public async System.Threading.Tasks.Task <IActionResult> LoginAsync(string username, string password) { if (await _authenticationService.IsValidUserAsync(username, password)) { return(Content("You are not logged in " + username)); } return(RedirectToAction("Login")); }
protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { // return no result if authorization header is not in the request if (!Request.Headers.ContainsKey("Authorization")) { return(AuthenticateResult.NoResult()); } // no result if the authentication header is not valid if (!AuthenticationHeaderValue.TryParse(Request.Headers["Authorization"], out AuthenticationHeaderValue headerValue)) { return(AuthenticateResult.NoResult()); } // make sure scheme is "Basic" if not, then return no result if (!"Basic".Equals(headerValue.Scheme, StringComparison.OrdinalIgnoreCase)) { return(AuthenticateResult.NoResult()); } // decode the user name and password from the header value byte[] headerValueBytes = Convert.FromBase64String(headerValue.Parameter); string userAndPassword = Encoding.UTF8.GetString(headerValueBytes); // user name and password will be seperated by a colon string[] parts = userAndPassword.Split(":"); if (parts.Length != 2) { return(AuthenticateResult.Fail("Invalid Basic authentication header")); } string user = parts[0]; string password = parts[1]; bool isValidUser = await _authenticationService.IsValidUserAsync(user, password); if (!isValidUser) { return(AuthenticateResult.Fail("Invalid username or password")); } // only claim is their username Claim[] claims = new Claim[] { new Claim(ClaimTypes.Name, user) }; // create an identity with the username claim // Scheme is the authentication scheme, its a property of the authentication handler class var identity = new ClaimsIdentity(claims, Scheme.Name); // create a principal with the user identity ClaimsPrincipal principal = new ClaimsPrincipal(identity); // we need the authentication ticket to pass to the authenticationResult.Success method AuthenticationTicket ticket = new AuthenticationTicket(principal, Scheme.Name); return(AuthenticateResult.Success(ticket)); }
protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { const string BasicScheme = "Basic"; if (!Request.Headers.ContainsKey("Authorization")) { return(AuthenticateResult.NoResult()); } if (!AuthenticationHeaderValue.TryParse(Request.Headers["Authorization"], out AuthenticationHeaderValue headerValue)) { return(AuthenticateResult.NoResult()); } if (!BasicScheme.Equals(headerValue.Scheme, StringComparison.OrdinalIgnoreCase)) { return(AuthenticateResult.NoResult()); } // get the credentials from the authorization header byte[] headerValueBytes = Convert.FromBase64String(headerValue.Parameter); string userAndPassword = Encoding.UTF8.GetString(headerValueBytes); string[] parts = userAndPassword.Split(':'); if (parts.Length != 2) { return(AuthenticateResult.Fail("Invalid Basic authentication header")); } string username = parts[0]; string password = parts[1]; bool isValidUser = await _authenticationService.IsValidUserAsync(Options, username, password); if (!isValidUser) { return(AuthenticateResult.Fail("Invalid username or password")); } var claims = new[] { new Claim(ClaimTypes.Name, username) }; var identity = new ClaimsIdentity(claims, Scheme.Name); var principal = new ClaimsPrincipal(identity); var ticket = new AuthenticationTicket(principal, Scheme.Name); return(AuthenticateResult.Success(ticket)); }