How to write Owin Middleware for Basic Authentication for web api?

Question

I am very much interested in these two things

writing an Owin Middleware that Authenticate a request for http basic authentication scheme

What should be the required steps?

2.Creating an Authentication Filter (not Authorization filter)

what will go inside the ChallengeAsync()

Any help would be appreciated, thanks.

Laxmidhar Sahoo · Answer

Hi //add the following NuGet packages. "Microsoft.AspNet.WebApi.Client" version= "5.0.0-beta2" targetFramework= "net45" /> "Microsoft.AspNet.WebApi.Core" version= "5.0.0-beta2" targetFramework= "net45" /> "Microsoft.AspNet.WebApi.Owin" version= "5.0.0-beta2" targetFramework= "net45" /> "Microsoft.Owin" version= "1.1.0-beta2" targetFramework= "net45" /> "Microsoft.Owin.Host.HttpListener" version= "1.1.0-beta2" targetFramework= "net45" /> "Microsoft.Owin.Hosting" version= "1.1.0-beta2" targetFramework= "net45" /> "Newtonsoft.Json" version= "4.5.11" targetFramework= "net45" /> "Owin" version= "1.0" targetFramework= "net45" /> //Create the middleware class deriving from OwinMiddleware public class AuthenticationMiddleware : OwinMiddleware { public AuthenticationMiddleware(OwinMiddleware next) : base (next) { } public override async Task Invoke(OwinRequest request, OwinResponse response) { request.OnSendingHeaders(state => { var resp = (OwinResponse)state; if (resp.StatusCode == 401) resp.SetHeader( "WWW-Authenticate" , "Basic" ); }, response); var header = request.GetHeader( "Authorization" ); if (!String.IsNullOrWhiteSpace(header)) { var authHeader = System.Net.Http.Headers .AuthenticationHeaderValue.Parse(header); if ( "Basic" .Equals(authHeader.Scheme, StringComparison.OrdinalIgnoreCase)) { string parameter = Encoding.UTF8.GetString( Convert.FromBase64String( authHeader.Parameter)); var parts = parameter.Split( ':' ); string userName = parts[0]; string password = parts[1]; if (userName == password) // Just a dumb check { var claims = new [] { new Claim(ClaimTypes.Name, "Badri" ) }; var identity = new ClaimsIdentity(claims, "Basic" ); request.User = new ClaimsPrincipal(identity); } } } await Next.Invoke(request, response); } } //Create the Startup class. We register the middleware here. public class Startup { public void Configuration(IAppBuilder app) { app.Use( typeof (AuthenticationMiddleware)); HttpConfiguration config = new HttpConfiguration(); config.Routes.MapHttpRoute( "DefaultWebApi" , "{controller}/{id}" , new { id = RouteParameter.Optional }); app.UseWebApi(config); } } // main method class Program { static void Main( string [] args) { const string baseUrl = "http://localhost:12345/" ; using (WebApp.Start ( new StartOptions(baseUrl))) { Console.WriteLine( "Press Enter to terminate." ); Console.Read(); } } } //For Authentication filter follow the link https: //weblog.west-wind.com/posts/2013/apr/18/a-webapi-basic-authentication-authorization-filter Thanks and regards

Farhan Ahmed · Answer

https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/basic-authentication

Jay Krishna Reddy · Answer

In the WebApiConfig.cs file the 'individual user' template inserted the following lines. //// Web API configuration and services //// Configure Web API to use only bearer token authentication. config.SuppressDefaultHostAuthentication(); config.Filters.Add( new HostAuthenticationFilter(OAuthDefaults.AuthenticationType)); Thus we also have to register our BasicAuthenticationMiddleware config.SuppressDefaultHostAuthentication(); config.Filters.Add( new HostAuthenticationFilter(OAuthDefaults.AuthenticationType)); config.Filters.Add( new HostAuthenticationFilter(BasicAuthenticationOptions.BasicAuthenticationType)); where BasicAuthenticationType is the constant string "Basic" that is passed to the base constructor of BasicAuthenticationOptions public class BasicAuthenticationOptions : AuthenticationOptions { public const string BasicAuthenticationType = "Basic" ; public BasicAuthenticationMiddleware.CredentialValidationFunction CredentialValidationFunction { get ; private set ; } public BasicAuthenticationOptions( BasicAuthenticationMiddleware.CredentialValidationFunction validationFunction) : base (BasicAuthenticationType) { CredentialValidationFunction = validationFunction; } } Hope this helps you..! Thanks.