I am developing a software which contains User-Interfaces and APIs. For the authentication and authorization i have used .NET CORE Identity 2.2!
I works very well. Now i have API functions which have two different requirements: 1. API Endpoint which is used by User-Interfaces (AJAX calls and so on...) 2. API Endpoint which could be used by other Software
Therefore i would like to use two different Authorize-Methods. For point 1 i use the .NET CORE Identity authorization and authentication. And for point 2 i would like to use BASIC AUTH
How could i configure these different Authorize-Methods. Here is a sample code:
BASIC AUTH CODE
Try to add Service-Support for BasuicAuth in ConfigureServices
services.AddAuthentication("BasicAuth").AddScheme<AuthenticationSchemeOptions, BasicAuthHandler>("BasicAuth", null);
Build Basic Auth Handler
public class BasicAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
IConfiguration _configuration;
/// <summary>
/// Constructor
/// </summary>
/// <param name="options"></param>
/// <param name="logger"></param>
/// <param name="encoder"></param>
/// <param name="clock"></param>
/// <param name="configuration"></param>
public BasicAuthHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, IConfiguration configuration) : base(options, logger, encoder, clock)
{
_configuration = configuration;
}
/// <summary>
/// Handels the Authentication by using Basic Auth
/// --> Checks the configured values by
/// </summary>
/// <returns></returns>
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{
if (!Request.Headers.ContainsKey("Authorization"))
{
return AuthenticateResult.Fail("Missing Authorization Header");
}
try
{
var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
var credentialsByes = Convert.FromBase64String(authHeader.Parameter);
var credentials = Encoding.UTF8.GetString(credentialsByes).Split(':');
var configuredUserName = _configuration["BasicAuth:Username"];
var configuredPassword = _configuration["BasicAuth:Password"];
if (configuredUserName.Equals(credentials[0]) & configuredPassword.Equals(credentials[1]))
{
var claims = new[] {
new Claim(ClaimTypes.Name, credentials[0])
};
var identity = new ClaimsIdentity(claims, Scheme.Name);
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return AuthenticateResult.Success(ticket);
}
else
{
return AuthenticateResult.Fail("Invalid Credentials");
}
}
catch
{
return AuthenticateResult.Fail("Invalid Authorization Header");
}
}
}
Try to add Authentication Basic-Auth to Controller
[ApiController]
[ApiVersion("1.0", Deprecated = false)]
[Produces("application/json")]
[Route("api/v{version:apiVersion}/[controller]")]
[Authorize]
public class MasterDataController : ControllerBase
{...}
The Authorize Annotation is using every-time the .NET CORE Identity Authorize
ANOTHER CASE IS TO USE AUTHORIZE BY .NET CORE IDENTITY FOR UI-APIs
[ApiController]
[ApiVersion("1.0", Deprecated = false)]
[Produces("application/json")]
[Route("api/v{version:apiVersion}/[controller]")]
[Authorize(Roles = "SuperUser,PlantAdministrator,EndUser")]
public class UploadController : ControllerBase
{...}
This works very well - but i would like to use a combination...
I found a solution. You could do it by add parameters to the Authorize annotation like the following:
[ApiController]
[ApiVersion("1.0", Deprecated = false)]
[Produces("application/json")]
[Route("api/v{version:apiVersion}/[controller]")]
[Authorize(ActiveAuthenticationSchemes = "BasicAuth")]
public class MasterDataController : ControllerBase
{...}
If you set the ActiveAuthenticationSchemes to Basic Auth it looks for a compatible AuthenticationHandler!