C# ApiController : multiple authentication methods

preview_player
Показать описание

Below, you can find the text related to the question/problem. In the video, the question will be presented first, followed by the answers. If the video moves too fast, feel free to pause and review the answers. If you need more detailed information, you can find the necessary sources and links at the bottom of this description. I hope this video has been helpful, and even if it doesn't directly solve your problem, it will guide you to the source of the solution. I'd appreciate it if you like the video and subscribe to my channel!C# ApiController : multiple authentication methods

We have an ASP.NET Core 7 Web API controller and we use Azure AD B2C as the main authentication which works fine. We need a single end point to be basic auth. I've tried creating a custom authorization handler which does this and that works fine. I can see it working through and doing context.Succeed but I still get a 401 response from my call. It's as if it's then doing the Azure AD B2C check which fails.
context.Succeed
I've tried putting [AllowAnonymous] attribute on the endpoint as well as [Authorize(Policy = "BasicAuth")] but then no auth is applied.
[AllowAnonymous]
[Authorize(Policy = "BasicAuth")]
public class BasicAuthHandler : AuthorizationHandler BasicAuthRequirement
{
private readonly IHttpContextAccessor _httpContextAccessor;
private readonly AppSettings _settings;

public BasicAuthHandler(IHttpContextAccessor httpContextAccessor, IOptions AppSettings settings)
{
_httpContextAccessor = httpContextAccessor;
_settings = settings.Value;
}

protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, BasicAuthRequirement requirement)
{
if (ValidateBasicAuth(_httpContextAccessor.HttpContext))
{
context.Succeed(requirement);
}
else
{
var response = _httpContextAccessor.HttpContext.Response;
response.Clear();
response.StatusCode = 401;
context.Fail();
}

return Task.CompletedTask;
}

private bool ValidateBasicAuth(HttpContext context)
{
string authHeader = context.Request.Headers["Authorization"];

if (authHeader != null && authHeader.StartsWith("Basic"))
{
string encodedUsernamePassword = authHeader.Substring("Basic ".Length).Trim();
Encoding encoding = Encoding.GetEncoding("iso-8859-1");
string usernamePassword = encoding.GetString(Convert.FromBase64String(encodedUsernamePassword));

int seperatorIndex = usernamePassword.IndexOf(':');

var username = usernamePassword.Substring(0, seperatorIndex);
var password = usernamePassword.Substring(seperatorIndex + 1);
if (username.Equals(_settings.BasicAuth.Username, StringComparison.OrdinalIgnoreCase) && password.Equals(_settings.BasicAuth.Password))
return true;
}

return false;
}
}

public class BasicAuthHandler : AuthorizationHandler BasicAuthRequirement
{
private readonly IHttpContextAccessor _httpContextAccessor;
private readonly AppSettings _settings;

public BasicAuthHandler(IHttpContextAccessor httpContextAccessor, IOptions AppSettings settings)
{
_httpContextAccessor = httpContextAccessor;
_settings = settings.Value;
}

protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, BasicAuthRequirement requirement)
{
if (ValidateBasicAuth(_httpContextAccessor.HttpContext))
{
context.Succeed(requirement);
}
else
{
var response = _httpContextAccessor.HttpContext.Response;
response.Clear();
response.StatusCode = 401;
context.Fail();
}

return Task.CompletedTask;
}

private bool ValidateBasicAuth(HttpContext context)
{
string authHeaderSource of the question:

Question and source license information:
  1. Emrah KAYA
Рекомендации по теме
ASP.NET Authentication using 0:12:22

ASP.NET Authentication using Identity in 10 Minutes - Authentication and Authorization in .NET8

Adding JWT Authentication 0:17:24

Adding JWT Authentication & Authorization in ASP.NET Core

JSON Web Tokens 0:26:13

JSON Web Tokens (JWT) in .NET 8 Web API 🔒 - User Registration / Login / Authentication

.NET 8 Authentication 0:20:25

.NET 8 Authentication with Identity in a Web API with Bearer Tokens & Cookies 🔒

ASP.Net Core Web 0:08:01

ASP.Net Core Web API JWT Tutorial [Using JWT in ASP.Net Core]

JSON Web Tokens 0:26:29

JSON Web Tokens (JWT) in .NET 6 Web API 🔒 - User Registration / Login / Authentication

ASP.NET Web Api 0:31:43

ASP.NET Web Api 2.0 In 30 Minutes

ASP.NET Web API 0:53:30

ASP.NET Web API CRUD Operations - .NET8 and Entity Framework Core Tutorial

How To Consume 0:12:55

How To Consume WEB API in ASP.NET Core MVC | ASP.NET Web API | Read Data

Global Exception Handling 0:14:39

Global Exception Handling in Asp.Net Core Web API using IExceptionHandler

Security in ASP.NET 1:01:10

Security in ASP.NET Core 2.0 - Barry Dorrans

APIs Explained (in 0:03:57

APIs Explained (in 4 Minutes)

Secure Your ASP.Net 0:09:12

Secure Your ASP.Net Web API with Request Validation: Best Practices and Techniques

How to CALL 0:14:15

How to CALL POST API in C#! - THIS EASY!

Choosing between MVC 0:04:39

Choosing between MVC Controllers, Minimal API, or FastEndpoints for C# APIs.

Should You Use 0:09:57

Should You Use Controllers or Minimal APIs in .NET?

Difference between ApiController 0:04:23

Difference between ApiController and Controller in ASP NET MVC

ASP.NET Core Authentication 0:26:09

ASP.NET Core Authentication with JWT (JSON Web Token)

Web API Controller 0:04:53

Web API Controller in .NET 8 | Web API (.NET 8) Ep 6

Asp.Net Core Web 0:39:53

Asp.Net Core Web API - CRUD operations in REST API using Entity Framework Core and SQL Server

What is an 0:04:56

What is an API (in 5 minutes)

Web API Tutorial 0:08:03

Web API Tutorial C# [Part 4] - Testing Web API using Postman

GraphQL Explained in 0:02:22

GraphQL Explained in 100 Seconds

WEB API POST 0:24:26

WEB API POST Insert Data Into Multiple Tables Consume MVC C# 4.6

join shbcf.ru