Skip to content
/ BasicAuth Public

Allows adding RFC 2617 Basic Auth to Azure App Service

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

joelbyford/BasicAuth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits

.github

.github

 
 

.gitignore

.gitignore

 
 

BasicAuth.cs

BasicAuth.cs

 
 

BasicAuth.csproj

BasicAuth.csproj

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

OpenSSF Best Practices

BasicAuth

A library which includes a dotnet 6 Basic Authentication middleware component which can be added to dotnet web and API apps on Azure to enable classic/old RFC 2617 Basic Authentication. Please note, Basic Auth is one of the oldest forms of web authentication and is not known for being the most secure. Use and implement at your own risk and of course only use in conjunction with secure communications protocols (e.g. SSL) to prevent sending user names and passwords unencrypted over the Internet.

Install - Leveraging NuGet Package

Assuming you would like to add the library to your project via a NuGet package, the following are the steps required:

  1. Have an existing dotnet webapp or dotnet apiapp created (if starting from scratch, simply type dotnet new webapp --name "myWebApp" to create a new one).
  2. From the command line change the directory the the directory with a .csproj file in it (cd myWebApp in the example above).
  3. Add the package to your project by typing dotnet add package joelbyford.BasicAuth.
  4. Modify your code startup code as appropriate (see later in this readme).

Install - Leveraging Source Code

If you would rather use the raw source code, just copy the BasicAuth.cs file into your existing project instead.

Code Modifications

Once installed, to use the library, simply modify the Configure method in your startup.cs to call the library in any one of two ways:

Authorize a Single User

For simple use cases, this may satisfy your need. PLEASE take steps to avoid having credentials in code

using joelbyford;

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        ...
        string basicAuthRealm = "mywebsite.com";
        string basicAuthUser = "testUser"; //hardcoded values here for example only
        string basicAuthPass = "testPass"; //hardcoded values here for example only
        app.UseMiddleware<joelbyford.BasicAuth>(basicAuthRealm, basicAuthUser, basicAuthPass);
    }

Authorize a Dictionary of Users

If you would like to control how and where you get the users and passwords from, this method is best (e.g. you are obtaining from a database). PLEASE take steps to avoid having credentials in code

using joelbyford;
using System.IO;
using System.Text.Json;

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        ...
        Dictionary<string, string> myUsers = new Dictionary<string, string>();
        var packageJson = File.ReadAllText("authorizedUsers.json");
        myUsers = JsonSerializer.Deserialize<Dictionary<string, string>>(packageJson);
        string basicAuthRealm = "mywebsite.com";
        app.UseMiddleware<joelbyford.BasicAuth>(basicAuthRealm, myUsers);
    }

In this example, a json file is loaded from the web app's root directory with the following format:

{    
    "testUser" : "testPassword",
    "devUser" : "devPassword"
}

This can of course be loaded in from a database call instead as long as users and passwords are loaded into a Dictionary<string, string>

To see an example of this in use, please see startup.cs in the https://github.com/joelbyford/CSVtoJSONcore repo.

About

Allows adding RFC 2617 Basic Auth to Azure App Service

Topics

dotnet azure basicauth

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 4

v1.2.0 - Bump to dotnet 6 Latest
May 19, 2022
+ 3 releases

Packages 1

 

Languages