qckdev.AspNetCore.Authentication.Basic 0.1.0-net10.1580

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. .NET Standard 2.0 This package targets .NET Standard 2.0. The package is compatible with this framework or higher.
This is a prerelease version of qckdev.AspNetCore.Authentication.Basic. 
dotnet add package qckdev.AspNetCore.Authentication.Basic --version 0.1.0-net10.1580
                    


                    

                
NuGet\Install-Package qckdev.AspNetCore.Authentication.Basic -Version 0.1.0-net10.1580
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="qckdev.AspNetCore.Authentication.Basic" Version="0.1.0-net10.1580" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="qckdev.AspNetCore.Authentication.Basic" Version="0.1.0-net10.1580" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="qckdev.AspNetCore.Authentication.Basic" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add qckdev.AspNetCore.Authentication.Basic --version 0.1.0-net10.1580
                    


                    

                
#r "nuget: qckdev.AspNetCore.Authentication.Basic, 0.1.0-net10.1580"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package qckdev.AspNetCore.Authentication.Basic@0.1.0-net10.1580
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=qckdev.AspNetCore.Authentication.Basic&version=0.1.0-net10.1580&prerelease
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=qckdev.AspNetCore.Authentication.Basic&version=0.1.0-net10.1580&prerelease
                    


                            Install as a Cake Tool

NuGet Version Quality Gate Code Coverage Azure Pipelines Status

qckdev.AspNetCore.Authentication.Basic

Provides tools to configure Basic authentication for ASP.NET Core with extensible validation strategies.

Overview

This library simplifies the setup of HTTP Basic Authentication in ASP.NET Core applications with a flexible, extensible architecture. It supports:

  • Simple scenarios: Static credentials embedded in options
  • Configuration-based: Credentials from appsettings.json
  • Advanced scenarios: Custom validators with database, LDAP, or external service integration
  • Generic options: Extend BasicAuthenticationOptions for custom properties
  • Multiple schemes: Support for multiple authentication schemes

Installation

dotnet add package qckdev.AspNetCore.Authentication.Basic

Quick Start

Simple Usage with Static Credentials

using Microsoft.AspNetCore.Authentication;
using Microsoft.Extensions.DependencyInjection;
using qckdev.AspNetCore.Authentication.Basic;

services
    .AddAuthentication("Basic")
    .AddBasicAuthentication<CredentialsBasedValidator, CredentialsBasedOptions>(opts =>
    {
        opts.Realm = "My API";
        opts.Username = "admin";
        opts.Password = "secretPassword123";
    });

Then use the [Authorize(AuthenticationSchemes = "Basic")] attribute on your controllers:

[ApiController]
[Route("api/[controller]")]
[Authorize(AuthenticationSchemes = "Basic")]
public class ProtectedController : ControllerBase
{
    [HttpGet]
    public IActionResult Get()
    {
        var username = User.Identity?.Name;
        return Ok(new { message = $"Hello, {username}!" });
    }
}

Custom Validator with Database

Implement a custom validator to check credentials against a database:

using qckdev.AspNetCore.Authentication.Basic;
using System.Threading;
using System.Threading.Tasks;

public class DatabaseValidator : IBasicAuthenticationValidator
{
    private readonly IUserService _userService;
    private readonly IPasswordHasher _passwordHasher;

    public DatabaseValidator(IUserService userService, IPasswordHasher passwordHasher)
    {
        _userService = userService;
        _passwordHasher = passwordHasher;
    }

    public async Task<bool> ValidateAsync(string username, string password, CancellationToken cancellationToken = default)
    {
        try
        {
            var user = await _userService.GetUserAsync(username, cancellationToken);
            if (user == null) return false;

            return _passwordHasher.Verify(user.PasswordHash, password);
        }
        catch
        {
            return false;
        }
    }
}

Register it in your Startup.cs or Program.cs:

services
    .AddScoped<IUserService, UserService>()
    .AddScoped<IPasswordHasher, PasswordHasher>()
    .AddAuthentication("Basic")
    .AddBasicAuthentication<DatabaseValidator>(opts =>
    {
        opts.Realm = "Enterprise API";
    });

Multiple Schemes

You can register multiple Basic authentication schemes with different validators:

services
    .AddAuthentication("Basic")
    .AddBasicAuthentication<CredentialsBasedValidator, CredentialsBasedOptions>(
        "ApiKey",
        opts =>
        {
            opts.Realm = "Legacy API";
            opts.Username = "api-key";
            opts.Password = "legacy-shared-secret";
        })
    .AddBasicAuthentication<DatabaseValidator>(
        "Database",
        opts =>
        {
            opts.Realm = "Enterprise API";
        });

