https://www.nuget.org/packages/BCrypt-Official/
Install-Package BCrypt-Official -Version 0.1.109
using BCrypt.Net;
ViewBag.Title = "Home Page";
string pwdToHash = "pass" + "^Y8~JJ"; // ^Y8~JJ is my hard-coded salt
string hashToStoreInDatabase = BCrypt.Net.BCrypt.HashPassword(pwdToHash, BCrypt.Net.BCrypt.GenerateSalt());
//string e1= BCrypt.Net.BCrypt.HashPassword("pass" + "^Y8~JJ", hashToStoreInDatabase);
bool e= BCrypt.Net.BCrypt.Verify("pass" + "^Y8~JJ", hashToStoreInDatabase);
http://csharp-video-tutorials.blogspot.com/2016/10/implementing-basic-authentication-in.html
Create a class that checks if the username and password are valid
1. Add a new class file to EmployeeService Web API project. Name it EmployeeSecurity.cs
2. Copy and paste the following code in it
Create basic authentication filter
1. Add a new class file to EmployeeService Web API project. Name it BasicAuthenticationAttribute.cs
2. Copy and paste the following code in it
Enable basic authentication
1. The BasicAuthenticationAttribute can be applied on a specific controller, specific action, or globally on all Web API controllers.
2. To enable basic authentication across the entire Web API application, register BasicAuthenticationAttribute as a filter using the Register() method in WebApiConfig class
3. You can also apply the attribute on a specific controller, to enable basic authentication for all the methods in that controller
4. In our case let's just enable basic authentication for Get() method in EmployeesController. Also modify the implementation of the Get() method as shown below.
Testing basic authentication using fiddler
1. The username and password need to be colon (:) separated and base64 encoded.
2. Just google with the string - base64 encode. The first web site that you get is https://www.base64encode.org/
3. Enter the username and password separated by colon (:) in "Encode to Base64 format" textbox, and then click "Encode" button
Install-Package BCrypt-Official -Version 0.1.109
using BCrypt.Net;
ViewBag.Title = "Home Page";
string pwdToHash = "pass" + "^Y8~JJ"; // ^Y8~JJ is my hard-coded salt
string hashToStoreInDatabase = BCrypt.Net.BCrypt.HashPassword(pwdToHash, BCrypt.Net.BCrypt.GenerateSalt());
//string e1= BCrypt.Net.BCrypt.HashPassword("pass" + "^Y8~JJ", hashToStoreInDatabase);
bool e= BCrypt.Net.BCrypt.Verify("pass" + "^Y8~JJ", hashToStoreInDatabase);
http://csharp-video-tutorials.blogspot.com/2016/10/implementing-basic-authentication-in.html
Create a class that checks if the username and password are valid
1. Add a new class file to EmployeeService Web API project. Name it EmployeeSecurity.cs
2. Copy and paste the following code in it
using EmployeeDataAccess;
using System;
using System.Linq;
namespace EmployeeService
{
public class EmployeeSecurity
{
public static bool Login(string username, string password)
{
using (EmployeeDBEntities entities = new EmployeeDBEntities())
{
return entities.Users.Any(user =>
user.Username.Equals(username, StringComparison.OrdinalIgnoreCase)
&& user.Password == password);
}
}
}
}
Create basic authentication filter
1. Add a new class file to EmployeeService Web API project. Name it BasicAuthenticationAttribute.cs
2. Copy and paste the following code in it
using System;
using System.Net;
using System.Net.Http;
using System.Security.Principal;
using System.Text;
using System.Threading;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
namespace EmployeeService
{
public class BasicAuthenticationAttribute : AuthorizationFilterAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request
.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
string authenticationToken = actionContext.Request.Headers
.Authorization.Parameter;
string decodedAuthenticationToken = Encoding.UTF8.GetString(
Convert.FromBase64String(authenticationToken));
string[] usernamePasswordArray = decodedAuthenticationToken.Split(':');
string username = usernamePasswordArray[0];
string password = usernamePasswordArray[1];
if (EmployeeSecurity.Login(username, password))
{
Thread.CurrentPrincipal = new GenericPrincipal(
new GenericIdentity(username), null);
}
else
{
actionContext.Response = actionContext.Request
.CreateResponse(HttpStatusCode.Unauthorized);
}
}
}
}
}
Enable basic authentication
1. The BasicAuthenticationAttribute can be applied on a specific controller, specific action, or globally on all Web API controllers.
2. To enable basic authentication across the entire Web API application, register BasicAuthenticationAttribute as a filter using the Register() method in WebApiConfig class
config.Filters.Add(new RequireHttpsAttribute());
3. You can also apply the attribute on a specific controller, to enable basic authentication for all the methods in that controller
4. In our case let's just enable basic authentication for Get() method in EmployeesController. Also modify the implementation of the Get() method as shown below.
[BasicAuthentication]
public HttpResponseMessage Get(string gender = "All")
{
string username = Thread.CurrentPrincipal.Identity.Name;
using (EmployeeDBEntities entities = new EmployeeDBEntities())
{
switch (username.ToLower())
{
case "male":
return Request.CreateResponse(HttpStatusCode.OK,
entities.Employees.Where(e => e.Gender.ToLower() == "male").ToList());
case "female":
return Request.CreateResponse(HttpStatusCode.OK,
entities.Employees.Where(e => e.Gender.ToLower() == "female").ToList());
default:
return Request.CreateResponse(HttpStatusCode.BadRequest);
}
}
}
Testing basic authentication using fiddler
1. The username and password need to be colon (:) separated and base64 encoded.
2. Just google with the string - base64 encode. The first web site that you get is https://www.base64encode.org/
3. Enter the username and password separated by colon (:) in "Encode to Base64 format" textbox, and then click "Encode" button
No comments:
Post a Comment