Ask Your Question
0

What is the procedure for using SQL Server database for Basic Authentication in ASP.NET Core Web API without Entity Framework?

asked 2022-07-27 11:00:00 +0000

nofretete gravatar image

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
3

answered 2022-11-26 08:00:00 +0000

djk gravatar image

The procedure for using SQL Server database for Basic Authentication in ASP.NET Core Web API without Entity Framework involves the following steps:

  1. Create a new ASP.NET Core Web API project.
  2. Add the required NuGet packages: Microsoft.AspNetCore.Authentication.Basic and Microsoft.Extensions.Configuration.Json.
  3. In the appsettings.json, add a connection string for the SQL Server database.
  4. Create a new interface for the user repository with methods for authentication and authorization.
  5. Implement the user repository interface with SQL Server database connectivity code.
  6. In the Startup.cs, configure basic authentication using AddAuthentication() and AddBasic() methods, and set the User Repository as the authentication provider.
  7. Use the [Authorize] attribute in the controller or method to enforce authentication.

Here's sample code for the user repository interface:

public interface IUserRepository
{
    bool Authenticate(string username, string password);
    bool Authorize(string username, string role);
}

And here's sample code for its implementation:

public class UserRepository : IUserRepository
{
    private readonly string connectionString;

    public UserRepository(IConfiguration configuration)
    {
        connectionString = configuration.GetConnectionString("DefaultConnection");
    }

    public bool Authenticate(string username, string password)
    {
        using (SqlConnection connection = new SqlConnection(connectionString))
        {
            connection.Open();

            using (SqlCommand command = new SqlCommand("SELECT Password FROM Users WHERE Username=@Username", connection))
            {
                command.Parameters.AddWithValue("@Username", username);

                string dbPassword = (string)command.ExecuteScalar();

                if (dbPassword == null)
                    return false;

                return BCrypt.Net.BCrypt.Verify(password, dbPassword);
            }
        }
    }

    public bool Authorize(string username, string role)
    {
        using (SqlConnection connection = new SqlConnection(connectionString))
        {
            connection.Open();

            using (SqlCommand command = new SqlCommand("SELECT COUNT(*) FROM Users WHERE Username=@Username AND Role=@Role", connection))
            {
                command.Parameters.AddWithValue("@Username", username);
                command.Parameters.AddWithValue("@Role", role);

                int count = (int)command.ExecuteScalar();

                return count > 0;
            }
        }
    }
}

In the Startup.cs, configure basic authentication as follows:

public void ConfigureServices(IServiceCollection services)
{
    ...

    services.AddAuthentication("BasicAuthentication")
        .AddBasic(options =>
        {
            options.Realm = "My API";
            options.Events = new BasicAuthenticationEvents
            {
                OnValidateCredentials = context =>
                {
                    var userRepository = context.HttpContext.RequestServices.GetService<IUserRepository>();

                    if (userRepository.Authenticate(context.UserName, context.Password))
                    {
                        List<Claim> claims = new List<Claim>
                        {
                            new Claim(ClaimTypes.Name, context.UserName),
                            new Claim(ClaimTypes.Role, "Admin")
                        };

                        context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, "Basic"));
                        context.Success();
                    }
                    else
                    {
                        context.Fail("Invalid credentials.");
                    }

                    return Task.CompletedTask;
                }
            };
        });

    services.AddScoped<IUserRepository, UserRepository>();

    ...
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    ...

    app.UseRouting();

    app.UseAuthentication();
    app.UseAuthorization();

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllers().RequireAuthorization();
    });

    ...
}

Finally, enforce authorization using the [Authorize] attribute in the controller or method as follows:

[ApiController]
[Route("[controller]")]
public class TestController : ControllerBase
{
    [HttpGet]
    [Authorize(Roles = "Admin")]
    public IActionResult Get()
    {
        return Ok("Authorized.");
    }
}
edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss

Add Answer


Question Tools

subscribe to rss feed

Stats

Asked: 2022-07-27 11:00:00 +0000

Seen: 9 times

Last updated: Nov 26 '22

Related questions

What does "waiting for handler commit" mean in relation to the slow writes experienced in MySQL 8?

How is the Node.js Digital Ocean MySQL database related?

What is the process of integrating a Python task queue in a Flask application?

What is the best method to manage various users who interact with each other in Laravel migration MySQL?

What is the difference between indexing in Elasticsearch and MongoDB?

What are the ways to improve the performance of a Python code that inserts huge amounts of data into a database and sends it to an AWS SQS queue?

What distinguishes HBase from Hadoop and HDFS?

How can I address the System.Data.Entity.Infrastructure.CommitFailedException in C# Multithreading while using SQL Server 2012?

What is the process of transforming a dictionary presented as a string into a structured dataframe in Scala?

What is the process of iterating through scala dataframe rows and saving the column name into variables that can be utilized for some operations in a for loop?

Copyright QStack.ai, 2010-2023. Content on this site is licensed under the Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service | contact