0

I am trying to add basic authorization to .NET Core Web API. For this purpose, I added this class

  namespace BasicAuthentication
  public class BasicAuthenticationAttribute : AuthorizationFilterAttribute
        {
            public override void OnAuthorization(HttpActionContext actionContext) {
                base.OnAuthorization(actionContext);
                if (actionContext.Request.Headers.Authorization != null)
                {
                    var authToken = actionContext.Request.Headers
                        .Authorization.Parameter;
                    var decodeauthToken = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(authToken));
                    var arrUserNameandPassword = decodeauthToken.Split(':');
                    if (IsAuthorizedUser(arrUserNameandPassword[0], arrUserNameandPassword[1]))
                    {
                        Thread.CurrentPrincipal = new GenericPrincipal(
                         new GenericIdentity(arrUserNameandPassword[0]), null);
                    }
                    else
                    {
                        actionContext.Response = actionContext.Request
                        .CreateResponse(HttpStatusCode.Unauthorized);
                    }
                }
                else
                {
                    actionContext.Response = actionContext.Request
                     .CreateResponse(HttpStatusCode.Unauthorized);
                }
            }
    
            public static bool IsAuthorizedUser(string Username, string Password)
            {
                
                return Username == "test" && Password == "test123";
            }
        }

Then, I added annotation to a controller method:

    [BasicAuthentication]
    [HttpGet]
    public IEnumerable<Visit> Get()
    {
        var visit = tourActivityExpenseContext.Visits
                        .Include(e => e.ExpenseDetails)
                        .ToList();
        return visit;
    }

But, I can still consume the API via postman without the authorization credentials. Am I missing something here?

BlackCat
  • 1,932
  • 3
  • 19
  • 47
  • Did you add the filter in your `Startup.cs` file? Here's a similar answer:https://stackoverflow.com/a/44127671 – Tiny Wang Jul 04 '22 at 02:18
  • And [this question](https://stackoverflow.com/questions/31464359/how-do-you-create-a-custom-authorizeattribute-in-asp-net-core/41348219#41348219) may also help? – Tiny Wang Jul 04 '22 at 02:29

0 Answers0