Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Z
Z
zop2016-12-13 19:20:43
ASP.NET
zop, 2016-12-13 19:20:43

Web Api Basic Auth: How to save login and password?

Hello. I continue to make web api. Fastened basic authentication, as described here (through filters).
I use like this:

[IdentityBasicAuthentication]
[Authorize(Roles = "Admin, Client")]
public class MyController : MyApiControllerBase
{
    public async Task<IHttpActionResult> SomeMethod()
    {
        var someManager = new SDK.SomeManager(UserName, Password);
        var result = List<Model>();

        if (User.IsInRole("Client"))
        {
            result = await someManager.ClientMethod();
        }

        if (User.IsInRole("Admin"))
        {
           result = await someManager.AdminMethod();
        }

        return Ok(result);
    }
}

And the basic ApiControllerBase itself:
public class ApiControllerBase : ApiController
{
    protected internal string UserName { get; private set; }
    protected internal string Password { get; private set; }

    public ApiControllerBase()
    {
        SetUserNameAndPassword();
    }

    #region Authorization

    [NonAction]
    private void SetUserNameAndPassword()
    {
        var authHeader = HttpContext.Current.Request.Headers["Authorization"];

        var identity = (ClaimsIdentity)User.Identity;
        IEnumerable<Claim> claims = identity.Claims;

        if (string.IsNullOrEmpty(authHeader) || !authHeader.StartsWith("Basic"))
        {
            Unauthorized();
            return;
        }

        var encodedUsernamePassword = authHeader.Substring("Basic ".Length).Trim();
        var userNameAndPasword = BasicAuthenticationAttribute.ExtractUserNameAndPassword(encodedUsernamePassword);

        if (userNameAndPasword == null)
        {
            Unauthorized();
            return;
        }

        UserName = userNameAndPasword.Item1;
        Password = userNameAndPasword.Item2;

        Ok();
    }

    #endregion
}

Those. I always have login and password from header.
Two things are confusing:
  1. The method from the MyApiControllerBase constructor is called before the authorization filter. I would like to save the login-password in the filter, but where?
  2. How to replace if UserInRole? strategy?

Thank you for your help!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
R
Rou1997, 2016-12-13
@Rou1997

No way, they should be saved in the browser, not on the server.

Report
R
Roman, 2016-12-14
@yarosroman

I recommend to fasten token authorization, there is an example in the standard template, you can save roles in the token and save everything.

Similar questions
M
maelstorm_wf2018-10-17 05:25:32
What books on IIS 8.5 or higher are better to read in Russian? 0Reply
B
Bogdan2018-10-17 19:34:16
How to display the Index() action from another project in a solution? 0Reply
M
Maria Popova2016-05-23 00:48:27
How to create\work with ProgresBar? 1Reply
S
Saharman2018-10-24 14:41:25
How to get json data in controller? 2Reply
G
Gric_Art2014-04-05 16:16:33
Information parsing. Problem 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question