now we can see the response is working as expected now let's change this to John 1 and we should see error and we can see unauthorized 401 as expected so this is how extremely easily you can Implement basic Authentication using an extremely simple basic authentication Handler within few minutes and if you are using a database for this one any type of database it should be straightforward where username and password can be saved so that is all I wanted to cover for today's video If you like this video please give it a thumbs up and if you are new to this Channel and you think you are getting value out of this Channel please subscribe to the channel and thanks so much for watching this video

Info

Channel: DotNet Core Central

Views: 7,736

Rating: undefined out of 5

Keywords: c#, csharp..net, dotnet, csharp 11, c# 11, dotnet 7, .net 7, basic authentication, authentication

Id: tLfYd1U1cAY

Channel Id: undefined

Length: 11min 29sec (689 seconds)

Published: Mon Apr 03 2023