Then use specific schemes on your controllers:

[Authorize(AuthenticationSchemes = "ApiKey")]
public class LegacyController : ControllerBase { }

[Authorize(AuthenticationSchemes = "Database")]
public class EnterpriseController : ControllerBase { }

Custom Options Class

Extend BasicAuthenticationOptions to add custom properties:

public class CustomBasicOptions : BasicAuthenticationOptions
{
    public string? ApiVersion { get; set; }
    public int MaxLoginAttempts { get; set; } = 5;
}

Use it with your validator:

services
    .AddAuthentication()
    .AddBasicAuthentication<DatabaseValidator, CustomBasicOptions>(opts =>
    {
        opts.Realm = "My API";
        opts.ApiVersion = "v1";
        opts.MaxLoginAttempts = 3;
    });

Configuration Options

BasicAuthenticationOptions

Property Type Default Description
Realm string? "Application" The realm sent in the WWW-Authenticate header (RFC 7617)
AllowEmptyCredentials bool false Whether to allow empty username or password
Encoding Encoding? UTF-8 Character encoding for decoding credentials

CredentialsBasedOptions (extends BasicAuthenticationOptions)

Property Type Description
Username string? The username for static authentication
Password string? The password for static authentication

Built-in Validators

CredentialsBasedValidator

Uses static credentials from CredentialsBasedOptions. Performs case-sensitive string comparison.

.AddBasicAuthentication<CredentialsBasedValidator, CredentialsBasedOptions>(opts =>
{
    opts.Username = "admin";
    opts.Password = "password123";
});

Custom Validator Implementation

Create a custom validator by implementing IBasicAuthenticationValidator:

public interface IBasicAuthenticationValidator
{
    Task<bool> ValidateAsync(string username, string password, CancellationToken cancellationToken = default);
}

Example with external service:

public class ExternalServiceValidator : IBasicAuthenticationValidator
{
    private readonly HttpClient _httpClient;

    public ExternalServiceValidator(HttpClient httpClient)
    {
        _httpClient = httpClient;
    }

    public async Task<bool> ValidateAsync(string username, string password, CancellationToken cancellationToken = default)
    {
        var request = new { username, password };
        var response = await _httpClient.PostAsJsonAsync(
            "https://auth-service.example.com/validate",
            request,
            cancellationToken);

        return response.IsSuccessStatusCode;
    }
}

API Key Pattern

Use Basic Authentication as a simple API key mechanism:

// Startup
services
    .AddAuthentication()
    .AddBasicAuthentication<CredentialsBasedValidator, CredentialsBasedOptions>(
        "ApiKey",
        opts =>
        {
            opts.Realm = "API Key Authentication";
            opts.Username = "ApiKey"; // Fixed username
            opts.Password = "your-secret-api-key-token";
        });

// Usage: Pass as Authorization header
// Authorization: Basic QXBpS2V5OnlvdXItc2VjcmV0LWFwaS1rZXktdG9rZW4=

Features

✅ Extensible validation strategy pattern
✅ Multiple authentication schemes
✅ Generic options class inheritance
✅ Thread-safe credential validation
✅ XML documentation
✅ No external dependencies (uses only ASP.NET Core built-ins)

Best Practices

  • Production: Always use HTTPS when transmitting Basic Authentication credentials
  • Password storage: Hash and salt passwords, never store plain text
  • Validation: Implement timeout and rate-limiting in custom validators
  • Realm: Use descriptive realm names to help clients understand the protected resource
  • Claims: Consider adding claims mapping in custom validators for authorization

Testing

This library includes comprehensive integration tests covering credential validation, header parsing, and edge cases.

7 integration tests validate the complete authentication pipeline:

  • Public endpoint access
  • Challenge response (WWW-Authenticate)
  • Valid and invalid credentials
  • Malformed headers
  • Edge cases (empty password, etc.)

For detailed testing documentation, see Integration Testing Guide.

Supported Frameworks

  • .NET Core 3.1
  • .NET 5.0
  • .NET 6.0
  • .NET 8.0
  • .NET 10.0

🤝 Contributing

Issues and pull requests are welcome! See the contribution guidelines (coming soon).

📜 License

This project is licensed under the terms of the MIT License.

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
.NET Core netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.0 is compatible.  netstandard2.1 was computed. 
.NET Framework net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 was computed. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen40 was computed.  tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.1.0-net10.1580 37 3/5/2026