Microsoft doesn't ship a Basic Authentication package with ASP.NET Core Security for a good reason. While that doesn't stop us needing such implementation for testing, this is not advised for production systems due to the many pitfalls and insecurities.
Sample usages, with hard-coded credentials:
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddAuthentication()
.AddBasicAuthentication(credentials =>
Task.FromResult(
credentials.username == "myUsername"
&& credentials.password == "myPassword"));
}Or by defining a service to register. Allowing your validator to take dependencies through Dependency Injection:
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthorization()
.AddBasicAuthentication<DatabaseBasicCredentialVerifier>();
}
// With your own validator
public class DatabaseBasicCredentialVerifier : IBasicCredentialVerifier
{
private readonly IUserRepository _db;
public DatabaseBasicCredentialVerifier(IUserRepository db) => _db = db;
public Task<bool> Authenticate(string username, string password)
{
return _db.IsValidAsync(username, password);
}
}And finally, since ASP.NET Core 2.0, the single middeware for authentication:
public void Configure(IApplicationBuilder app)
{
app.UseAuthentication();
app.AddMvc();
}For better understanding of the ASP.NET Core Identity, see Microsoft docs
Licensed under MIT