idunno.Authentication
idunno.Authentication copied to clipboard
blowdart
A filled with self-loathing implementation of Basic Authentication, and Certificate Authentication to make me feel like a real security person, all for for ASP.NET Core
idunno.Authentication
This repository contains a collection of various authentication mechanisms for ASP.NET Core, including
- Basic Authentication
- Shared Key Authentication
- Certificate Authentication
Basic Authentication started as a demonstration of how to write authentication middleware and was not as something you would seriously consider using, but some people want Basic Authentication so here it is.
Certificate Authentication is a common request on the ASP.NET Core Security repo, so I wrote one for Core 2.x. ASP.NET Core 3.0 took that as a starting point and includes Certificate Authentication as a supported package.
Basic Authentication is available for ASP.NET Core 2.1 and later. Shared Key Authentication is available for ASP.NET Core 3.1 and later. Certification Authentication is only targeted at ASP.NET Core 2.1.
This is not an official Microsoft project, this is an "In my spare time, entirely unsupported"™ effort.
nuget packages
nuget packages are available.
| Authentication Type | nuget package |
|---|---|
| Basic | https://www.nuget.org/packages/idunno.Authentication.Basic/ |
| SharedKey | https://www.nuget.org/packages/idunno.Authentication.SharedKey/ |
| Certificate | https://www.nuget.org/packages/idunno.Authentication.Certificate/ |
Azure Artifacts holds a feed of current dev builds.
Version History
| Version | Notes |
|---|---|
| 2.3.0 | Added Shared key authentication |
| 2.2.2 | Basic authentication now multi-targets Core 2.1, 3.0, 3.1, .NET 5.0 and .NET 6.0 |
| 2.2.2 | Basic authentication now multi-targets Core 2.1, 3.0 and 3.1 |
| 2.2.1 | Basic authentication now returns a 421 request when a request is issued over HTTP, unless AllowInsecureProtocol is set |
| 2.2.0 | Basic authentication no longer throws exception when invalid base64 data sent in authentication header Added property for suppressing the WWW-Authenticate header schemeUpdated nuget license and package icon |
| 2.1.1 | Added SourceLink Changed library dependencies to remove demands for exact versions, following the .NET Core open-source library guidance nuget package is now signed |
| 2.1.0 | Added Certificate Authentication Fixed Basic Authentication event handling Packages are now Authenticode signed |
Notes
Each handler requires you to authenticate the credentials passed. You are responsible for hardening this authentication and ensuring it performs under load.
blowdart