A library which includes a dotnet 6 Basic Authentication middleware component which can be added to dotnet web and API apps on Azure to enable classic/old RFC 2617 Basic Authentication. Please note, Basic Auth is one of the oldest forms of web authentication and is not known for being the most secure. Use and implement at your own risk and of course only use in conjunction with secure communications protocols (e.g. SSL) to prevent sending user names and passwords unencrypted over the Internet.
Install - Leveraging NuGet Package
Assuming you would like to add the library to your project via a NuGet package, the following are the steps required:
- Have an existing
dotnet webappordotnet apiappcreated (if starting from scratch, simply typedotnet new webapp --name "myWebApp"to create a new one). - From the command line change the directory the the directory with a
.csprojfile in it (cd myWebAppin the example above). - Add the package to your project by typing
dotnet add package joelbyford.BasicAuth. - Modify your code startup code as appropriate (see later in this readme).
If you would rather use the raw source code, just copy the BasicAuth.cs file into your existing project instead.
Once installed, to use the library, simply modify the Configure method in your startup.cs to call the library in any one of two ways:
For simple use cases, this may satisfy your need. PLEASE take steps to avoid having credentials in code
using joelbyford;
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
...
string basicAuthRealm = "mywebsite.com";
string basicAuthUser = "testUser"; //hardcoded values here for example only
string basicAuthPass = "testPass"; //hardcoded values here for example only
app.UseMiddleware<joelbyford.BasicAuth>(basicAuthRealm, basicAuthUser, basicAuthPass);
}
If you would like to control how and where you get the users and passwords from, this method is best (e.g. you are obtaining from a database). PLEASE take steps to avoid having credentials in code
using joelbyford;
using System.IO;
using System.Text.Json;
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
...
Dictionary<string, string> myUsers = new Dictionary<string, string>();
var packageJson = File.ReadAllText("authorizedUsers.json");
myUsers = JsonSerializer.Deserialize<Dictionary<string, string>>(packageJson);
string basicAuthRealm = "mywebsite.com";
app.UseMiddleware<joelbyford.BasicAuth>(basicAuthRealm, myUsers);
}
In this example, a json file is loaded from the web app's root directory with the following format:
{
"testUser" : "testPassword",
"devUser" : "devPassword"
}
This can of course be loaded in from a database call instead as long as users and passwords are loaded into a Dictionary<string, string>
To see an example of this in use, please see startup.cs in the https://github.com/joelbyford/CSVtoJSONcore repo.