Enable Basic Authentication in WevApi


There are various ways to authenticate a request in WebApi but in this post I am going to talk about how to implement basic authentication in WebApi. The primary purpose of these authentication mechanism is to validate the incoming request.

In basic authentication user credentials are hooked-up inside request and you can find it under the authorization header. If you are using third party token base services like oAuth2 to validate the request then these services are also uses the same basic authentication mechanism to validate the user before sharing the token with them.

Lets get started

Step 1- Create an attribute class and inherits the members of AuthorizeAttribute attribute class. The reason of inheritance is to override the “IsAuthorized” method.
public class AuthorizeUser: AuthorizeAttribute
    {
protected override bool IsAuthorized(HttpActionContext actionContext)
        {
 }
     }
Step 2 – Override the IsAuthorized method
protected override bool IsAuthorized(HttpActionContext actionContext)
        {
            try
            {
                //Basic Aurthintiacation
                string authString = actionContext.Request.Headers.GetValues("Authorization").FirstOrDefault().Substring("Basic ".Length).Trim();
                Encoding encoding = Encoding.GetEncoding("iso-8859-1");
                string usernamePassword = encoding.GetString(Convert.FromBase64String(authString));
                int seperatorIndex = usernamePassword.IndexOf(':');

                string username = usernamePassword.Substring(0, seperatorIndex);
                string password = usernamePassword.Substring(seperatorIndex + 1);
              //Add the logic of user validation
            }
            catch(Exception ex)
            {
                return false;
            }
            return true;
        }
Step 3 – Now you need to use the attribute on the action methods or controller level like shown as below
    [AuthorizeUser]
    public class DatabaseController : BaseController
    {
        [HttpGet]
        [Route("user/{userCode}")]
        public IHttpActionResult GetUserName([FromUri]string userCode)
        {
 }
}
Step 4 – Now when you will try to call “GetUserName” method of “DatabaseController” api, it will first validate your request and then return the result. Also, your request should contain the authorization header otherwise it will not succeed. For demo purpose I use the Chrome “Rest Client” to test the api.
As you can see I have added the authorization header along with the request and when you click on the edit on the right side of header, it will pop-up the window to supply the username and password (see the second screen shot).


Comments

Post a Comment

Popular posts from this blog

SSIS Merge Join - Both inputs of the transformation must contain at least one sorted column, and those columns must have matching metadata SSIS

Image
SSIS Merge Join Issue ( Both inputs of the transformation must contain at least one sorted column, and those columns must have matching metadata SSIS )   I was working on one of my client requirement where I need to split the flat file data based on the conditions and then add join that data with reference data (again a flat file). I used the MergeJoin task to achieve this. Unfortunately I ended up with this error. I tried most of the options available on the internet but none of them worked for me because my mistake was silly I set a property of “Sort” task in one not the other. That’s why MergeJoin was throwing “ Both inputs of the transformation must contain at least one sorted column, and those columns must have matching metadata SSIS ” error.     Lets first discuss about the solution of my problem Root Cause – The main problem was related to the Sort task. I selected the “Comparison Flags” option in one Sort task but not in other task because of that M...
Read more

jsGrid

Image
I was working one a Asp.Net MVC application where I was using the Web Grid to display the data based on the selected search criteria. It was working great but client asked me to use the jsGrid instead of Web Grid as it has many ready to use features like (Edit, Delete, Search, etc..).  Initially, jsGrid gave me very hard time to display the data in it but after few hit and trial I manage to display the data. After spending couple of hours on jsGrid, I started liking it. In this article, I am going to explain how to use the jsGrid to display the data and some other tactics in very easy steps. I am building the application in ASP.NET MVC. Step 1. Content delivery network (CDN) of jsGrid and jQuery libraries are as below https://cdnjs.cloudflare.com/ajax/libs/jsgrid/1.5.3/jsgrid.min.css https://cdnjs.cloudflare.com/ajax/libs/jsgrid/1.5.3/jsgrid.css https://cdnjs.cloudflare.com/ajax/libs/jsgrid/1.5.3/jsgrid-theme.min.css https://code.jquery.com/jquery.min.js ...
Read more

Add Item to SharePoint List with attachment using client object model

Add Item to SharePoint List with attachment using client object model If your requirement is to add the item to a SharePoint list with attachment using the client object model, this post will help you in this. You can achieve this by following the below steps.   Step 1 – Define some constant variables those will hold the values of SharePoint web service, List Id, etc. private const string siteUrl = "http://appsuat.portal.intranet.aegonuk.com/sites/genapps/CashFlowsCashPositions" ;         private const string spWebServiceUrl = "http://appsuat.portal.intranet.aegonuk.com/sites/genapps/CashFlowsCashPositions/_vti_bin/Lists.asmx" ;         private const string updateSOAPAction = "http://schemas.microsoft.com/sharepoint/soap/UpdateListItems" ;         private const string addAttachSOAPAction = "http://schemas.microsoft.com/sharepoint/soap/AddAtta...
Read more