C# WebAPI Basic Authentication

Date: 2019-03-25
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using System;
using System.Linq;
using System.Text;

namespace WebApi.Attributes
{
    /// <summary>
    /// Handles basic authentication on a Controller class/method
    /// </summary>
    public class BasicAuthenticationAttribute : ActionFilterAttribute
    {
        public void ReturnAuthorize(ActionExecutingContext context)
        {
            context.HttpContext.Response.Headers.Add("WWW-Authenticate", "");
            context.Result = new UnauthorizedResult();
        }

        public override void OnActionExecuting(ActionExecutingContext context)
        {
            var request = context?.HttpContext?.Request;
            if (request == null || !request.Headers.TryGetValue("Authorization", out var values))
            {
                ReturnAuthorize(context);
                return;                
            }
            var authHeaderParts = (values.FirstOrDefault() ?? "").Split(' ');
            if (authHeaderParts.Length != 2)
            {
                ReturnAuthorize(context);
                return;                
            }
            var authType = authHeaderParts[0];
            if (!"Basic".Equals(authType, StringComparison.OrdinalIgnoreCase))
            {
                ReturnAuthorize(context);
                return;    
            }

            var authValues = Encoding.UTF8.GetString(Convert.FromBase64String(authHeaderParts[1])).Split(':');
            if (authValues.Length != 2)
            {
                ReturnAuthorize(context);
                return;                
            }

            var username = authValues[0] ?? "";
            var password = authValues[1] ?? "";

            if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
            {
                ReturnAuthorize(context);
                return;                
            }

            Console.WriteLine($"User: {username} logged in");

            base.OnActionExecuting(context);
        }
    }
}
20420cookie-checkC# WebAPI Basic Authentication