Skip to content

A library which supports Basic and HMAC authentication for ASP.NET Core and .NET standard 2.0 clients

License

Notifications You must be signed in to change notification settings

softawaregmbh/library-authentication

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

63 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

softaware.Authentication

softaware.Authentication.Hmac

softaware.Authentication.Hmac.AspNetCore

Nuget

Provides an AuthenticationHandler which supports HMAC authentication in an ASP.NET Core project.

Usage:

  1. Register an implementation of IHmacAuthorizationProvider in Startup.cs. Either use the built-in MemoryHmacAuthenticationProvider for in-memory HMAC app configuration or implement your own IHmacAuthorizationProvider to provide HMAC apps.

    services.AddTransient<IHmacAuthorizationProvider>(_ => new MemoryHmacAuthenticationProvider(hmacAuthenticatedApps));
  2. When using the built-in MemoryHmacAuthenticationProvider, get your HMAC authenticated clients, for example from the appsettings.json file. For HMAC authentication, an AppId and an ApiKey is required for each client which should get access.

    {
      "Authentication": {
        "HmacAuthenticatedApps": [
            {
                "AppId": "<some-app-id>",
                "ApiKey": "<some-api-key>"
            }
        ]
      }
    }
    var hmacAuthenticatedApps = this.Configuration
        .GetSection("Authentication")
        .GetSection("HmacAuthenticatedApps")
        .Get<HmacAuthenticationClientConfiguration[]>()
        .ToDictionary(e => e.AppId, e => e.ApiKey);
  3. Enable HMAC authentication in Startup.cs in the ConfigureServices method. The .AddHmacAuthentication(...) method will use the configured IHmacAuthorizationProvider for resolving HMAC apps:

    services
        .AddAuthentication(o =>
        {
            o.DefaultScheme = HmacAuthenticationDefaults.AuthenticationScheme;
        })
        .AddHmacAuthentication(HmacAuthenticationDefaults.AuthenticationScheme, "HMAC Authentication", options => { });
  4. Add MemoryCache (from Microsoft.Extensions.Caching.Memory) in Startup.cs in the ConfigureServices method. The MemoryCache is used by the HMAC AuthenticationHandler to determine replay attacks.

    services.AddMemoryCache();
  5. Enable authentication in Startup.cs in the Configure method:

    app.UseAuthentication();
  6. Optional: Specify HMAC as the authentication scheme for certain controllers:

    [Authorize(AuthenticationSchemes = HmacAuthenticationDefaults.AuthenticationScheme)]
    [Route("api/[controller]")]
    public class HomeController : Controller
    {
       // ...
    }

softaware.Authentication.Hmac.Client

Nuget

Provides a DelegatingHandler for adding an HMAC authorization header to HTTP requests.

Instantiate your HttpClient instance with the ApiKeyDelegatingHandler. Make sure, that you don't create new HttpClient instances for every request (see also this blog post for details):

new HttpClient(new ApiKeyDelegatingHandler(appId, apiKey));

Or in case your WebAPI client is another ASP.NET WebAPI (>= ASP.NET Core 2.1), register your HttpClient in the Startup.cs for example as follows:

services.AddTransient(sp => new ApiKeyDelegatingHandler(appId, apiKey));

services
    .AddHttpClient("HmacHttpClient")
    .AddHttpMessageHandler<ApiKeyDelegatingHandler>();

Generate HMAC AppId and ApiKey

To generate an API Key, the following simple Console Application can be used. This implementation is also provided on .NET Fiddle.

using System.Security.Cryptography;

public class Program
{
    public static void Main()
    {
        Console.WriteLine($"AppID: {Guid.NewGuid()} or <some-speaking-name>");
        Console.WriteLine($"ApiKey: {GenerateApiKey()}");
    }

    private static string GenerateApiKey()
    {
        using (var cryptoProvider = new RNGCryptoServiceProvider())
        {
            byte[] secretKeyByteArray = new byte[32]; //256 bit
            cryptoProvider.GetBytes(secretKeyByteArray);
            return Convert.ToBase64String(secretKeyByteArray);
        }
    }
}

softaware.Authentication.Basic

softaware.Authentication.Basic.AspNetCore

Nuget

Provides an AuthenticationHandler which supports Basic authentication in an ASP.NET Core project.

Enable Basic authentication in Startup.cs in the ConfigureServices method:

services.AddTransient<IBasicAuthorizationProvider>(_ => new MemoryBasicAuthenticationProvider(authenticatedApps));

services
    .AddAuthentication(o =>
    {
        o.DefaultScheme = BasicAuthenticationDefaults.AuthenticationScheme;
    })
    .AddBasicAuthentication();

If you want to validate usernames and passwords from the basic authentication header more sophisticated than the built-in MemoryBasicAuthenticationProvider, just implement and register your own IBasicAuthorizationProvider.

Enable Authentication in Startup.cs in the Configure method:

app.UseAuthentication();

softaware.Authentication.Basic.Client

Nuget

Provides a DelegatingHandler for adding an HMAC authorization header to HTTP requests.

Instantiate your HttpClient instance with the BasicAuthenticationDelegatingHandler. Make sure, that you don't create new HttpClient instances for every request (see also this blog post for details):

new HttpClient(new BasicAuthenticationDelegatingHandler(username, password));

softaware.Authentication.SasToken

softaware.Authentication.SasToken.AspNetCore

Nuget

Provides an AuthenticationHandler which supports Shared Access Signature (SAS) authentication in an ASP.NET Core project.

Enable SAS authentication in Startup.cs in the ConfigureServices method:

services.AddTransient<IKeyProvider>(_ => new MemoryKeyProvider(key));

services
    .AddAuthentication(o =>
    {
        o.DefaultScheme = SasTokenAuthenticationDefaults.AuthenticationScheme;
    })
    .AddSasTokenAuthentication();

If you want to retrieve the key for the shared access signature other than from the built-in MemoryKeyProvider, you can implement and register your own IKeyProvider.

Enable Authentication in Startup.cs in the Configure method:

app.UseAuthentication();

To generate an URL with a Shared Access Signature, inject the SasTokenUrlGenerator and call the GenerateSasTokenQueryStringAsync(...) method for getting the SAS query string or GenerateSasTokenUriAsync(...) method to receive the full SAS URI.

About

A library which supports Basic and HMAC authentication for ASP.NET Core and .NET standard 2.0 clients

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages