top of page

Basic Authentication in Swagger (Open API) .Net 5

In this article we are going to learn about the how to setup the basic authentication for our API's using swagger in ASP.NET 5.0. As we all know, its newly launched Framework officially released in November. Here I am sharing the link to install the SDK for .Net 5



Packages used in this Project!

Swashbuckle.AspNetCore (latest version)

The above package is installed by default if you are going with ASP.NET Core 5.0 Step 1

Create a Project in Visual Studio and make sure to go with the same process from the image shown below.




Step 2

Add the Services Folder where we can add the business logic in that.



For the time being I have hardcoded the username and password in the code itself if you have the database with all the login credentials you can validate with that table.

UserService.cs

using System;  
using System.Collections.Generic;  
using System.Linq;  
using System.Threading.Tasks;  
 
namespace BasicAuth.Services  
{  
 public class UserService : IUserService  
    {  
 public bool ValidateCredentials(string username, string password)  
        {  
 return username.Equals("admin") && password.Equals("Pa$$WoRd");  
        }  
    }  
}  

I have added the interface for Dependency injection in controller level.

IUserService.cs

using System;  
using System.Collections.Generic;  
using System.Linq;  
using System.Threading.Tasks;  
 
namespace BasicAuth.Services  
{  
 public interface IUserService  
    {  
 bool ValidateCredentials(string username, string password);  
    }  
}  


Step 3

Add the Authenticate Handler code in order to handle the basic authentication.



BasicAuthenticationHandler.cs

using BasicAuth.Services;  
using Microsoft.AspNetCore.Authentication;  
using Microsoft.Extensions.Logging;  
using Microsoft.Extensions.Options;  
using System;  
using System.Collections.Generic;  
using System.Linq;  
using System.Net.Http.Headers;  
using System.Security.Claims;  
using System.Text;  
using System.Text.Encodings.Web;  
using System.Threading.Tasks;  
 
namespace BasicAuth.API  
{  
 public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>  
    {  
        #region Property 
 readonly IUserService _userService;  
        #endregion 
 
        #region Constructor 
 public BasicAuthenticationHandler(IUserService userService,  
            IOptionsMonitor<AuthenticationSchemeOptions> options,  
            ILoggerFactory logger,  
            UrlEncoder encoder,  
            ISystemClock clock)  
            : base(options, logger, encoder, clock)  
        {  
            _userService = userService;  
        }  
        #endregion 
 
 protected override async Task<AuthenticateResult> HandleAuthenticateAsync()  
        {  
 string username = null;  
 try 
            {  
                var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);  
                var credentials = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Parameter)).Split(':');  
                username = credentials.FirstOrDefault();  
                var password = credentials.LastOrDefault();  
 
 if (!_userService.ValidateCredentials(username, password))  
 throw new ArgumentException("Invalid credentials");  
            }  
 catch (Exception ex)  
            {  
 return AuthenticateResult.Fail($"Authentication failed: {ex.Message}");  
            }  
 
            var claims = new[] {  
 new Claim(ClaimTypes.Name, username)  
            };  
            var identity = new ClaimsIdentity(claims, Scheme.Name);  
            var principal = new ClaimsPrincipal(identity);  
            var ticket = new AuthenticationTicket(principal, Scheme.Name);  
 
 return AuthenticateResult.Success(ticket);  
        }  
 
    }  
}  

After adding the AuthenticationHandler code we can use the Authorize Attribute as header for each method in the controller to have this basic authentication setup.I have not added any other controller as I have reused the same controller.

