Console app uses HttpClient to send basic auth request to asp core app.
HttpClient client = ...
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(
"Basic",
Convert.ToBase64String(
encoding.GetBytes($"{user.UserName}:{user.Password}")));
var response = await client.SendAsync(request);
ASP Core app is configured as such (inline routing for simplicity):
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseAuthentication();
app.UseRouting(options =>
{
options.MapPost("/login", async (httpContext) =>
{
// get user creds
var authHeader = httpContext.Request.Headers["Authorization"].First().Substring("Basic ".Length).Trim();
...
// create claim and identity
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, user.UserName)
};
var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
// sign user in
await httpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity));
});
});
}
When the client receives the response, there's a header called Set-Cookie with a value of something like ".AspNetCore.Cookies=foooooobarrrrrr; path=/; secure; samesite=lax; httponly"
- What am I supposed to do now on the client to ensure my future requests (from this client) are auth'd as this particular user?
- What do I need to include on followup requests to pass authentication?
- Does the server have to authenticate every request from here on and tie it back to this particular user??
