How to Implement Basic Authentication in Asp.net Web API 2.0 ? (Part 8)

Chandradev

As the name suggest, it is the most simple and basic process of doing authentication of HTTP Request in asp.net Web API.
In this process client sends the Base64-encoded credentials to the authorize header on every HTTP request, and after verification process Web API return the expected HTTP Response

In this process, it doesn’t use Session or cookies.

Step 1: Create the BasicAuthenticationAttribute class and write code for doing validation like given below


using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Text;
using System.Web;
using System.Web.Http.Filters;

namespace WebApi_Sample.Security
{
    public class BasicAuthenticationAttribute: AuthorizationFilterAttribute
    {
        public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            if (actionContext.Request.Headers.Authorization == null)
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
            }
            else
            {
                // Gets header parameters  
                string authenticationString = actionContext.Request.Headers.Authorization.Parameter;
                string originalString = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationString));

                // Gets username and password  
                string usrename = originalString.Split(':')[0];
                string password = originalString.Split(':')[1];

                // Validate username and password  
                if (!ValidateUser.VaidateUser(usrename, password))
                {
                    // returns unauthorized error  
                    actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
                }
            }

            base.OnAuthorization(actionContext);
        }

    }
}

Step 2: Create the ValidateUser Class and write the code for doing validation in database on basis of UserName and password

namespace WebApi_Sample.Security
{
    public class ValidateUser
    {
        public static bool VaidateUser(string username, string password)
        {
            // Check if it is valid credential  
            // Here we have just hardcoded the value 
            if (username.Equals("Admin") && password.Equals("Admin")) 
            {
                return true;
            }
            else
            {
                return false;
            }
        }
    }
}

Step 3: Use the basic BasicAuthentication Attribute on the Controller as given below

Step 4. Now lunch the Postman tool and select the basic authentication option and pass the username and password as given below image

You will the get the excepted data as output.

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.