WeatherForecastController.cs

using Microsoft.AspNetCore.Authorization;  
using Microsoft.AspNetCore.Mvc;  
using Microsoft.Extensions.Logging;  
using System;  
using System.Collections.Generic;  
using System.Linq;  
using System.Threading.Tasks;  
 
namespace BasicAuth.Controllers  
{  
    [Authorize]  
    [ApiController]  
    [Route("[controller]")]  
 public class WeatherForecastController : ControllerBase  
    {  
 private static readonly string[] Summaries = new[]  
        {  
 "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching" 
        };  
 
 private readonly ILogger<WeatherForecastController> _logger;  
 
 public WeatherForecastController(ILogger<WeatherForecastController> logger)  
        {  
            _logger = logger;  
        }  
 
        [HttpGet]  
 public IEnumerable<WeatherForecast> Get()  
        {  
            var rng = new Random();  
 return Enumerable.Range(1, 5).Select(index => new WeatherForecast  
            {  
                Date = DateTime.Now.AddDays(index),  
                TemperatureC = rng.Next(-20, 55),  
                Summary = Summaries[rng.Next(Summaries.Length)]  
            })  
            .ToArray();  
        }  
    }  
}  

Step 4

I have setup this basic authentication in swagger so we have add the configuration of this swagger in startup.cs file.

Startup.cs

using BasicAuth.API;  
using BasicAuth.Services;  
using Microsoft.AspNetCore.Authentication;  
using Microsoft.AspNetCore.Builder;  
using Microsoft.AspNetCore.Hosting;  
using Microsoft.AspNetCore.HttpsPolicy;  
using Microsoft.AspNetCore.Mvc;  
using Microsoft.Extensions.Configuration;  
using Microsoft.Extensions.DependencyInjection;  
using Microsoft.Extensions.Hosting;  
using Microsoft.Extensions.Logging;  
using Microsoft.OpenApi.Models;  
using System;  
using System.Collections.Generic;  
using System.Linq;  
using System.Threading.Tasks;  
 
namespace BasicAuth  
{  
 public class Startup  
    {  
 public Startup(IConfiguration configuration)  
        {  
            Configuration = configuration;  
        }  
 
 public IConfiguration Configuration { get; }  
 
 // This method gets called by the runtime. Use this method to add services to the container. 
 public void ConfigureServices(IServiceCollection services)  
        {  
 
            services.AddControllers();  
 
            #region Configure Swagger 
            services.AddSwaggerGen(c =>  
            {  
                c.SwaggerDoc("v1", new OpenApiInfo { Title = "BasicAuth", Version = "v1" });  
                c.AddSecurityDefinition("basic", new OpenApiSecurityScheme  
                {  
                    Name = "Authorization",  
                    Type = SecuritySchemeType.Http,  
                    Scheme = "basic",  
                    In = ParameterLocation.Header,  
                    Description = "Basic Authorization header using the Bearer scheme." 
                });  
                c.AddSecurityRequirement(new OpenApiSecurityRequirement  
                {  
                    {  
 new OpenApiSecurityScheme  
                            {  
                                Reference = new OpenApiReference  
                                {  
                                    Type = ReferenceType.SecurityScheme,  
                                    Id = "basic" 
                                }  
                            },  
 new string[] {}  
                    }  
                });  
            });  
            #endregion 
 
            services.AddAuthentication("BasicAuthentication")  
    .AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);  
 
            services.AddScoped<IUserService, UserService>();  
        }  
 
 // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. 
 public void Configure(IApplicationBuilder app, IWebHostEnvironment env)  
        {  
 if (env.IsDevelopment())  
            {  
                app.UseDeveloperExceptionPage();  
                app.UseSwagger();  
                app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "BasicAuth v1"));  
            }  
 
            app.UseHttpsRedirection();  
 
            app.UseRouting();  
            app.UseAuthentication();  
            app.UseAuthorization();  
 
            app.UseEndpoints(endpoints =>  
            {  
                endpoints.MapControllers();  
            });  
        }  
    }  
}  

Step 5

Run the Application and by default swagger URL will be opened with default port. From the below image Authorize button is enabled and each API is unauthorized until your authorization is successfull.

Click on the Authorize Button. Pass the username and password to access the API.


Response from the API


If you want to check with postman below is the process to access the API via Authorization.



In this article we learned that how can setup basic authentication for API via Swagger and Run and test it with Postman. If you want to clone the project


Source: C# Corner

0 comments

Comentarios


bottom of page