.NET Core Middleware: How to access request credentials?

Question

For testing, I am sending the request with credentials using

WebRequest request = WebRequest.Create("url");
request.Credentials = new NetworkCredential("user", "pass");
HttpWebResponse response = (HttpWebResponse)request.GetResponse();

Then catch these on the other app using .NET Core's Middleware

public async Task Invoke(HttpContext context)

Accessing the request in context.Request is successful but what I am still looking is where does the credentials be found inside context?

Or there are other way around?

score 1 · Answer 1 · answered Dec 12 '18 at 02:32

You should do something similar to what is described here. The credentials are encoded in the Authorization header.

bool isAuthenticated;
var base64Header = Request.Headers["Authorization"];
//The header is a string in the form of "Basic [base64 encoded username:password]"
if (base64Header != null)
{
    var authHeader = AuthenticationHeaderValue.Parse(base64Header);
    if (authHeader != null
        && authHeader.Scheme.Equals("basic", StringComparison.OrdinalIgnoreCase)
        && authHeader.Parameter != null)
    {
        //Decode the username:password pair
        var credentialPair = Encoding.ASCII.GetString(Convert.FromBase64string(authHeader.Parameter));

        //Split into pieces
        var credentials = credentialPair.Split(new [] {":"}, StringSplitOptions.None);
        var userName = credentials[0];
        var plainTextPassword = credentials[1];
        isAuthenticated = SomeAuthenticator.Authenticate(userName, password);
    }
}
if (isAuthenticated)
   return Foo();
else
   RedirectResult("your login view");

It is the same approach that I did. :) – Ryan Dec 12 '18 at 02:57 — Ryan, Dec 12 '18 at 02:57

.NET Core Middleware: How to access request credentials?

1 Answers1